..you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the..
xAnalyze is a module that can search through corrupt data and configuration files in order to find the exact position of errors
<?php
/*
Handler for Sscan
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 13-04-2015
*/
// set variable to be able to save a task
$_MODULE_C = "thc_ss";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
// add some new paths
$_PATHS['thc_ss_logs'] = $_PATHS['module_default_root']."/LOGS";
$_PATHS['thc_ss_logtemplate'] = $_PATHS['module_default_root']."/LOGT";
$_PATHS['thc_ss_callbacks'] = $_PATHS['module_default_root']."/CALLBACKS";
$_PATHS['thc_ss_emailtemplate'] = $_PATHS['module_default_root']."/EMAILT";
include_once($_PATHS['functions_root']."/scrn.php");
include_once($_PATHS['functions_root']."/fwrite.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(isset($_POST['submit']) && $_POST['submit']=="Scan Target"){
// let's validate before we start the scan task
$iInterval = @intval($_POST['iInterval']);
$iScan = @intval($_POST['iScan']);
$iNotify = @intval($_POST['iNotify']);
$iScanTime = @intval($_POST['iScanSec']);
// don't you just hate using post variables directly? Uhm I do.. ;)
$sSearch = @$_POST['sSearch'];
$sMethod = @$_POST['sMethod'];
$sEmail = @$_POST['sEmail'];
$sEmailT = @$_POST['sEmailT'];
$sLogFile = @$_POST['sLogFile'];
$iKill = @intval($_POST['iKill']);
$iRegex = @intval($_POST['iRegex']);
$sLogTemplate = @$_POST['sLogTemplate'];
$sCallback = $_POST['sCallback'];
$sCallbackF = $_POST['sCallbackF'];
$sSendVars = $_POST['sSendVars'];
$sScanUrl = $_POST['sScanUrl'];
// first of all let's see if the url looks valid..
$aUrl = @parse_url($sScanUrl);
if(!isset($aUrl['host']) || !strlen($aUrl['host'])){
die(Screen($sOut."Invalid target specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($sSearch==""){
die(Screen($sOut."Please insert a string or pattern to search for.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// CALLBACKS MAY ADJUST SETTINGS REGARDLESS OF WHAT YOU HAVE SPECIFIED!
if($sCallback=="yes"){
// ok let's see if the callback exists and contains the right data
if(@file_exists($_PATHS['thc_ss_callbacks']."/".$sCallbackF)){
@include_once($_PATHS['thc_ss_callbacks']."/".$sCallbackF);
if(!@function_exists("Callbck")){
die(Screen($sOut."Failed to find callback function.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Please insert a valid filename for the callback file.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
$sCallback = "no";
}
// do we use preg searches?
$bPreg = ($iRegex==1 ? true : false);
// make sure we have a valid method
if($sMethod!="post"){
$sMethod = "get";
}
// do we have a callback or will we just use static variables or send nothing
if(@strpos($sSendVars,"=")>0){
// add to query
if($sSendVars[0]=="?"){
// remove the question mark
$sSendVars = substr($sSendVars,1);
}
if($sSendVars[strlen($sSendVars)-1]=="&"){
// remove the last ampersand to prevent mixed up urls
$sSendVars = substr($sSendVars,0,-1);
}
$aUrl['query'] = (isset($aUrl['query']) && $aUrl['query']!="" ? $aUrl['query']."&".$sSendVars : $sSendVars);
}
if($iScan>2){
// only applies to temporary scans
if($iInterval!==false){
if($iInterval<0){
die(Screen($sOut."Interval must be a number above 0.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($iInterval>$iScanTime){
die(Screen($sOut."Interval must be lower than total scan time.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Invalid value for interval.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
if($iNotify==1){
// send mail
if(!@filter_var($sEmail,FILTER_VALIDATE_EMAIL)){
die(Screen($sOut."Invalid email specified.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if($sEmailT!=""){
// email template
$sDest = $_PATHS['thc_ss_emailtemplate']."/".$sEmailT;
if(@file_exists($sDest)){
@include_once($sDest);
if(!function_exists("TemplateEmail")){
die(Screen($sOut."Email template function <b>TemplateEmail</b> doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
else{
die(Screen($sOut."Email template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
}
elseif($iNotify==2){
// log results to a file
if($sLogFile!=""){
// log file
$sDest = $_PATHS['thc_ss_logs']."/".$sLogFile;
if(!@file_exists($sDest)){
// try to create it
$rConnect = @fopen($sDest,"w");
if(false===@fputs($rConnect,"")){
die(Screen($sOut."Log file doesn't exist and can't be created either.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
@fclose($rConnect);
}
}
if($sLogTemplate!=""){
// log template
$sDest = $_PATHS['thc_ss_logtemplate']."/".$sLogTemplate;
if(@file_exists($sDest)){
@include_once($sDest);
}
else{
die(Screen($sOut."Log template file doesn't exist.".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
}
}
}
if(isset($_POST['submit'])){
switch($_POST['submit']){
// start task enter
case"Scan Target":
include_once("../../Includes/task_start.php");
echo $sOut;
break;
// dump of log
case"Dump Default Log":
// make sure functions are loaded, this feature will be extended in later versions so you can select your own files w/o changing code
include_once("fpaths.php");
$sDest = $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
include_once($sDest);
$sDest = $_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'];
echo $sOut.Array2Output(Template2Array(file_get_contents($sDest)));
echo $sEnd;
exit;
break;
// delete log entries
case"Truncate Default Log":
// overwrite default logfile
include_once("fpaths.php");
echo $sOut;
echo (WriteF($_PATHS['thc_ss_logs']."/".$_DPATHS['logfile'],"","w")==true ? "Successfully deleted old entries." : "Failed to delete old entries.");
echo $sEnd;
exit;
break;
// just show index
default:
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
// okidoki let's prepare the task
echo Screen("<br>\n<b>Running thc_ss @ ".$aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']."</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// spit fire...
