#!/usr/bin/perl -w use strict; use LWP::UserAgent; use Getopt::Long; use vars qw( $PROG ); ( $PROG = $0 ) =~ s/^.*[\/\\]//; # Truncate calling path from the prog name my $AUTH = 'Joshua D. Abraham'; # author my $EMAIL = 'jabra@spl0it.org'; # email my $VERSION = '1.0'; # version my $domain; my %options; my $ssl = 0; my @dirs; my $check_ext = 0; my $ext = 'html'; my $ua = LWP::UserAgent->new; $ua->timeout(10); $ua->env_proxy; $ua->agent('Mozilla/5.0'); # # help: -> # display help information # side effect: exits program # sub help { print "Usage: $PROG [Options] -d --domain [str] Domain to attack -f --file [file-list] List of directories to test -s --ssl Use SSL -c --check Check Extension -e --ext [str] Extension to check [defualt html] -a --agent [str] Custom UserAgent [default Mozilla/5.0] -t --timeout [num] Timeout [default 10] -b --base Base Header Info -p --proxy [str] Using proxy -v --version Display version -h --help Display this information Send Comments to $AUTH ( $EMAIL )\n"; exit; } # # print_version: # displays version # sub print_version { print "$PROG version $VERSION by $AUTH ( $EMAIL )\n"; exit; } GetOptions( \%options, 'domain|d=s', 'file|f=s','ssl|s','check|c','ext|e=s','agent|a=s','timeout|t=s','base|b', 'proxy|p=s', 'help|h' => sub { help(); }, 'version|v' => sub { print_version(); }, ) or exit 1; if ( $options{agent} ) { my $agent = $options{agent}; $ua->agent($agent); } if ( $options{proxy} ) { my $proxy = $options{proxy}; $ua->proxy(['http', 'https'], "$proxy"); } if ( $options{timeout} ) { my $timeout = $options{timeout}; $ua->timeout($timeout); } if ( $options{ext} ) { $ext = $options{ext}; } if ( $options{ssl} ) { $ssl = 1; } if ( $options{domain} ) { $domain = $options{domain}; $domain =~ s/\/$//; } else { help(); } if ( $options{file} ) { if ( -r $options{file} ) { my $file = $options{file}; open(IN,"$file") or die "can't open file $file\n"; @dirs=; chomp(@dirs); close(IN); } } else { help(); } my $scheme = 'http'; if ( $ssl == 1 ) { $scheme =~ s/http/https/g; } my %errors; foreach my $dir (@dirs){ chomp($dir); $dir =~ s/\r//g; next if ($dir =~ /^#/ or $dir =~ /^\s+$/); my $url = join('', $scheme, '://', $domain, '/', $dir); if ( $options{check} ) { $url = join('', $url, '.', $ext); } my $response = $ua->get($url); my $code = $errors{$response->code()} ; if ($response->code() != 404) { push(@$code, $url); } $errors{$response->code()} = $code; } print "Domain: $domain\n"; if ( $options{base} ) { print "Base Header: \n"; my $hurl = join('', $scheme, '://', $domain, '/'); my $hresponse = $ua->get($hurl); print $hresponse->headers_as_string; print "\n"; # separate headers and content } foreach my $key (sort keys %errors) { if ($key != 404) { my $list = $errors{$key}; print "$key Responses\n"; print "Total: " . scalar(@$list) . "\n"; print "---------------------------\n"; foreach(@$list){ print "$_\n"; } print "\n"; } }