XCode SQL Injection/LFI/XSS Vulnurable & Webshell Scanner
XCode SQLI/LFI/XSS Vulnurable & webshell Scanner
Download XCode Exploits Scanner [December 2011]
Whats new?
This tool has been downloaded more than 3000 times since its first version was launched, we provide the opportunity for users to participate in sharing and of course there are special advantages where you also put your web banner on this tool.
USAGE:
Once downloaded, extract all the files and run XCodeXploitScanner.exe, insert your dork, Click Dork It and it will collect links from Dork you enter and displays the list. after displaying List, you will be able to conduct SQL injection vulnerability scanning / Local File Inclusion / Cross Site Scripting on the web that is in the list. This tool will send the injection parameters to the web as’ – * /../../../../../../../../../../../../. . / .. / etc / passwd% 00 “> alert (” XSS Xcode Exploit Scanner detected “). If the Web has a bug then the status will appear: www.target.com?blabla.php?=1234: SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../. . / .. / etc / passwd% 00 LFI Vulnerable
www.target.com?blabla.php?=1234 “> alert (” XXS Xcode Exploit Scanner Detected “) XSS Vulnerable
At the status list is detected, you can click Open Vuln Link with Browser to display on your browser
This tool also adds webshell hunter, where you can search the web shell C99, R57, C100, ITsecteam_shell, b374k, which had been uploaded by the hackers.
If the list of “Google results” do not bring results, you can try some tricks
[1] change the search path from “/cse?FORID:1&q=” to “/search?Q=”
[2] Click “Show Captcha“, fill in the code.
[3] change the google domain, example: from com to co.id , com.br, fr, co.th, com.ch or etc
Perhaps there are many shortcomings or bugs are not known by the author. But at least this tool you can make it easier to find targets.
Hopefully Helpful
PENGGUNAAN
Setelah download, ekstrak semua filenya dan jalankan XCodeXploitScanner.exe, Klik Dork It dan Tool ini akan mengumpulkan Link dari Dork yang anda masukkan kemudian menampilkan listnya. setelah selesai menampilkan List, Anda akan bisa melakukan scanning kerentanan SQL injection/Local File Inclusion/Cross Site Scripting pada web yang ada di list. Tool ini akan mengirimkan parameter injeksi ke web seperti ‘ – * /../../../../../../../../../../../../../../etc/passwd , “>alert(“XSS DETECTED XCode Exploit Scanner”) . Jika Web tersebut memiliki bug maka di status akan muncul : www.target.com?blabla.php?=1234 : SQLi Vulnerable.
www.target.com?blabla.php?=1234/../../../../../../../../../../../../../../etc/passwd LFI Vulnerable
www.target.com?blabla.php?=1234″>alert(“XXS DETECTED XCode Exploit Scanner”) XSS Vulnerable
Pada status list yang terdeteksi, anda bisa klik Open Vuln Link with Browser untuk menampilkan web pada browser anda
Tool ini juga menambahkan webshell hunter, dimana anda bisa mencari web shell c99, r57, c100, ITsecteam_shell, b374k, yang telah diupload oleh hacker.
Jika pada daftar “Google results” tidak memunculkan hasil, coba beberapa trik dibawah ini:
[1] ganti search path dari “/cse?FORID:1&q=” ke “/search?q=”
[2] klik “Show captcha” dan isi kode bypass tersebut.
[3] ganti domain google contoh: dari com to co.id , com.br, fr, co.th, com.ch dan lain sebagainya
Mungkin masih banyak kekurangan atau Bug yang belum diketahui oleh penulis. Tapi setidaknya tool ini bisa mempermudah anda untuk mencari target.
Semoga Berguna
Screen Shot
LFI Vulnerable
Web Shell Hunter
Video penggunaan
================================================================
Credits:
Code name : .::XCode Exploit – Vulnurable & webshell Scanner::.
Description : – SQLI/LFI/XSS/Webshell Hunter with Google Engine -
Compiler : Microsoft Visual Basic 6.0
Author : poni
System : Windows 95, 98, XP, Vista, 7
Size : 1,38 mb
Update : I`m not sure where will i put it. Just
check the sites below
http://www.xcode.or.id
================================================================
Info :
XCode Exploit – Vulnurable & webshell Scanner help you to
gather the dorks Link from Google. then you may check the
results if its Vulnurable to exploit with SQL injection commands
, LFI,and XSS. And You may hunt the webshells those uploaded.
=================================================================
Tidak ada komentar:
Posting Komentar