| Mobile| RSS

(LFI/RFI/SQLI/XSS) by Reiluke

martes, 7 de abril de 2009 | Tags: | 0 Comentarios


1. Added “Get from all domains”, included in the app is domain.txt w/c contains common domains, if you want to search for all domains just check this and click scan sites, it will give a lot more results than before, included also is domain2.txt if you want to use all domains, just rename to domain.txt

2. SQLi extensive - will add more parameter comma, parenthesis, double qoute, qoute, to generate errors, it will make scanning longer

3. SQLi cond - its page comparison, program will get results from “and 1=0? and “and 1=1? compares them if there are changes, also for strings “‘ and 1=0/*” and “‘ and 1=1/*”, its not accurate 50/50 because of sites with ad’s w/c changes html source everytime you visit the page

4. XSS checking - now this is 98% accurate, its a wrapper of internet explorer, eliminating false positives, its slow so i recommend you set a timeout in ie http://www.google.com/search?q=timeout+ ... =firefox-a <– some guides, if you dont it sometimes stops at the middle (default timeout in ie is 10min lol), also disable IE images at advanced options, this will make checking faster.

5. LFI scan - added sa simple lfi scan, its error based, if it detects an file inclusion error, its added to the list, it appends “/etc/passwd? at the end, its not the correct path but a sample, you can use lfi fuzzer to check directories (im planning making one as perl avaiable fuzzer dont ~censored~ work)

6. RFI scan - will included a simple textfile and check contents, RFI is very few right now but with good dork you will find em, its 98% accurate, 2% is false positives…the file is included but not parsed

to do: multiple dork scan


fixed a multhreading issue, now it will test faster with specified threads
added different google countries to search for
added additional parameter to force errors

i got tired of filtering sites so i made one :lol:
its error based, the probability of sql injection is good but may give false positives, still working on other methods to detect (eg 1=0/1=1 + union + etc..)
support mysql,sqlserver,mcaccess,cfm..
it uses blackle so you can get 5000 test sites, after that use a proxy

Download mu:


Download maxishare:


0 Respondiendo

Publicar un comentario

Ciber Protesta

Blog Archive


Blogumulus by Roy Tanck and Amanda Fazani