+- Sinisterly (https://sinister.ly)
+-- Forum: Coding (https://sinister.ly/Forum-Coding)
+--- Forum: Visual Basic & .NET Framework (https://sinister.ly/Forum-Visual-Basic-NET-Framework)
+--- Thread: URL Vulnerability Checker (/Thread-URL-Vulnerability-Checker)
Pages:
1
2
URL Vulnerability Checker - Boomslang - 06-23-2013
Hello HC!
I've made an URL Vulnerability Checker in VB.NET feel free to fix my mistakes
Click here to download.Virustotal result.
Picture of the programme:
![[Image: pj1xb.png]](http://j1306.hizliresim.com/1b/s/pj1xb.png)
Source Code:
Code:
Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded_by_RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine()
If url.ToString.Substring(0, 7) = "http://" Then
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Else
Console.WriteLine("It must have http:// front of your URL!!")
Console.WriteLine("")
GoTo start
End If
Console.ReadLine()
End Sub
End ModuleRE: URL Vulnerability Checker - zero-uplink - 06-24-2013
Nice one dude.
I'm working on a sql vulnerability checker in python language.
I can get some ideas from your program. Thanks.
RE: URL Vulnerability Checker - noize - 06-24-2013
Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?
Code:
Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded by RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine("http://")
If Not url.ToString.Substring(0, 7) = "http://" Then
url = "http://" + url
End If
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Console.ReadLine()
End Sub
End ModuleLook at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.
RE: URL Vulnerability Checker - Boomslang - 06-24-2013
(06-24-2013, 08:15 AM)noize Wrote: Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?
Code:Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded by RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine("http://")
If Not url.ToString.Substring(0, 7) = "http://" Then
url = "http://" + url
End If
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Console.ReadLine()
End Sub
End Module
Look at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.
Just change this line;
Code:
url = Console.ReadLine("http://")Code:
url = Console.ReadLine()RE: URL Vulnerability Checker - noize - 06-24-2013
(06-24-2013, 11:51 AM)RootTheSystem Wrote:(06-24-2013, 08:15 AM)noize Wrote: Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?
Code:Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded by RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine("http://")
If Not url.ToString.Substring(0, 7) = "http://" Then
url = "http://" + url
End If
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Console.ReadLine()
End Sub
End Module
Look at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.
Just change this line;
like this;Code:url = Console.ReadLine("http://")
Code:url = Console.ReadLine()
Hm, you're saying that it won't work like that (with "http://", like I did in my edit)? If not, I'm not getting what you mean.
RE: URL Vulnerability Checker - RA1N - 06-24-2013
Pretty basic, you should try adding some actual testing into it. Such as if you were to try a basic SQLi attack to test if it redirects you.
RE: URL Vulnerability Checker - Boomslang - 06-24-2013
(06-24-2013, 12:21 PM)noize Wrote:(06-24-2013, 11:51 AM)RootTheSystem Wrote:(06-24-2013, 08:15 AM)noize Wrote: Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?
Code:Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded by RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine("http://")
If Not url.ToString.Substring(0, 7) = "http://" Then
url = "http://" + url
End If
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Console.ReadLine()
End Sub
End Module
Look at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.
Just change this line;
like this;Code:url = Console.ReadLine("http://")
Code:url = Console.ReadLine()
Hm, you're saying that it won't work like that (with "http://", like I did in my edit)? If not, I'm not getting what you mean.
I don't know if there is a usage like Console.Readline("http://") I use just the Console.Readline() then check the first 7 digits of input.
(06-24-2013, 07:39 PM)RA1N Wrote: Pretty basic, you should try adding some actual testing into it. Such as if you were to try a basic SQLi attack to test if it redirects you.
I know It's pretty basic
I'm thinking to develop it and add a webcrawler maybe?
RE: URL Vulnerability Checker - noize - 06-24-2013
(06-24-2013, 07:51 PM)RootTheSystem Wrote:(06-24-2013, 12:21 PM)noize Wrote:(06-24-2013, 11:51 AM)RootTheSystem Wrote:(06-24-2013, 08:15 AM)noize Wrote: Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?
Code:Imports System.Net
Imports System.IO
Imports System.Text
Imports System.Security.Cryptography
Imports System.Text.RegularExpressions
Module Module1
Function Greetings()
Console.WriteLine(" ___________________________________________ ")
Console.WriteLine(" | HackCommunity URL Vulnerability Checker |")
Console.WriteLine(" | |")
Console.WriteLine(" | Coded by RootTheSystem |")
Console.WriteLine(" | |")
Console.WriteLine(" | www.hackcommunity.com |")
Console.WriteLine(" |___________________________________________|")
Console.WriteLine("")
Console.WriteLine("")
End Function
Function Tara2(ByVal url As String)
If (sqlInj(url) = 1) Then
Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf)
End If
If (XSS(url) = 1) Then
Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf)
End If
If (Csrf(url) = 1) Then
Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf)
End If
If (fileInclude(url) = 1) Then
Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf)
End If
Console.WriteLine("Scanning Done!")
