Description
The Simple LAN Scanner is a very simple LAN scanner written in Python. It scans the local network and tries to give you the MAC and IP addresses of the discovered running systems. Furthermore it creates a small log file at the end of the scan.

Usage
sudo ./simple_lan_scan.py –network=<your network>

Usage example
sudo ./simple_lan_scan.py –network=192.168.1.0/24

Installation
Make sure you install the package python-scapy before you run the Simple LAN Scanner.

Feature list
- Tries to give you the MACs and IPs of discovered running systems.
- Creates a small log file.

Some notes
- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Power to teh c0ws!

Description
The Simple Local File Inclusion Vulnerability Scanner helps you to find LFI vulnerabilities.

Usage
./lfi_scanner.py –url=

Usage example
./lfi_scanner.py –url=”http://www.example.com/page.php?file=main”

Usage notes
- Always use http://….
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries to catch most errors with error handling.
- Contains a LFI vulnerability scanner.
- Finds out how a possible LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Supports common *nix targets, but no Windows systems.

Known issues
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones.
- Like most other LFI scanners, this tool here also has trouble with handling certain server responses.

Some notes
- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Do not use this tool in an illegal way. Know and respect your local laws.
- Only use this tool for legal purposes, such as pentesting your own website
- I am not responsible if you cause any damage or break the law.
- Power to teh c0ws!

Screenshot

Simple Local File Inclusion Vulnerability Scanner screenshot

Just visit the “My Tools” section for the download link.

Description
The Simple Local File Inclusion Exploiter helps you to exploit LFI vulnerabilities. After you found one, simply pass the URL of the affected website and the vulnerable parameter to this tool. You can also use this tool to scan a parameter of an ULR for a LFI vulnerability.

Usage
./lfi_sploiter.py –exploit-url= –vulnerable-parameter=

Usage example
./lfi_sploiter.py –exploit-url=http://www.example.com/page.php?file=main –vulnerable-parameter=file

Usage notes
- Always use http://….
- When you pass a vulnerable parameter, this tool assumes that it is really vulnerable.
- If you do not know if a parameter is vulnerable, simply pass it to this script and let the scanner have a look.
- Only use one vulnerable parameter at once.
- This tool does not work with SEO URLs, such as http://www.example.com/news-about-the-internet/.
- If you only have a SEO URL, try to find out the real URL which contents parameters.

Feature list
- Provides a random user agent for the connection.
- Checks if a connection to the target can be established.
- Tries catch most errors with error handling.
- Contains a LFI scanner (only scans one parameter at once).
- Finds out how a LFI vulnerability can be exploited (e.g. directory depth).
- Supports nullbytes!
- Exploit features: Dumps a list of interesting files to your hard disk.
- Supports common *nix targets, but no Windows systems.

Known issues
- I know there is more about LFI than it is covered in this tool. But this is the first release,
and more features will be implemented in future versions.
- This tool is only able to handle “simple” LFI vulnerabilities, but not complex ones. For example: Some LFI vulnerabilities consist of two URL parameters or require to find a way around filters. In those cases, this tool unfortunately does not work.
- Like most other LFI exploiter / scanner, this tool here also has problems with handling certain server responses. So this tool does not work with every website.

Some notes
- Tested with Python 2.6.5.
- Modify, distribute, share and copy the code in any way you like!
- Please note that this tool was created for educational purposes only.
- Do not use this tool in an illegal way. Know and respect your local laws.
- Only use this tool for legal purposes, such as pentesting your own website
- I am not responsible if you cause any damage or break the law.
- Power to teh c0ws!

Screenshot

Simple Local File Inclusion Exploiter screenshot

Description
The Specialist Bed and Breakfast Website SQL Injection Exploit takes advantage of a SQL injection vulnerability JaMbA discovered on 30th June 2010. The exploit source code also contains the table structure of the vulnerable product.

About the vulnerability
Learn more about the vulnerability here.

Features
- Check if provided URL is reachable
- Error handling for HTTP requests
- Display current database, MySQL user and the MySQL version
- Display the admin login data
- Easy to use (everything is simple and automated)
- User agent for HTTP requests

Additional information
Written in Python (less than 400 lines).

Usage example
python bed_and_breakfast_sploit.py – u “http://target/site/pages.php?fid=0,1,472&pp_id=84″

Disclaimer
Only use this tool to check websites you are allowed to test (e.g. for penetration testing). Never use this tool on foreign websites! Know and respect your local laws! I am not responsible if you cause any damage or run into trouble. This tool was written for educational purposes only.

It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz “exploit url”. The exploit url will be provided by the scanner (when a vulnerability was found).

Description
The Simple Log File Analyzer helps you to detect possible hack attempts within the log files of your webserver.

