..I will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the..
Mister LG can create upload forms and test targets on file upload vulnerabilities
<?php
/* Control center maintenance scan
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
if(!defined('IN_SCRIPT')){
exit;
}
// check if the user allow time based maintenance scans
if($_CONTEXT['allow_maintenance_scan']){
$_CONTEXT['scannow'] = false;
if(!isset($_CONTEXT['useraccessdata']['last_scan'])){
$_CONTEXT['errors'][] = "Expecting variable last_scan to be \$_CONTEXT['useraccessdata']['last_scan'] to be loaded.";
$_CONTEXT['fatal'] = true;
include_once($_PATHS['end']);
}
else{
if($_CONTEXT['useraccessdata']['last_scan']==0 || (time()-$_CONTEXT['useraccessdata']['last_scan']>$_CONTEXT['nextscanseconds'])){
$_CONTEXT['scannow'] = true;
}
}
if(!isset($sCode)){
$sCode = "";
}
if($_CONTEXT['scannow']){
// labels for html headers
$_CONTEXT['scanlabel'] = array();
// results for scan
$_CONTEXT['scandata'] = array();
// determines whether to load the index or the results of this scan
$_CONTEXT['scanresults'] = false;
$sDest = $_PATHS['data_root']."/scan_types.php";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sDest));
if(isset($_CONTEXT['scantypes'])){
for($ii=0;$ii<count($_CONTEXT['scantypes']);$ii++){
if($_CONTEXT[$_CONTEXT['scantypes'][$ii]['enable_var']]){
include_once($_PATHS['includes_root']."/".ExploitFilter($_CONTEXT['scantypes'][$ii]['file'],0,1));
}
}
}
// output scan results
foreach($_CONTEXT['scandata'] as $sKey=>$sValue){
if($sValue!=""){
$_CONTEXT['scanresults'] = true;
$sCode .= " <div class=\"emboss borderr5 border1pxtrans pad5 edgeglow overflw\">\n";
$sCode .= " <div class=\"embosshdrnocenter border1pxtrans pad10\">".$_CONTEXT['scanlabel'][$sKey]."</div>\n";
$sCode .= " <div class=\"w700 flt pad5 blk overflw\">\n";
$sCode .= " <div class=\"overflw\">\n".$sValue;
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " </div>\n";
$sCode .= " <div class=\"clear\"></div>\n";
}
}
$sDest = $_PATHS['functions_root']."/fwrite.php";
(!IsThere($sPage) ? include_once($_PATHS['end']) : include_once($sDest));
// the automatic scan is the only scan that will update the file LOGS_DIR/log_activity.php
$sNewD = "<?php\n";
$sNewD .= "/* Activity log\n\n";
$sNewD .= "Author: Remco Kouw\n";
$sNewD .= "Site: http://www.hacksuite.com\n";
$sNewD .= "Last Edit: ".date('d-m-Y',time())."\n";
$sNewD .= "*/\n";
$sNewD .= "if(!defined('IN_SCRIPT')){\n";
$sNewD .= "\texit;\n";
$sNewD .= "}\n";
$sNewD .= "\$_CONTEXT['useraccessdata'] = array();\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['installed'] = ".$_CONTEXT['useraccessdata']['installed'].";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_update'] = ".time().";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['ip'] = array(\"".$_SERVER['REMOTE_ADDR']."\");\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['last_scan'] = ".time().";\n";
$sNewD .= "\$_CONTEXT['useraccessdata']['action'] = \"".$_CONTEXT['useraccessdata']['action']."\";\n";
$sNewD .= "?>";
if(!WriteF($_PATHS['log_root']."/log_activity.php",$sNewD,"w")){
include_once($_PATHS['end']);
}
}
}
?>