..or more modules you must have seen the iframes used for realtime result display. In this tutorial I'm going to show you how to insert them into your module and how they function. what..
Attempts to find suspicious and evil files or code
<?php
/*
Handler for Sscan
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C = "thc_ss";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
// add some new paths
$_PATHS['thc_ss_logs'] = $_PATHS['module_default_root']."/LOGS";
$_PATHS['thc_ss_logtemplate'] = $_PATHS['module_default_root']."/LOGT";
$_PATHS['thc_ss_callbacks'] = $_PATHS['module_default_root']."/CALLBACKS";
$_PATHS['thc_ss_emailtemplate'] = $_PATHS['module_default_root']."/EMAILT";
include_once($_PATHS['functions_root']."/scrn.php");
include_once($_PATHS['functions_root']."/fwrite.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(isset($_POST['submit']) && $_POST['submit']=="Scan Target"){
// let's validate before we start the scan task
$iInterval = @intval($_POST['iInterval']);
$iScan = @intval($_POST['iScan']);
$iNotify = @intval($_POST['iNotify']);
$iScanTime = @intval($_POST['iScanSec']);
// don't you just hate using post variables directly? Uhm I do.. ;)
$sSearch = @$_POST['sSearch'];
$sMethod = @$_POST['sMethod'];
$sEmail = @$_POST['sEmail'];
$sEmailT = @$_POST['sEmailT'];
$sLogFile = @$_POST['sLogFile'];
$iKill = @intval($_POST['iKill']);
$iRegex = @intval($_POST['iRegex']);
$sLogTemplate = @$_POST['sLogTemplate'];
$sCallback = $_POST['sCallback'];
$sCallbackF = $_POST['sCallbackF'];
$sSendVars = $_POST['sSendVars'];
$sScanUrl = $_POST['sScanUrl'];
// first of all let's see if the url looks valid..
$aUrl = @parse_url($sScanUrl);
if(!isset($aUrl['host']) || !strlen($aUrl['host'])){
die(Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($sSearch==""){
die(Screen($sOut."Please insert a string or pattern to search for.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// CALLBACKS MAY ADJUST SETTINGS REGARDLESS OF WHAT YOU HAVE SPECIFIED!
if($sCallback=="yes"){
// ok let's see if the callback exists and contains the right data
if(@file_exists($_PATHS['thc_ss_callbacks']."/".$sCallbackF)){
@include_once($_PATHS['thc_ss_callbacks']."/".$sCallbackF);
if(!@function_exists("Callbck")){
die(Screen($sOut."Failed to find callback function.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Please insert a valid filename for the callback file.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
$sCallback = "no";
}
// do we use preg searches?
$bPreg = ($iRegex==1 ? true : false);
// make sure we have a valid method
if($sMethod!="post"){
$sMethod = "get";
}
// do we have a callback or will we just use static variables or send nothing
if(@strpos($sSendVars,"=")>0){
// add to query
if($sSendVars[0]=="?"){
// remove the question mark
$sSendVars = substr($sSendVars,1);
}
if($sSendVars[strlen($sSendVars)-1]=="&"){
// remove the last ampersand to prevent mixed up urls
$sSendVars = substr($sSendVars,0,-1);
}
$aUrl['query'] = (isset($aUrl['query']) && $aUrl['query']!="" ? $aUrl['query']."&".$sSendVars : $sSendVars);
}
if($iScan>2){
// only applies to temporary scans
if($iInterval!==false){
if($iInterval<0){
die(Screen($sOut."Interval must be a number above 0.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($iInterval>$iScanTime){
die(Screen($sOut."Interval must be lower than total scan time.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Invalid value for interval.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
if($iNotify==1){
// send mail
if(!@filter_var($sEmail,FILTER_VALIDATE_EMAIL)){
die(Screen($sOut."Invalid email specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($sEmailT!=""){
// email template
$sDest = $_PATHS['thc_ss_emailtemplate']."/".$sEmailT;
if(@file_exists($sDest)){
@include_once($sDest);
if(!function_exists("TemplateEmail")){
die(Screen($sOut."Email template function <b>TemplateEmail</b> doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Email template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
}
elseif($iNotify==2){
// log results to a file
if($sLogFile!=""){
// log file
$sDest = $_PATHS['thc_ss_logs']."/".$sLogFile;
if(!@file_exists($sDest)){
// try to create it
$rConnect = @fopen($sDest,"w");
if(false===@fputs($rConnect,"")){
die(Screen($sOut."Log file doesn't exist and can't be created either.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
@fclose($rConnect);
}
}
if($sLogTemplate!=""){
// log template
$sDest = $_PATHS['thc_ss_logtemplate']."/".$sLogTemplate;
if(@file_exists($sDest)){
@include_once($sDest);
}
else{
die(Screen($sOut."Log template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
}
}
if(isset($_POST['submit'])){
switch($_POST['submit']){
