Monday, March 13, 2017

FuckShitUp Multi Vulnerabilities Scanner written in PHP

FuckShitUp Multi Vulnerabilities Scanner written in PHP



Basically, FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab urls using search engines - and so, dork for interesting files and full path disclosures. Using list of urls, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files - just like urls, and any other files. FSU is based on PHP and text files, its still under construction so i am aware of any potential bugs. Principle of operation is simple.
More urls -> more vulns. For educational purposes only.

Intro

  • Data grabbing:
    • URLs (geturl/massurl) -> (scan)
    • Configs, Databases, SQLis (dork)
    • Full Path Disclosures / Users (fpds) -> (brutefpds)
    • Top websites info (top)
  • Massive scanning
    • XSS, SQLi, LFI, RFI (scan)
    • FTP, SSH, DBs, IMAP (multibruter)
    • Accurate SSH bruteforce (brutefpds)

Plan

  • Web Apps
    • Grab urls via geturl or massurl (massurl requires list of tags as file)
    • Scan urls parameters for vulns with scan
  • Servers
    • Pick target, get ip range
    • Scan for services on each IP and bruteforce with multibruter
    • Grab full path disclosures, and so linux usernames
    • Perform SSH bruteforce for specific user with brutefpds
  • Info grabbing
    • Use dork for automatic dorking
    • Use fpds for full path disclosure grabbing
    • Use search for searching someone in ur databases
    • Use top for scanning all top websites of specific nation
  • Others
    • Stat shows actual statistics and informations
    • Show display specific file
    • Clear and filter - remove duplicates, remove blacklisted urls

Others

MultiBrtuer requirements (php5):
  • php5-mysql - for mysql connections
  • php5-pgsql - for postgresql connections
  • libssh2-php - for ssh connections
  • php5-sybase - for mssql connections
  • php5-imap - for imap connections
TODO:
  • Fix problems with grabbing large amount of urls
  • More search engines
  • SQL Injector
  • RFI shell uploader
  • FSU is not secure as it should be

Download FuckShitUp

Go to link download

Posted by at
Labels: , , , , , ,