..are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the suite. We..
THC Sscan is a very versatile tool for scanning (html) files
<?php
/* Configure antievil scanner
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 17-02-2015
*/
session_cache_limiter('nocache');
header('Expires: '.gmdate('r',0));
header('Content-type: application/json');
$_DYNAMIC_ROOT = "..";
$bWriteMe = false;
include_once("../header.php");
$sDest = "../vars.php";
$aDataR = array();
$aDataR['jresult'] = false;
$aDataR['jmessage'] = "an error occured";
// target files we need, so make sure they are present
$aFiles = array($_PATHS['functions_root']."/fwrite.php",$_PATHS['functions_root']."/get_file_data.php",$_PATHS['functions_root']."/getfilebydir.php");
for($x=0;$x<count($aFiles);$x++){
(!IsThere($aFiles[$x]) ? include_once($_PATHS['end']) : include_once($aFiles[$x]));
}
$sBaseDir = "../Modules/thc_ae";
$sDataDir = $sBaseDir."/data";
$sLanguageDir = $sDataDir."/languages";
$aLanguages = GetFilesByDirectory($sLanguageDir);
if(!isset($aLanguages[0])){
$aDataR['jmessage'] = "No languages installed, expecting at least php.txt in folder ".$sLanguageDir;
}
else{
/* SECTION 1: new language or patterns */
if(isset($_POST['iSubmitLanguages'])){
if(!isset($_POST['sLanguage']) || $_POST['sLanguage']==""){
$aDataR['jmessage'] = "No language specified";
}
else{
// two parts are valid, if [0] = [0-9a-zA-Z_\-]+ [1] = txt
$aLanguage = explode(".",$_POST['sLanguage']);
if(!preg_match('/^([0-9a-zA-Z_\-])+$/',$aLanguage[0])){
$aDataR['jmessage'] = "Invalid filename specified for target file";
}
elseif(!isset($aLanguage[1]) || $aLanguage[1]!="txt"){
$aDataR['jmessage'] = "Files need to have a txt extension";
}
else{
if(!is_array($_POST['aPattern'])){
$aDataR['jmessage'] = "No patterns specified";
}
else{
$aPatterns = array();
for($x=0;$x<count($_POST['aPattern']);$x++){
if($_POST['aPattern'][$x]!="" && !in_array($_POST['aPattern'][$x],$aPatterns)){
$aPatterns[] = trim($_POST['aPattern'][$x]);
}
}
$iPatterns = count($aPatterns);
$sPatterns = "";
$sDest = $sLanguageDir."/".$_POST['sLanguage'];
if(!in_array($_POST['sLanguage'],$aLanguages)){
// need a new file, so no validation needed for patterns
for($x=0;$x<$iPatterns;$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aPatterns[$x];
}
}
else{
// validate content with data from language file
if(!filesize($sDest)){
// empty file
for($x=0;$x<$iPatterns;$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aPatterns[$x];
}
}
else{
// compare with existing entries
$aFile = @file($sDest);
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
if(!in_array($aFile[$x],$aPatterns)){
$aPatterns[] = $aFile[$x];
}
}
for($x=0;$x<count($aPatterns);$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aPatterns[$x];
}
}
}
if(!WriteF($sDest,$sPatterns,"w")){
$aDataR['jmessage'] = "Failed to update language file";
}
else{
$aDataR['jmessage'] = "Successfully wrote data";
$aDataR['jresult'] = true;
}
}
}
}
}
/* return patterns from a language file */
elseif(isset($_POST['iFetchLanguages'])){
if(!isset($aLanguages[0])){
$aDataR['jmessage'] = "No language files found";
}
else{
$sSelect = "<select name=\"sLangFile\">";
