random gallery image
random tutorial
preview

..will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the..

read more

random debugging
xAnalyze

xAnalyze is a module that can search through corrupt data and configuration files in order to find the exact position of errors

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/*
Handler for Sscan

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C "thc_ss";
include_once(
"../../Includes/screen_header.php");
include_once(
$_PATHS['style_root']."/screen.php");
// add some new paths
$_PATHS['thc_ss_logs'] = $_PATHS['module_default_root']."/LOGS";
$_PATHS['thc_ss_logtemplate'] = $_PATHS['module_default_root']."/LOGT";
$_PATHS['thc_ss_callbacks'] = $_PATHS['module_default_root']."/CALLBACKS";
$_PATHS['thc_ss_emailtemplate'] = $_PATHS['module_default_root']."/EMAILT";
include_once(
$_PATHS['functions_root']."/scrn.php");
include_once(
$_PATHS['functions_root']."/fwrite.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['submit']) && $_POST['submit']=="Scan Target"){
    
// let's validate before we start the scan task
    
$iInterval = @intval($_POST['iInterval']);
    
$iScan = @intval($_POST['iScan']);
    
$iNotify = @intval($_POST['iNotify']);
    
$iScanTime = @intval($_POST['iScanSec']);
    
// don't you just hate using post variables directly? Uhm I do.. ;)
    
$sSearch = @$_POST['sSearch'];
    
$sMethod = @$_POST['sMethod'];
    
$sEmail = @$_POST['sEmail'];
    
$sEmailT = @$_POST['sEmailT'];
    
$sLogFile = @$_POST['sLogFile'];
    
$iKill = @intval($_POST['iKill']);
    
$iRegex = @intval($_POST['iRegex']);
    
$sLogTemplate = @$_POST['sLogTemplate'];
    
$sCallback $_POST['sCallback'];
    
$sCallbackF $_POST['sCallbackF'];
    
$sSendVars $_POST['sSendVars'];
    
$sScanUrl $_POST['sScanUrl'];
    
// first of all let's see if the url looks valid..
    
$aUrl = @parse_url($sScanUrl);
    if(!isset(
$aUrl['host']) || !strlen($aUrl['host'])){
        die(
Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    if(
$sSearch==""){
        die(
Screen($sOut."Please insert a string or pattern to search for.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
// CALLBACKS MAY ADJUST SETTINGS REGARDLESS OF WHAT YOU HAVE SPECIFIED!
    
if($sCallback=="yes"){
        
// ok let's see if the callback exists and contains the right data
        
if(@file_exists($_PATHS['thc_ss_callbacks']."/".$sCallbackF)){
            @include_once(
$_PATHS['thc_ss_callbacks']."/".$sCallbackF);
            if(!@
function_exists("Callbck")){
                die(
Screen($sOut."Failed to find callback function.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        else{
            die(
Screen($sOut."Please insert a valid filename for the callback file.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
    }
    else{
        
$sCallback "no";
    }
    
// do we use preg searches?
    
$bPreg = ($iRegex==true false);
    
// make sure we have a valid method
    
if($sMethod!="post"){
        
$sMethod "get";
    }
    
// do we have a callback or will we just use static variables or send nothing
    
if(@strpos($sSendVars,"=")>0){
        
// add to query
        
if($sSendVars[0]=="?"){
            
// remove the question mark
            
$sSendVars substr($sSendVars,1);
        }
        if(
$sSendVars[strlen($sSendVars)-1]=="&"){
            
// remove the last ampersand to prevent mixed up urls
            
$sSendVars substr($sSendVars,0,-1);
        }
        
$aUrl['query'] = (isset($aUrl['query']) && $aUrl['query']!="" $aUrl['query']."&".$sSendVars $sSendVars);
    }
    if(
$iScan>2){
        
// only applies to temporary scans
        
if($iInterval!==false){
            if(
$iInterval<0){
                die(
Screen($sOut."Interval must be a number above 0.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
            if(
$iInterval>$iScanTime){
                die(
Screen($sOut."Interval must be lower than total scan time.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
        else{
            die(
Screen($sOut."Invalid value for interval.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
    }
    if(
$iNotify==1){
        
// send mail
        
if(!@filter_var($sEmail,FILTER_VALIDATE_EMAIL)){
            die(
Screen($sOut."Invalid email specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
        }
        if(
$sEmailT!=""){
            
// email template
            
$sDest $_PATHS['thc_ss_emailtemplate']."/".$sEmailT;
            if(@
file_exists($sDest)){
                @include_once(
$sDest);
                if(!
function_exists("TemplateEmail")){
                    die(
Screen($sOut."Email template function <b>TemplateEmail</b> doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
                }
            }
            else{
                die(
Screen($sOut."Email template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
    }
    elseif(
$iNotify==2){
        
// log results to a file
        
if($sLogFile!=""){
            
// log file
            
$sDest $_PATHS['thc_ss_logs']."/".$sLogFile;
            if(!@
file_exists($sDest)){
                
// try to create it
                
$rConnect = @fopen($sDest,"w");
                if(
false===@fputs($rConnect,"")){
                    die(
Screen($sOut."Log file doesn't exist and can't be created either.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
                }
                @
fclose($rConnect);
            }
        }
        if(
$sLogTemplate!=""){
            
// log template
            
$sDest $_PATHS['thc_ss_logtemplate']."/".$sLogTemplate;
            if(@
file_exists($sDest)){
                @include_once(
$sDest);
            }
            else{
                die(
Screen($sOut."Log template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
        }
    }
}
if(isset(
$_POST['submit'])){
    switch(
$_POST['submit']){
        