// start task enter
case"Scan Target":
include_once("../../Includes/task_start.php");
echo $sOut;
break;
// dump of log
case"Dump Default Log":
// make sure functions are loaded, this feature will be extended in later versions so you can select your own files w/o changing code
include_once("fpaths.php");
$sDest = $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
include_once($sDest);
$sDest = $_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'];
echo $sOut.Array2Output(Template2Array(file_get_contents($sDest)));
echo $sEnd;
exit;
break;
// delete log entries
case"Truncate Default Log":
// overwrite default logfile
include_once("fpaths.php");
echo $sOut;
echo (WriteF($_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'],"","w")==true ? "Successfully deleted old entries." : "Failed to delete old entries.");
echo $sEnd;
exit;
break;
// just show index
default:
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ss @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
echo Screen("<br>\n<b>Sending all information via curl using the ".strtoupper($sMethod)." method..</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
flush();
ob_flush();
$iMatches = 0;
$iStartNow = time();
while(true){
if($sCallback=="yes"){
// let's get the dynamic content from the callback and add it to the query
$sCBack = Callbck();
if($sCBack=="BREAK"){
$iScanTime = (time()-$_CONTEXT['start_task']);
echo Screen("<p><b>callback terminated script after running ".$iScanTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
if(isset($_CONTEXT['cbackerror'])){
echo Screen("<b id=h7>".$_CONTEXT['cbackerror']."</b>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
}
break;
}
$aUrl['query'] = (isset($aUrl['queryold']) && $aUrl['queryold']!="" ? $aUrl['queryold']."&" : "").$sCBack;
}
$bCondition = false;
// make a connection and search for the string we want in the response
$ch = curl_init();
if($sMethod=="get"){
// include the query into the url when using GET
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].@$aUrl['path'].(isset($aUrl['query']) && $aUrl['query']!="" ? "?".$aUrl['query'] : ""));
}
else{
// include the query into the post fields when using POST
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,(isset($aUrl['query']) && $aUrl['query']!="" ? $aUrl['query'] : ""));
}
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$sResponse = @curl_exec($ch);
// die($sResponse);
curl_close($ch);
// connection closed.. let's see what we have here..
$iResponse = strlen($sResponse);
$sOccurence = "";
if($iScan==1 || $iScan==3){
// when string is found
if($bPreg==true){
// search using a regular expression
if(preg_match($sSearch,$sResponse)){
// match found
$iMatches++;
$bCondition = true;
}
}
else{
if(strlen(str_replace($sSearch,"",$sResponse))!=$iResponse){
$bCondition = true;
$iMatches++;
}
}
}
else{
// when string not found
$sOccurence = "<b>!</b>";
if($bPreg==true){
// search using a regular expression
if(!preg_match(stripslashes($sSearch),$sResponse)){
$bCondition = true;
$iMatches++;
}
}
else{
if(strlen(str_replace($sSearch,"",$sResponse))==$iResponse){
$bCondition = true;
$iMatches++;
}
}
}
// output what we search for
$sStringT = "[".$sOccurence.htmlspecialchars((strlen($sSearch)>17 ? substr($sSearch,0,15)."..." : $sSearch))."]";
$aResultX = array();
$aResultX['result'] = $sStringT." ".(isset($aUrl['query']) && $aUrl['query']!="" ? " => ".$aUrl['query'] : "");
// do we need to log this output or email it?
if($bCondition==true){
include_once("fpaths.php");
$sDest = $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
include_once($sDest);
$aResultX['date'] = time();
$aResultX['keyword'] = $sSearch;
$aResultX['result'] .= " => <b>true</b>";
$mResult = ($iNotify==1 ? TemplateEmail($sEmail,$aResultX) : WriteF($_PATHS['thc_ss_logs']."/".$sLogFile,TemplateLog($aResultX['keyword'],$aResultX['result'],$aResultX['date'])));
if($iKill==1){
// real end time
echo Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
echo Screen("<p><b>terminating script after running ".(time()-$_CONTEXT['start_task'])." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
}
else{
$aResultX['result'] .= " => <b>false</b>";
}
echo Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
flush();
ob_flush();
if($iScan==3 || $iScan==4){
// ..we'll depend on the time
$iTotalTime = (time()-$_CONTEXT['start_task']);
if($iScanTime<=$iTotalTime){
// time's over, let's get the hell out of here..
echo Screen("<p><b>terminating script after running ".$iTotalTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
}
if($iInterval>0){
sleep($iInterval);
}
}
echo Screen("<p><b>matches:</b> ".$iMatches." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo $sEnd;
?>