Image Base64_Encode

Black_H (Black_H) — Sun, 23 Mar 2008 19:46:13 GMT

// Encode pics in base64





## Config

$imgDir = './img/';

$banDir = array ('.','..');

$goodExt = array ('png','jpg','jpeg','gif'); -- A venir

## End Config





$img = '';

$case = '';

$handle = opendir($imgDir);



while ($file = readdir($handle)) 

{

	$ext = array_pop(explode('.', $file));



	if(!is_dir($file) && !in_array($file, $banDir) && in_array($ext, $goodExt)){

	

		$path = $imgDir.$file;

		$name = strrev(substr(strrev($file), 4));

		

		$img .= '$img_'.$name.' = <<< EOFILE'."
";

		$img .= base64_encode(file_get_contents($path))."
";

		$img .= 'EOFILE;'."
";

				

		$case .= 'case \'img_'.$name.'\' :'."
";

		$case .= 'header("Content-type: image/'.$ext.'");'."
";       

		$case .= 'echo base64_decode($img_'.$name.');'."
";       

		$case .= 'exit();'."
";   

		

		

	}



}

			print $img;		

				print "

";

			print $case;

			



?>

ARGV Parser

Black_H (Black_H) — Sun, 03 Feb 2008 20:24:59 GMT

This function parse ARGV and return a string.
See exemples for more informations :

// Go : http://blackh.badfile.net/wordz/

Function :



  def options(param)

  

	i = 0

		ARGV.each  { |valeur|

		

    		if (valeur == '-' + param.to_s)

				return ARGV[i+1]

			elseif (valeur != '-' + param.to_s)

				return false

			end

		i += 1

		}

		

   end

Usage :

// cmd> ruby test.rb -o foo





	out =  self.options('o')



	if (out != false and out.empty? == false)

                   puts out # print -> foo

	end

bScan - Simple Web Aplications Scanner

Black_H (Black_H) — Sun, 03 Feb 2008 11:51:05 GMT

// Web application scanner (ex: phpBB, myCMS, myBlog, mySite etc..) - Only in PHP !
// Find XSS, sql injection, remote file inclusion



#####################################################################################

#	Black_H  / Nooz -- 30:01:07 

#	Bl4ck.H<>gmail<>com

#



class BScan



#####################################################################################

#	Regex

#



@@space    = '([[:space:]]*)'



@@userdat  = '('

@@userdat += '(\$_SERVER\[([\'\"]*)HTTP_)|'

@@userdat += '(\$_GET)|'

@@userdat += '(\$_POST)|'

@@userdat += '(\$_COOKIE)|'

@@userdat += '(\$_REQUEST)|'

@@userdat += '(\$_FILES)|'

@@userdat += '(\$_ENV)|'

@@userdat += '(\$_HTTP_COOKIE_VARS)|'

@@userdat += '(\$_HTTP_ENV_VARS)|'

@@userdat += '(\$_HTTP_GET_VARS)|'

@@userdat += '(\$_HTTP_POST_FILES)|'

@@userdat += '(\$_HTTP_POST_VARS)|'

@@userdat += '(\$_HTTP_SERVER_VARS\[([\'\"]*)HTTP_)'

@@userdat += ')'



@@regex = Hash.new

@@regex = 

	{'TYPE' => 'vars overwrite','LEVEL' => '2','REGEX' => /extract#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'vars overwrite','LEVEL' => '2','REGEX' => /import_request_variables#{@@space}\((.*)\)/i},

	{'TYPE' => 'fopen vuln','LEVEL' => '3','REGEX' => /fopen#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'copy vuln','LEVEL' => '3','REGEX' => /copy#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'fwrite vuln','LEVEL' => '3','REGEX' => /fwrite#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'sql injection','LEVEL' => '2','REGEX' => /(mysql_query|mssql_query|mysqli_query)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'crlf injection','LEVEL' => '1','REGEX' => /mail#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'cross site scripting','LEVEL' => '1','REGEX' => /\<\?\=#{@@space}(.*)#{@@userdat}/i},

	{'TYPE' => 'cross site scripting','LEVEL' => '1','REGEX' => /(print|echo|print_r|var_dump)#{@@space}(|\(|\")(.*)#{@@userdat}/i},

	{'TYPE' => 'php code execution','LEVEL' => '3','REGEX' => /eval#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'php code execution','LEVEL' => '3','REGEX' => /file_put_contents#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'variable attribution', 'LEVEL' => '2','REGEX' => /(.*)\$#{@@userdat}(.*)/i},

