<?php
/* Tools & Design 2013
Author: Remco Kouw
Site: http://www.hacksuite.com
*/

if(!defined("IN_SCRIPT")){
    exit;
}
// add the js file to the headers first
$_CONTEXT['headers'] = (isset($_CONTEXT['headers']) ? $_CONTEXT['headers'] : "")."<script type=\"text/javascript\" src=\"".$_PATHS['module_default_root_http']."/menu.js\"></script>\n";
// we need to be able to read files from the urls directory
$sPage = $_PATHS['functions_root']."/getfilebydir.php";
(!IsThere($sPage) ? include($_PATHS['end']) : include_once($sPage));
// iframe that shows attack
$_CONTEXT['screen'] = array();
$_CONTEXT['screen']['src'] = $_PATHS['module_default_root_http']."/screen.php";
$_CONTEXT['screen']['w'] = 800;
$_CONTEXT['screen']['h'] = 200;
$_CONTEXT['screen']['name'] = "screen";
$sCode = "<form method=\"post\" target=\"".$_CONTEXT['screen']['name']."\" action=\"".$_CONTEXT['screen']['src']."\">\n";
$sCode .= "<div class=\"moddesc\"><img src=\"./".$_CONTEXT['module_current']."/".$_CONTEXT['module_current'].".png\" width=\"90\" align=\"left\" /><h2>".$_CONTEXT['modules'][$_CONTEXT['module_current']]['name']."</h2>".$_CONTEXT['modules'][$_CONTEXT['module_current']]['description']."</div>\n";
$sCode .= "<div class=\"modtable\">\n";
$sCode .= "    <div class=\"modrow\" id=\"startscan\">\n";
// select scan type
$sCode .= "        <div class=\"modleft\">choose scan type</div>\n";
$sSelectAttack = "<select name=\"iAttackType\" class=\"attacktype\">\n";
$sSelectAttack .= "    <option value=\"-1\" selected>select a scan</option>\n";
$sSelectAttack .= "    <option value=\"0\">single scan</option>\n";
$sSelectAttack .= "    <option value=\"1\">mass scan</option>\n";
$sSelectAttack .= "</select>\n";
$sCode .= "        <div class=\"modright\">\n".$sSelectAttack."</div>\n";
$sCode .= "    </div>\n";
$sCode .= "    <div class=\"modrow\" id=\"singlescan\">\n";
$sCode .= "        <div class=\"modleft\">target</div>\n";
$sCode .= "        <div class=\"modright\"><input type=\"text\" class=\"feedquery\" name=\"sTarget\" value=\"http://www.example.com/file.ext?var1=1&var2=1\" onfocus=\"this.value=''\" size=\"50\" /></div>\n";
$sCode .= "    </div>\n";
$sCode .= "    <div class=\"modrow\" id=\"singlescan\">\n";
$sCode .= "        <div class=\"modleft\">vars to poison</div>\n";
$sCode .= "        <div class=\"modright\" id=\"querysplit\"></div>\n";
$sCode .= "    </div>\n";
// get files from urls folder
$sFilesSelect = "";
if(false==($aFiles = GetFilesByDirectory($_PATHS['module_default_root']."/urls"))){
    $sFilesSelect .= "No files in <b>urls</b> folder";
}
else{
    $sFilesSelect .= "\n<select name=\"sUseFile\" class=\"usefile\">\n";
    for($x=0;$x<count($aFiles);$x++){
        $sFilesSelect .= "    <option value=\"".$aFiles[$x]."\">".$aFiles[$x]."</option>\n";
    }
    $sFilesSelect .= "</select>\n";
}
$sCode .= "    <div class=\"modrow\" id=\"massscan\">\n";
$sCode .= "        <div class=\"modleft\">filename</div>\n";
$sCode .= "        <div class=\"modright\">".$sFilesSelect."</div>\n";
$sCode .= "    </div>\n";
$sCode .= "    <div class=\"modrow\" id=\"allscan\">\n";
$sCode .= "        <div class=\"modleft\">attacks</div>\n";
// create selection form using inject.php
include($_PATHS['module_default_root']."/inject.php");
$sSelectExploit = "<select name=\"aExploits[]\" class=\"exploits\" multiple>\n";
foreach($_CONTEXT['inject'] as $sKey=>$aValues){
    $sSelectExploit .= "<option value=\"".$sKey."\">use ".$sKey." exploit</option>\n";
}
$sSelectExploit .= "</select>\n";
$sCode .= "        <div class=\"modright\">\n".$sSelectExploit."</div>\n";
$sCode .= "    </div>\n";
$sCode .= "    <div class=\"modrow\" id=\"allscan\">\n";
// log attack
$sCode .= "        <div class=\"modleft\">log all scans</div>\n";
$sLogType = "<select name=\"iLogType\" class=\"logtype\">\n";
$sLogType .= "    <option value=\"0\" selected>don't log scans</option>\n";
$sLogType .= "    <option value=\"1\">log scans</option>\n";
$sLogType .= "</select>\n";
$sCode .= "        <div class=\"modright\">\n".$sLogType."</div>\n";
$sCode .= "    </div>\n";
$sCode .= "    <div class=\"modrow\">\n";
$sCode .= "        <div class=\"modrowleft\"><input type=\"submit\" name=\"submit\" value=\"Scan\" class=\"submit\"> <input type=\"submit\" name=\"submit\" value=\"Dump Log\"> <input type=\"submit\" name=\"submit\" value=\"Truncate Log\"></div>\n";
$sCode .= "    </div>\n";
$sCode .= "</div>\n";
$sCode .= "</form>\n";
?>