random gallery image
random tutorial
preview

..index page for the suite. It's very easy because the only thing you need to do is change the content of default.php. I don't want to create something like hello world or..

read more

random bruteforce
AntiFTP

AntiFTP uses wordlists in order to bruteforce FTP user accounts

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for Inject It

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C "thc_ii";
include_once(
"../../Includes/screen_header.php");
$_PATHS['injectlog'] = $_PATHS['module_default_root']."/logs/default.php";
include_once(
$_PATHS['style_root']."/screen.php");
include_once(
$_PATHS['functions_root']."/fwrite.php");
include_once(
$_PATHS['module_default_root']."/inject.php");
include_once(
$_PATHS['functions_root']."/scrn.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['submit'])){
    switch(
$_POST['submit']){
        
// scan
        
case"Scan":
        echo 
$sOut;
        
$_POST['iAttackType'] = ($_POST['iAttackType']!=1);
        if(
$_POST['iAttackType']==0){
            
// set static post variables to determine which variables to poison
            
$_STATIC = array("iAttackType","sTarget","sUseFile","aExploits","submit");
            
$_POISON = array();
            foreach(
$_POST as $sKey=>$mValue){
                if(!
in_array($sKey,$_STATIC)){
                    
$_POISON[] = $sKey;
                }
            }
            if(
false==($iPoison = @count($_POISON))){
                
// no variables selected to poison
                
die(Screen("<br>\n<b>No variables selected to poison</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        else{
            
$sDest $_PATHS['module_default_root']."/urls/".ExploitFilter($_POST['sUseFile'],0,1);
            if(!
file_exists($sDest)){
                
// file doesn't exist
                
die(Screen("<br>\n<b>Log file doesn't exist</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
            if(
filesize($sDest)==0){
                
// target file is empty
                
die(Screen("<br>\n<b>Target file is empty</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        if(
false==($iExploits = @count($_POST['aExploits']))){
            
// no exploits selected
            
die(Screen("<br>\n<b>No exploits selected</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
        
// used for creating the exploiturl and initialize the attack
        
@include_once($_PATHS['module_default_root']."/func_exploiturl.php");
        @include_once(
$_PATHS['module_default_root']."/func_payloadsend.php");
        @include_once(
$_PATHS['module_default_root']."/func_parseresponse.php");
        
// buffer for logging
        
$sBuffer "";
        
// generate a unique scan id
        
$sID substr(md5(time()),0,10);
        include_once(
$_PATHS['includes_root']."/task_start.php");
        echo 
Screen("<br>\n<b>Running..</b><p>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
// spit fire...
        
flush();
        
ob_flush();
        if(
$_POST['iAttackType']==1){
            
// mass scan
            
@include_once($_PATHS['functions_root']."/exploit_filter.php");
            
$aFile file($sDest);
            for(
$x=0;$x<count($aFile);$x++){
                if(
$aFile[$x]!=""){
                    
// parse url, attack it, send exploit and parse response
                    
foreach($_CONTEXT['inject'] as $sKey=>$aExploitP){
                        
$sUrl ExploitUrl(trim($aFile[$x]),$_CONTEXT['inject'],$sKey);
                        
$aResponse PayloadSend($sUrl,$_CONTEXT['curloptions']);
                        
$sBuffer .= $sID."|".time()."|".trim($aFile[$x])."|".$sKey."|";
                        
$bResult ParseResponse($aResponse['data'],$_CONTEXT['inject'][$sKey]['response']);
                        
$sBuffer .= ($bResult 0)."\n";
                        echo 
Screen("<br>\n".$aFile[$x]." ".($bResult "could be" "isn't")." exploitable with ".$sKey."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
                    }
                }
            }
        }
        else{
            
// single scan
            
for($x=0;$x<$iExploits;$x++){
                
$sUrl ExploitUrl($_POST['sTarget'],$_CONTEXT['inject'],$_POST['aExploits'][$x],$_POISON);
                
$aResponse PayloadSend($_POST['sTarget'],$_CONTEXT['curloptions']);
                
$sBuffer .= $sID."|".time()."|".$_POST['sTarget']."|".$_POST['aExploits'][$x]."|";
                
$bResult ParseResponse($aResponse['data'],$_CONTEXT['inject'][$_POST['aExploits'][$x]]['response']);
                
$sBuffer .= ($bResult 0)."\n";
                echo 
Screen("<br>\n".$_POST['sTarget']." ".($bResult "could be" "isn't")." exploitable with ".$_POST['aExploits'][$x]."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            }
        }
        if(
$_POST['iLogType']==1){
            
WriteF($_PATHS['injectlog'],$sBuffer,"a");
        }
        break;
        
// dump log
        
case"Dump Log":
        echo 
$sOut;
        @include_once(
$_PATHS['functions_root']."/raw_to_array.php");
        if(
false==($aKeys RawToArray($_PATHS['injectlog']))){
            echo
"<b id=h7>[no logs found]</b>";
        }
        else{
            
$sThisSession "";
            for(
$x=0;$x<count($aKeys);$x++){
                if(
$x==0){
                    
$sThisSession $aKeys[$x][0];
                    echo
"<p><b>session ".$sThisSession."</b><br />\n";
                }
                elseif(
$sThisSession!=$aKeys[$x][0]){
                    
$sThisSession $aKeys[$x][0];
                    echo
"</p><p><b>session ".$sThisSession."</b><br />\n";
                }
                echo
"<b>[".date($_CONTEXT['time_pattern'].' H:i:s',$aKeys[$x][1])."]</b> (".$aKeys[$x][2].") inject ".$aKeys[$x][3].", result ".(trim($aKeys[$x][4])=="<b id=\"h6\">SUCCESS</b>" "<b id=\"h7\">FAILED</b>")."<br>\n";
            }
            echo
"</p>";
        }
        echo 
$sEnd;
        exit;
        break;
        
// clean logfile
        
case"Truncate Log":
        echo 
$sOut;
        echo (
WriteF($_PATHS['injectlog'],"","w")==true "Successfully deleted old entries." "Failed to delete old entries.");
        echo 
$sEnd;
        exit;
        break;
        
// just show index
        
default:
        echo 
$sOut;
        echo 
$sOptions;
        echo 
$sEnd;
        exit;
    }
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo 
$sEnd;
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3836
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.