	{'TYPE' => 'chmod affectation','LEVEL' => '1','REGEX' => /chmod#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'file disclosure','LEVEL' => '2','REGEX' => /(readfile|file_get_contents|file)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'file disclosure','LEVEL' => '2','REGEX' => /(show_source|highlight_file)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'bzopen vuln','LEVEL' => '2','REGEX' => /bzopen#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'file deletion','LEVEL' => '2','REGEX' => /(rmdir|unlink|delete)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'command execution','LEVEL' => '3','REGEX' => /(exec|system|passthru|shell_exec|proc_open|pcntl_exec)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'buffer overflow','LEVEL' => '3','REGEX' => /(confirm_phpdoc_compiled|mssql_pconnect|mssql_connect|crack_opendict|snmpget|ibase_connect)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'ip falsification','LEVEL' => '1','REGEX' => /(.*)(HTTP_CLIENT_IP|HTTP_X_FORWARDED_FOR|HTTP_PC_REMOTE_ADDR)(.*)/i},

	{'TYPE' => 'putenv vuln','LEVEL' => '2','REGEX' => /putenv#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'full path disclosure','LEVEL' => '1','REGEX' => /(htmlentities|htmlspecialchars)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'magic_quotes_gpc bypass','LEVEL' => '1','REGEX' => /(stripslashes|urldecode)#{@@space}\((.*)#{@@userdat}(.*)\)/i},

	{'TYPE' => 'file inclusion','LEVEL' => '3','REGEX' => /(include|include_once|require|require_once)#{@@space}(|\(|\")(.*)#{@@userdat}/i}



#####################################################################################

#	Main

#



  def initialize()



	################

	#	Usage



if (ARGV.length < 4)

puts  '

 ---------------------------------------------------------------------

|             Credits: Black_H                     |

|                 URL: Lemon-Inside.sup.fr                            |

|                Note: Premier code Ruby                              |

 ---------------------------------------------------------------------



 ---------------------------------------------------------------------

|   Usage:  scan.rb -d  -i                        |

|   Ex:  scan.rb -d ./ -i output.html                                 |

 ---------------------------------------------------------------------		

 '

 end

 

	################

	#	Options & Vars

	

	@@scan_alldir =  self.options('d')

	@@out_file =  self.options('i')

	

	@@ban = [".", "..", "scan.rb", @@out_file.to_s]



	@@scan_buffer = Array.new

	

	################

	#	Options Error ?

	

	if (@@scan_alldir != false and @@scan_alldir.empty? == false)

	self.dscan(@@scan_alldir)

	self.output(@@scan_buffer)

	@@scan_buffer = ''

	end





	



  end



#####################################################################################

#	Dir Scan 

#

  

  def dscan(dir)

      

	d = Dir.open(dir.to_s)

	d = d.sort - @@ban

	

      d.each { |fichier|



      case File.ftype(dir+fichier)

        when "directory"

          self.dscan(dir + fichier + "/")

        when "file"

		  puts  'Scan => ' + dir + fichier 

          self.fscan(dir + fichier)

      end



	  }

  end



#####################################################################################

#	File Scan 

#

  

  def fscan(file)



	fichier = File.readlines(file)

	i = 1



	fichier.each { |line|

						

		@@regex.each  { |info|

			

			test = (line  =~ info['REGEX']) 

		

				if (test) 

			

				@@scan_buffer += ['FILE' => file, 'LINE' => i.to_s, 'MATCH' => line, 'LEVEL' => info['LEVEL'], 'TYPE' => info['TYPE']]

				#	5 , 1 , 3 , 4 , 2

				next @@scan_buffer

				end

		}



	i += 1

  	} 

	

  end



#####################################################################################

#	Output buffer

#

  

  def output(buffer)

  

	@html_hmodel = ''

	@html_hmodel += 'BScan v1.0
'



	code = @html_hmodel

	

	buffer.each { |infos|

	

	keys = infos.keys

	code += "" + keys[1].to_s + ' : ' + infos["TYPE"] + '
'

	code += "" + keys[3].to_s + ' : ' + infos["LEVEL"] + '
'

	code += "" + keys[4].to_s + ' : ' + infos["FILE"] + '
'

	code += "" + keys[0].to_s + ' : ' + infos["LINE"] + '
'

	code += "" + keys[2].to_s + ' : ' + infos["MATCH"] + '
'

	



	}

		code += ""

		fhtml = File.open(@@out_file.to_s, "w")

		fhtml.write code

		code = ''



	

  end

#####################################################################################

#	Parse & Get Options

#

 

  def options(param)

  

	i = 0

		ARGV.each  { |valeur|

		

    		if (valeur == '-' + param.to_s)

				return ARGV[i+1]

			elseif (valeur != '-' + param.to_s)

				return false

			end

		i += 1

		}

		

	end

  

end



scan = BScan.new

DZone Snippets: Black_h's Code Snippets

Image Base64_Encode

ARGV Parser

bScan - Simple Web Aplications Scanner

BScan v1.0