End Function
Function GetHref(ByVal host As String)
Dim output = ""
Try
Dim htmldata = istekGonder(host)
Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase)
Dim mx As MatchCollection = x.Matches(htmldata)
For Each MItem As Match In mx
Dim link = MItem.Value
If Not link = Nothing Then
link = link.Replace("//", "")
link = link.Replace("href='", "")
link = link.Replace("href=""", "")
link = link.Replace("'", "")
link = link.Replace("""", "")
Dim decoded = URLDecode(link)
output &= decoded & vbCrLf
End If
Next
Return output
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Function
Public Function URLDecode(StringToDecode As String) As String
Dim TempAns As String
Dim CurChr As Integer
CurChr = 1
Do Until CurChr - 1 = Len(StringToDecode)
Select Case Mid(StringToDecode, CurChr, 1)
Case "+"
TempAns = TempAns & " "
Case "%"
TempAns = TempAns & Chr(Val("&h" & _
Mid(StringToDecode, CurChr + 1, 2)))
CurChr = CurChr + 2
Case Else
TempAns = TempAns & Mid(StringToDecode, CurChr, 1)
End Select
CurChr = CurChr + 1
Loop
URLDecode = TempAns
End Function
Function istekGonder(ByVal site As String)
Try
Dim webStream As Stream
Dim webResponse = ""
Dim istek As HttpWebRequest
Dim cevap As HttpWebResponse
istek = WebRequest.Create(site)
istek.Method = "GET"
cevap = istek.GetResponse()
webStream = cevap.GetResponseStream
Dim webStreamReader As New StreamReader(webStream)
While webStreamReader.Peek >= 0
webResponse = webStreamReader.ReadToEnd()
End While
Return webResponse
Catch ex As Exception
Return 0
End Try
End Function
Function sqlInj(ByVal url As String)
Try
Dim hash1 = istekGonder(url)
Dim hash2 = istekGonder(url & "'")
If Not hash1 = hash2 Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function fileInclude(ByVal url As String)
Try
Dim response = istekGonder(url & "somefilethatneverexist.php")
If response.ToString.Contains("Warning: include") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function XSS(ByVal url As String)
Try
Dim response = istekGonder(url & "<hackcom></hackcom>")
If response.ToString.Contains("<hackcom></hackcom>") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Function Csrf(ByVal url As String)
Try
Dim response = istekGonder(url)
If Not response.ToString.Contains("<input type=""hidden""") Then
Return 1
Else
Return 0
End If
Catch ex As Exception
Console.WriteLine("Scanning Done!")
End Try
End Function
Sub Main()
Greetings()
Dim url As String
start:
Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)")
Console.WriteLine("")
url = Console.ReadLine("http://")
If Not url.ToString.Substring(0, 7) = "http://" Then
url = "http://" + url
End If
Console.WriteLine("")
Console.WriteLine("URL Scanning...")
Console.WriteLine("----------------------------------------------------------------------")
Tara2(url)
Console.WriteLine("")
GoTo start
Console.ReadLine()
End Sub
End Module
Look at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.
Just change this line;
like this;Code:url = Console.ReadLine("http://")
Code:url = Console.ReadLine()
Hm, you're saying that it won't work like that (with "http://", like I did in my edit)? If not, I'm not getting what you mean.
I don't know if there is a usage like Console.Readline("http://") I use just the Console.Readline() then check the first 7 digits of input.
That's definitely fine if you leave Console.Readline() (I don't really think the way I put it would work) but I'm just to add a "http://" in case missing instead of asking the user to do it itself (have a look at my code).
Quote:(06-24-2013, 07:39 PM)RA1N Wrote: Pretty basic, you should try adding some actual testing into it. Such as if you were to try a basic SQLi attack to test if it redirects you.
I know It's pretty basic
That would be cooler.
RE: URL Vulnerability Checker - The Alchemist - 06-25-2013
Not bad. You seem to be HQ.
About the scanner : As RA1N had said, it tests basic stuff. Try adding more.
RE: URL Vulnerability Checker - ArkPhaze - 06-25-2013
1. If you turned on Option Strict, you would see a ton of errors and warnings with this code being too implicit.
2. You're using a Function where some methods should really be Subs, becuse they don't return a value at all. The Function, Greetings() for instance only outputs to the console. How is this a proper function that expects a return value?
3. This is VB.net not VB6: In Function URLDecode...
Code:
URLDecode = TempAnsYou should use a Return here instead
4. You have mixed return values. In the IstekGonder Function for instance, You're returning both a string here and an Integer if an exception is caught.
5. You're not being explicit with your variables:
Code:
Dim webResponse = ""Which leads to my next point...
6. You're not using the As clause in places where it should be used; After function declarations, in variable declarations, etc...
7. You're main "method" of (poor) exception handling is with a Try Catch block. And with that i'll adivse you to read this page: http://msdn.microsoft.com/en-us/library/ms229005.aspx
8. Why are you returning 1's and 0's in places where a Boolean would probably be better?
9. You're not disposing of the underlying streams in some objects, specifically your WebRequests in this case, which is bad practice. If the GC decides to do a clean sweep, that is a computationally expensive process.
10. In your Main() Sub, that last Console.ReadLine() is unreachable code because you're using a goto that always loops back to the label before reading that method. And this leads me to the last of the points that I'll make about this code...
11. You shouldn't be using a goto here...
There are others, but you're not going to understand them if you're making mistakes like this in your code, so I won't post them for now.
Other than that, my criticism here is not intended to be insulting, so take it as feedback and as advice. I wrote this post out while I was looking through your code, so it's a mention of just some of the things I've noticed. If I wrote a program like this, I would probably make it plugin based, because this is only a fraction of the amount of vulnerabilities that could be looked for... And there's no reason to hard code the checking functionality for each and every one of them, because newer exploits and vulnerability methods come out all the time.