flush();
ob_flush();
echo Screen("<br>\n<b>Sending all information via curl using the ".strtoupper($sMethod)." method..</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
flush();
ob_flush();
$iMatches = 0;
$iStartNow = time();
while(true){
if($sCallback=="yes"){
// let's get the dynamic content from the callback and add it to the query
$sCBack = Callbck();
if($sCBack=="BREAK"){
$iScanTime = (time()-$_CONTEXT['start_task']);
echo Screen("<p><b>callback terminated script after running ".$iScanTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
if(isset($_CONTEXT['cbackerror'])){
echo Screen("<b id=h7>".$_CONTEXT['cbackerror']."</b>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
}
break;
}
$aUrl['query'] = (isset($aUrl['queryold']) && $aUrl['queryold']!="" ? $aUrl['queryold']."&" : "").$sCBack;
}
$bCondition = false;
// make a connection and search for the string we want in the response
$ch = curl_init();
if($sMethod=="get"){
// include the query into the url when using GET
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].@$aUrl['path'].(isset($aUrl['query']) && $aUrl['query']!="" ? "?".$aUrl['query'] : ""));
}
else{
// include the query into the post fields when using POST
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].@$aUrl['path']);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS,(isset($aUrl['query']) && $aUrl['query']!="" ? $aUrl['query'] : ""));
}
curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
curl_setopt($ch, CURLOPT_HEADER,0);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
$sResponse = @curl_exec($ch);
// die($sResponse);
curl_close($ch);
// connection closed.. let's see what we have here..
$iResponse = strlen($sResponse);
$sOccurence = "";
if($iScan==1 || $iScan==3){
// when string is found
if($bPreg==true){
// search using a regular expression
if(preg_match($sSearch,$sResponse)){
// match found
$iMatches++;
$bCondition = true;
}
}
else{
if(strlen(str_replace($sSearch,"",$sResponse))!=$iResponse){
$bCondition = true;
$iMatches++;
}
}
}
else{
// when string not found
$sOccurence = "<b>!</b>";
if($bPreg==true){
// search using a regular expression
if(!preg_match(stripslashes($sSearch),$sResponse)){
$bCondition = true;
$iMatches++;
}
}
else{
if(strlen(str_replace($sSearch,"",$sResponse))==$iResponse){
$bCondition = true;
$iMatches++;
}
}
}
// output what we search for
$sStringT = "[".$sOccurence.htmlspecialchars((strlen($sSearch)>17 ? substr($sSearch,0,15)."..." : $sSearch))."]";
$aResultX = array();
$aResultX['result'] = $sStringT." ".(isset($aUrl['query']) && $aUrl['query']!="" ? " => ".$aUrl['query'] : "");
// do we need to log this output or email it?
if($bCondition==true){
include_once("fpaths.php");
$sDest = $_PATHS['thc_ss_logtemplate']."/".$_DPATHS['logtemplate'];
include_once($sDest);
$aResultX['date'] = time();
$aResultX['keyword'] = $sSearch;
$aResultX['result'] .= " => <b>true</b>";
$mResult = ($iNotify==1 ? TemplateEmail($sEmail,$aResultX) : WriteF($_PATHS['thc_ss_logs']."/".$sLogFile,TemplateLog($aResultX['keyword'],$aResultX['result'],$aResultX['date'])));
if($iKill==1){
// real end time
echo Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
echo Screen("<p><b>terminating script after running ".(time()-$_CONTEXT['start_task'])." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
}
else{
$aResultX['result'] .= " => <b>false</b>";
}
echo Screen("<br>\n".$aResultX['result']."\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
flush();
ob_flush();
if($iScan==3 || $iScan==4){
// ..we'll depend on the time
$iTotalTime = (time()-$_CONTEXT['start_task']);
if($iScanTime<=$iTotalTime){
// time's over, let's get the hell out of here..
echo Screen("<p><b>terminating script after running ".$iTotalTime." seconds</b><br>\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
}
if($iInterval>0){
sleep($iInterval);
}
}
echo Screen("<p><b>matches:</b> ".$iMatches." (running time) ".(time()-$_CONTEXT['start_task'])."(s)\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo $sEnd;
?>