Home » Posts filed under PHP

Hostscan - PHP tool for scanning specific range of hosts

in , , , - on 1:30 PM - No comments
Hostscan-PHP-tool-for-scanning-specific-range-of-hosts
Hostscan is a php tool which allows you to scan specific range of hosts, mostly for information gathering and testing for weak passwords. I guess it's a pentest tool, i'd created it to automate some tests that i often do. Since it's PHP, it works quite slowly compared to client-side soft.

How it works?

  • You need to provide range of ip's (e.g. 127.0.0.1 - 127.0.0.10); program will perform operations on each address separately, basing on selected options, then it will print out the response.
  • By default, program will only check open ports, print http response headers, test for HTTP methods and check FTP for anonymous login.
  • If 'SSH/IMAP/DB's' are checked, program will try to bruteforce SSH,IMAP,MySQL,PostgreSQL & MsSQL using array of passwords and users defined on the beggining of script. Notice, that it will try to login as user with grand permissions (e.g. root, postgres), although you're able to edit it.
  • If 'FTP User' is set, program will also try to bruteforce FTP with specific user using mentioned passwords array. By default it's not, and it will only test for anonymous login.
  • If 'Deep Scan' is set, program will perform all aforementioned operations. Further, it will use nmap with specific parameters you're able to edit, also, the traceroute scan will be performed and displayed - just like nmap. Deep Scan also gather some useful informations about a website (if it's running), such as interesting files/folders and www title.
  • ?url=website.com for quick IP address of specific website....so - what it does it do? Nmap, traceroute, port scan, ftp anonymous login, ftp/ssh/imap/mysql/pgsql/mssql bruteforce, http (website) info gathering, Crawler accepts as a parameter array of files and folders that you can manually edit, just like others options.

Download Hostscan

Read more
Labels: , , ,

[Weevely v1.1] Stealth tiny PHP web shell

in , , , , , , , , - on 5:12 PM - No comments

Weevely is a stealth PHP web shell that provides a telnet-like console. It is an essential tool for web application post exploitation, and can be used as stealth backdoor or as a web shell to manage legit web accounts, even free hosted ones.

Weevely is currently included in Backtrack and Backbox and all the major Linux distributions oriented for penetration testing.

Start with a quick Tutorial, read about Modules and Generators.
  • More than 30 modules to automate administration and post exploitation tasks
    • Execute commands and browse remote filesystem, even with PHP security restriction
    • Audit common server misconfigurations
    • Run SQL console pivoting on target machine
    • Proxy your HTTP traffic through target
    • Mount target filesystem to local mount point
    • Simple file transfer from and to target
    • Spawn reverse and direct TCP shells
    • Bruteforce SQL accounts through target system
    • Run port scans from target machine
    • And so on..
  • Backdoor communications are hidden in HTTP Cookies
  • Communications are obfuscated to bypass NIDS signature detection
  • Backdoor polymorphic PHP code is obfuscated to avoid HIDS AV detection

Read more
Labels: , , , , , , , ,