URL Vulnerability Checker

noize · 06-24-2013, 08:00 PM

(06-24-2013, 07:51 PM)RootTheSystem Wrote:
(06-24-2013, 12:21 PM)noize Wrote:
(06-24-2013, 11:51 AM)RootTheSystem Wrote:
(06-24-2013, 08:15 AM)noize Wrote: Why not replacing "it must have http:// in front of your URL" with your program replacing the URL variable with "http://" + the input URL variable?

Code:
Imports System.Net Imports System.IO Imports System.Text Imports System.Security.Cryptography Imports System.Text.RegularExpressions Module Module1 Function Greetings() Console.WriteLine(" ___________________________________________ ") Console.WriteLine(" | HackCommunity URL Vulnerability Checker |") Console.WriteLine(" | |") Console.WriteLine(" | Coded by RootTheSystem |") Console.WriteLine(" | |") Console.WriteLine(" | www.hackcommunity.com |") Console.WriteLine(" |___________________________________________|") Console.WriteLine("") Console.WriteLine("") End Function Function Tara2(ByVal url As String) If (sqlInj(url) = 1) Then Console.WriteLine("Probable Sql Injection Vulnerability Found! => " & url & vbCrLf) End If If (XSS(url) = 1) Then Console.WriteLine("Probable Cross Site Scripting Vulnerability Found! => " & url & vbCrLf) End If If (Csrf(url) = 1) Then Console.WriteLine("Probable Cross Site Request Forcery Vulnerability Found! => " & url & vbCrLf) End If If (fileInclude(url) = 1) Then Console.WriteLine("Probable File Inclusion Vulnerability Found! => " & url & vbCrLf) End If Console.WriteLine("Scanning Done!") End Function Function GetHref(ByVal host As String) Dim output = "" Try Dim htmldata = istekGonder(host) Dim x As New Regex("href=(['""])(?!.+://)(?<url>.+?)\1", RegexOptions.IgnoreCase) Dim mx As MatchCollection = x.Matches(htmldata) For Each MItem As Match In mx Dim link = MItem.Value If Not link = Nothing Then link = link.Replace("//", "") link = link.Replace("href='", "") link = link.Replace("href=""", "") link = link.Replace("'", "") link = link.Replace("""", "") Dim decoded = URLDecode(link) output &= decoded & vbCrLf End If Next Return output Catch ex As Exception MsgBox(ex.Message) End Try End Function Public Function URLDecode(StringToDecode As String) As String Dim TempAns As String Dim CurChr As Integer CurChr = 1 Do Until CurChr - 1 = Len(StringToDecode) Select Case Mid(StringToDecode, CurChr, 1) Case "+" TempAns = TempAns & " " Case "%" TempAns = TempAns & Chr(Val("&h" & _ Mid(StringToDecode, CurChr + 1, 2))) CurChr = CurChr + 2 Case Else TempAns = TempAns & Mid(StringToDecode, CurChr, 1) End Select CurChr = CurChr + 1 Loop URLDecode = TempAns End Function Function istekGonder(ByVal site As String) Try Dim webStream As Stream Dim webResponse = "" Dim istek As HttpWebRequest Dim cevap As HttpWebResponse istek = WebRequest.Create(site) istek.Method = "GET" cevap = istek.GetResponse() webStream = cevap.GetResponseStream Dim webStreamReader As New StreamReader(webStream) While webStreamReader.Peek >= 0 webResponse = webStreamReader.ReadToEnd() End While Return webResponse Catch ex As Exception Return 0 End Try End Function Function sqlInj(ByVal url As String) Try Dim hash1 = istekGonder(url) Dim hash2 = istekGonder(url & "'") If Not hash1 = hash2 Then Return 1 Else Return 0 End If Catch ex As Exception Console.WriteLine("Scanning Done!") End Try End Function Function fileInclude(ByVal url As String) Try Dim response = istekGonder(url & "somefilethatneverexist.php") If response.ToString.Contains("Warning: include") Then Return 1 Else Return 0 End If Catch ex As Exception Console.WriteLine("Scanning Done!") End Try End Function Function XSS(ByVal url As String) Try Dim response = istekGonder(url & "<hackcom></hackcom>") If response.ToString.Contains("<hackcom></hackcom>") Then Return 1 Else Return 0 End If Catch ex As Exception Console.WriteLine("Scanning Done!") End Try End Function Function Csrf(ByVal url As String) Try Dim response = istekGonder(url) If Not response.ToString.Contains("<input type=""hidden""") Then Return 1 Else Return 0 End If Catch ex As Exception Console.WriteLine("Scanning Done!") End Try End Function Sub Main() Greetings() Dim url As String start: Console.WriteLine("Enter the URL that will be checked (ex: http://www.site.com/index.php?id=11)") Console.WriteLine("") url = Console.ReadLine("http://") If Not url.ToString.Substring(0, 7) = "http://" Then url = "http://" + url End If Console.WriteLine("") Console.WriteLine("URL Scanning...") Console.WriteLine("----------------------------------------------------------------------") Tara2(url) Console.WriteLine("") GoTo start Console.ReadLine() End Sub End Module

Look at the above code. I'm not sure that it is the correct syntax for a negative IF statement, (all my edits are in Main()) but I think so, looking at the rest of the code (I'm not a VB.NET coder). Whatever, I just edited the ReadLine function so that the user's variable will begin with http:// if it is not added (the user should type "http://http://" to have it start with "http://" as long as I added it before the input line. This means the user will hardly add it, but I added a check that will add it itself if missing). I also tried to center some more the initial header.

Just change this line;

Code:
url = Console.ReadLine("http://")
like this;

Code:
url = Console.ReadLine()

Hm, you're saying that it won't work like that (with "http://", like I did in my edit)? If not, I'm not getting what you mean.

I don't know if there is a usage like Console.Readline("http://") I use just the Console.Readline() then check the first 7 digits of input.

That's definitely fine if you leave Console.Readline() (I don't really think the way I put it would work) but I'm just to add a "http://" in case missing instead of asking the user to do it itself (have a look at my code).

Quote:
(06-24-2013, 07:39 PM)RA1N Wrote: Pretty basic, you should try adding some actual testing into it. Such as if you were to try a basic SQLi attack to test if it redirects you.

I know It's pretty basic I'm thinking to developp it and add a webcrawler maybe?

That would be cooler.

URL Vulnerability Checker
Author Message