// start task enter
        
case"Scan Target":
        include_once(
"../../Includes/task_start.php");
        echo 
$sOut;
        break;
        
// dump of log
        
case"Dump Default Log":
        
// make sure functions are loaded, this feature will be extended in later versions so you can select your own files w/o changing code
        
include_once("fpaths.php");
        
$sDest $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
        include_once(
$sDest);
        
$sDest $_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'];
        echo 
$sOut.Array2Output(Template2Array(file_get_contents($sDest)));
        echo 
$sEnd;
        exit;
        break;
        
// delete log entries
        
case"Truncate Default Log":
        
// overwrite default logfile
        
include_once("fpaths.php");
        echo 
$sOut;
        echo (
WriteF($_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'],"","w")==true "Successfully deleted old entries." "Failed to delete old entries.");
        echo 
$sEnd;
        exit;
        break;
        
// just show index
        
default:
        echo 
$sOut;
        echo 
$sOptions;
        echo 
$sEnd;
        exit;
    }
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ss @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
echo 
Screen("<br>\n<b>Sending all information via curl using the ".strtoupper($sMethod)." method..</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
flush();
ob_flush();
$iMatches 0;
$iStartNow time();
while(
true){
    if(
$sCallback=="yes"){
        
// let's get the dynamic content from the callback and add it to the query
        
$sCBack Callbck();
        if(
$sCBack=="BREAK"){
            
$iScanTime = (time()-$_CONTEXT['start_task']);
            echo 
Screen("<p><b>callback terminated script after running ".$iScanTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            if(isset(
$_CONTEXT['cbackerror'])){
                echo 
Screen("<b id=h7>".$_CONTEXT['cbackerror']."</b>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            }
            break;
        }
        
$aUrl['query'] = (isset($aUrl['queryold']) && $aUrl['queryold']!="" $aUrl['queryold']."&" "").$sCBack;
    }
    
$bCondition false;
    
// make a connection and search for the string we want in the response
    
$ch curl_init();
    if(
$sMethod=="get"){
        
// include the query into the url when using GET
        
curl_setopt($chCURLOPT_URL$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path'].(isset($aUrl['query']) && $aUrl['query']!="" "?".$aUrl['query'] : ""));
    }
    else{
        
// include the query into the post fields when using POST
        
curl_setopt($chCURLOPT_URL$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']);
        
curl_setopt($chCURLOPT_POST,1);
        
curl_setopt($chCURLOPT_POSTFIELDS,(isset($aUrl['query']) && $aUrl['query']!="" $aUrl['query'] : ""));
    }
    
curl_setopt($chCURLOPT_FOLLOWLOCATION,1);
    
curl_setopt($chCURLOPT_HEADER,0);
    
curl_setopt($chCURLOPT_RETURNTRANSFER,1);
    
$sResponse = @curl_exec($ch);
    
// die($sResponse);
    
curl_close($ch);
    
// connection closed.. let's see what we have here..
    
$iResponse strlen($sResponse);
    
$sOccurence "";
    if(
$iScan==|| $iScan==3){
        
// when string is found
        
if($bPreg==true){
            
// search using a regular expression
            
if(preg_match($sSearch,$sResponse)){
                
// match found
                
$iMatches++;
                
$bCondition true;
            }
        }
        else{
            if(
strlen(str_replace($sSearch,"",$sResponse))!=$iResponse){
                
$bCondition true;
                
$iMatches++;
            }
        }
    }
    else{
        
// when string not found
        
$sOccurence "<b>!</b>";
        if(
$bPreg==true){
            
// search using a regular expression
            
if(!preg_match(stripslashes($sSearch),$sResponse)){
                
$bCondition true;
                
$iMatches++;
            }
        }
        else{
            if(
strlen(str_replace($sSearch,"",$sResponse))==$iResponse){
                
$bCondition true;
                
$iMatches++;
            }
        }
    }
    
// output what we search for
    
$sStringT "[".$sOccurence.htmlspecialchars((strlen($sSearch)>17 substr($sSearch,0,15)."..." $sSearch))."]";
    
$aResultX = array();
    
$aResultX['result'] = $sStringT." ".(isset($aUrl['query']) && $aUrl['query']!="" " =&gt; ".$aUrl['query'] : "");
    
// do we need to log this output or email it?
    
if($bCondition==true){
        include_once(
"fpaths.php");
        
$sDest $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
        include_once(
$sDest);
        
$aResultX['date'] = time();
        
$aResultX['keyword'] = $sSearch;
        
$aResultX['result'] .= " =&gt; <b>true</b>";
        
$mResult = ($iNotify==TemplateEmail($sEmail,$aResultX) : WriteF($_PATHS['thc_ss_logs']."/".$sLogFile,TemplateLog($aResultX['keyword'],$aResultX['result'],$aResultX['date'])));
        if(
$iKill==1){
            
// real end time
            
echo Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            echo 
Screen("<p><b>terminating script after running ".(time()-$_CONTEXT['start_task'])." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            break;
        }
    }
    else{
        
$aResultX['result'] .= " =&gt; <b>false</b>";
    }
    echo 
Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    
flush();
    
ob_flush();
    if(
$iScan==|| $iScan==4){
        
// ..we'll depend on the time
        
$iTotalTime = (time()-$_CONTEXT['start_task']);
        if(
$iScanTime<=$iTotalTime){
            
// time's over, let's get the hell out of here..
            
echo Screen("<p><b>terminating script after running ".$iTotalTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            break;
        }
    }
    if(
$iInterval>0){
        
sleep($iInterval);
    }
}
echo 
Screen("<p><b>matches:</b> ".$iMatches." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo 
$sEnd;
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 3840
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.