for($x=0;$x<count($aLanguages);$x++){
$sSelect .= "<option value=\"".$aLanguages[$x]."\">".$aLanguages[$x]."</option>";
}
$sSelect .= "</select>";
$aDataR['jresult'] = true;
$aDataR['jselect'] = $sSelect;
}
}
/* creates edit language form */
elseif(isset($_POST['iChangeLanguages'])){
$sFileData = !filesize($sLanguageDir."/".$_POST['sLangFile']) ? "" : GetFileData($sLanguageDir."/".$_POST['sLangFile']);
if(!in_array($_POST['sLangFile'],$aLanguages)){
$aDataR['jmessage'] = "Invalid language file selected";
}
else{
$aDataR['jresult'] = true;
$aDataR['jdata'] = $sFileData;
$aDataR['jfile'] = $_POST['sLangFile'];
}
}
/* updates language file */
elseif(isset($_POST['iUpdateLanguages'])){
if(!in_array($_POST['sLanguage'],$aLanguages)){
$aDataR['jmessage'] = "Invalid language file selected";
}
else{
if(!isset($_POST['sDataPatterns']) ||$_POST['sDataPatterns']==""){
$aDataR['jmessage'] = "No patterns have been specified";
}
else{
if(!WriteF($sLanguageDir."/".$_POST['sLanguage'],trim($_POST['sDataPatterns']),"w")){
$aDataR['jmessage'] = "Failed to update language file";
}
else{
$aDataR['jresult'] = true;
$aDataR['jmessage'] = "Successfully updated patterns";
}
}
}
}
/* SECTION 2: fetch folder names */
elseif(isset($_POST['iFetchFolders'])){
$sFileData = !filesize($sDataDir."/folders.txt") ? "" : GetFileData($sDataDir."/folders.txt");
$aDataR['jresult'] = true;
$aDataR['jdata'] = $sFileData;
}
/* add folder names */
elseif(isset($_POST['iAddFolders'])){
$aFile = @file($sDataDir."/folders.txt");
$sPatterns = "";
if(isset($aFile[0])){
// validate specified entries
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
}
for($x=0;$x<count($_POST['aPattern']);$x++){
$_POST['aPattern'][$x] = trim($_POST['aPattern'][$x]);
if(!preg_match('/^([a-z0-9\-_])+$/i',$_POST['aPattern'][$x])){
continue;
}
if(in_array($_POST['aPattern'][$x],$aFile) || $_POST['aPattern'][$x]==""){
continue;
}
$aFile[] = $_POST['aPattern'][$x];
}
for($x=0;$x<count($aFile);$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aFile[$x];
}
}
else{
// no validation needed
for($x=0;$x<count($_POST['aPattern']);$x++){
if($_POST['aPattern'][$x]!=""){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= trim($_POST['aPattern'][$x]);
}
}
}
if(!WriteF($sDataDir."/folders.txt",$sPatterns,"w")){
$aDataR['jmessage'] = "Failed to update folder file";
}
else{
$aDataR['jmessage'] = "Successfully wrote data";
$aDataR['jresult'] = true;
}
}
/* edit folder names */
elseif(isset($_POST['iUpdateFolders'])){
if(!isset($_POST['sDataPatterns']) ||$_POST['sDataPatterns']==""){
$aDataR['jmessage'] = "No patterns have been specified";
}
else{
if(!WriteF($sDataDir."/folders.txt",trim($_POST['sDataPatterns']),"w")){
$aDataR['jmessage'] = "Failed to update folders file";
}
else{
$aDataR['jresult'] = true;
$aDataR['jmessage'] = "Successfully updated folders";
}
}
}
/* SECTION 3: fetch extensions */
elseif(isset($_POST['iFetchExt'])){
$sFileData = !filesize($sDataDir."/searchfiles.txt") ? "" : GetFileData($sDataDir."/searchfiles.txt");
$aDataR['jresult'] = true;
$aDataR['jdata'] = $sFileData;
}
/* add extensions */
elseif(isset($_POST['iAddExt'])){