Features
- Error handling
- Scan a log file for four different attack types
- Display a short scan report
- Write scan results to a new log file
- Easy to use (everything is simple and automated)

Additional information
Written in Python (less than 400 lines).

Usage example
scan_log.py -file vhost_access.log

Disclaimer
I am not responsible if this script or you cause any damage# to your system. The memory consumption can become quite large and the generated reports very huge. So be sure you know what you are doing. I highly recommend you download your log files on a separate machine and analyze these files there.

Known issue
XSS attempt discovery feature can be a little bit buggy.

Screenshot

Simple Log File Analyzer

Description
The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work.

Features
- Scan a single URL
- Detect SQL injection vulnerabilities
- User agent for web requests
- User friendly (easy to use, everything is automated)
- Error handling for http requests
- Display a short scan report
- Check if the provided URL is reachable

Additional information
Written in Python (less than 400 lines).

Usage
python sqli_scanner.py -u “http://target/index.php?var1=x&var2=y″

Disclaimer
This tool was written for educational and penetration testing purposes. Only check websites you are allowed to test, e.g. your own or one of your customers/friends. I am not responsible for any damage you or my script could cause. Please know and respect your local laws.

Known issue
Sometimes the target webserver throws back specific errors (403, 500 etc.). The Simple SQL Injection Vulnerability Scanner then fails to find SQL injection vulnerabilities.

Screenshot

Simple SQL Injection Vulnerability Scanner - sample output

Please click here to download the Python sploit.

Usage example:
python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34″

Features:
- Check if the provided URL is reachable
- Display current database, MySQL user and the MySQL version
- Display the password hash of the Joomla administrator

Screenshot:

Additional information
Only attack targets you are allowed to attack (e.g. your own website or a customer’s website for penetration testing). I am not responsible if you cause any damage or do bad things! Know and respect your local laws!

I wrote this tool because I did not want to write a new exploit every time when a new Joomla (component/module/plugin) SQL injection vulnerability was discovered/revealed. Simply hand over a vulnerable Joomla URL to the tool and receive all Joomla users (with password hashes).

Description
The Automated Joomla SQL Injection Exploiter exploits almost every SQL injection vulnerability which was and will be discovered in Joomla or it’s components/modules/plugins. From now on you don’t need an exploit for every new SQL injection vulnerability! Just hand over the vulnerable URL to the tool and receive a list of Joomla users. The Automated Joomla SQL Injection Exploiter is based on my column fuzzer.

Features
- Check if URL is reachable
- Fuzz amount of columns (needed for UNION SELECT attack)
- Show a sample exploitation URL for pasting into the browser
- Showing the Joomla users from the table jos_users (with password hashes)
- Display current database, database user and database version

Additional information
Written in Python (less than 300 lines).

Screenshots

Usage
root@localhost: python joomla_sqli_sploiter.py -u “http://target/index.php?option=com_vulnerable?id=1″

Disclaimer
Tool was written for educational purposes only. I am not responsible for any damage you might cause using this tool. Know and respect your local laws! Only use this tool on websites you are allowed to test, e.g. for penetration testing.

Sample Output (bad formatted, sorry about that)
<root@localhost: python joomla_sqli_sploiter.py -u “http://target/index.php?com_option=blubb&id=1″
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Automated Joomla SQL Injection Exploiter 1.0 (23th May 2010)
by Valentin Hoebel (valentin@xenuser.org)
For educational purposes only! I am not responsible if you cause any damage!
Only use this tool on websites which you may test, e.g. for penetration testing.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~,(^_^),~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>> Checking if connection can be established…
>> Connected to target! URL seems to be valid.
>> Assuming that your provided URL is vulnerable.
>> Trying to find the correct number of columns… (this may take a while)
>> Correct number of columns found!
>> Amount:  21
>> Do you want to have a sample exploitation URL for pasting into the browser? (Yes/No) no
>> Viewing a sample exploitation URL was skipped!
>> Now assuming that this is a Joomla installation.
>> Trying to fetch the first user of the Joomla user table…
ID:  ['62']
Name:  ['Administrator'] Username:  ['admin']
Password Hash:  ['censored']
E-Mail Address:  ['valentin@xenuser.org'] User status:  ['Super Administrator']
>> Do you want to display all Joomla users? Replying with Yes will show you the source code response of the website. (Yes/No) no
>> Viewing the Joomla user table output was skipped!
>> Do you want to display the current database, database user and MySQL version? (Yes/No) yes
MySQL Database User:  ['root@localhost']
MySQL Database:  ['joomla']
MySQL Version:  ['5.1.34-0.dotdeb.1-log']
That’s it. Bye!