$aFile = @file($sDataDir."/searchfiles.txt");
$sPatterns = "";
if(isset($aFile[0])){
// validate specified entries
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
}
for($x=0;$x<count($_POST['aPattern']);$x++){
$_POST['aPattern'][$x] = trim($_POST['aPattern'][$x]);
if(!preg_match('/^([a-z0-9]){1,5}$/i',$_POST['aPattern'][$x])){
continue;
}
if(in_array($_POST['aPattern'][$x],$aFile) || $_POST['aPattern'][$x]==""){
continue;
}
$aFile[] = $_POST['aPattern'][$x];
}
for($x=0;$x<count($aFile);$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aFile[$x];
}
}
else{
// no validation needed
for($x=0;$x<count($_POST['aPattern']);$x++){
if($_POST['aPattern'][$x]!=""){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= trim($_POST['aPattern'][$x]);
}
}
}
if(!WriteF($sDataDir."/searchfiles.txt",$sPatterns,"w")){
$aDataR['jmessage'] = "Failed to update folder file";
}
else{
$aDataR['jmessage'] = "Successfully wrote data";
$aDataR['jresult'] = true;
}
}
/* edit extensions */
elseif(isset($_POST['iUpdateExt'])){
if(!isset($_POST['sDataPatterns']) ||$_POST['sDataPatterns']==""){
$aDataR['jmessage'] = "No extensions have been specified";
}
else{
if(!WriteF($sDataDir."/searchfiles.txt",trim($_POST['sDataPatterns']),"w")){
$aDataR['jmessage'] = "Failed to update extensions file";
}
else{
$aDataR['jresult'] = true;
$aDataR['jmessage'] = "Successfully updated extensions";
}
}
}
/* SECTION 4: fetch shells */
elseif(isset($_POST['iFetchShell'])){
$sFileData = !filesize($sDataDir."/shell.txt") ? "" : GetFileData($sDataDir."/shell.txt");
$aDataR['jresult'] = true;
$aDataR['jdata'] = $sFileData;
}
/* add shells */
elseif(isset($_POST['iAddShell'])){
$aFile = @file($sDataDir."/shell.txt");
$sPatterns = "";
if(isset($aFile[0])){
// validate specified entries
for($x=0;$x<count($aFile);$x++){
$aFile[$x] = trim($aFile[$x]);
}
for($x=0;$x<count($_POST['aPattern']);$x++){
$_POST['aPattern'][$x] = trim($_POST['aPattern'][$x]);
if(!preg_match('/^[0-9a-z\-_]*\.([\.0-9a-z\-_]+)$/i',$_POST['aPattern'][$x])){
continue;
}
if(in_array($_POST['aPattern'][$x],$aFile) || $_POST['aPattern'][$x]==""){
continue;
}
$aFile[] = $_POST['aPattern'][$x];
}
for($x=0;$x<count($aFile);$x++){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= $aFile[$x];
}
}
else{
// no validation needed
for($x=0;$x<count($_POST['aPattern']);$x++){
if($_POST['aPattern'][$x]!=""){
if($x!=0){
$sPatterns .= "\n";
}
$sPatterns .= trim($_POST['aPattern'][$x]);
}
}
}
if(!WriteF($sDataDir."/shell.txt",$sPatterns,"w")){
$aDataR['jmessage'] = "Failed to update shell file";
}
else{
$aDataR['jmessage'] = "Successfully wrote data";
$aDataR['jresult'] = true;
}
}
/* edit shells */
elseif(isset($_POST['iUpdateShell'])){
if(!isset($_POST['sDataPatterns']) ||$_POST['sDataPatterns']==""){
$aDataR['jmessage'] = "No shells have been specified";
}
else{
if(!WriteF($sDataDir."/shell.txt",trim($_POST['sDataPatterns']),"w")){
$aDataR['jmessage'] = "Failed to update shell file";
}
else{
$aDataR['jresult'] = true;
$aDataR['jmessage'] = "Successfully updated shells";
}
}
}
else{
/* return error message */
$aDataR['jmessage'] = "Invalid action specified";
}
}
echo json_encode($aDataR);
?>