Category Archives: Scanning Scripts

How to use WPScan WordPress Scan Kali Linux Vulnerability Scan + Snort Rule Example

Running a wordpress site means that you have to always be on the ball when it comes to updating your plugins, themes and wordpress itself. It is a good idea to scan yourself on a regular basis using simple Kali built in tools such as wpscan and sqlmap. You don’t have to be too intrusive… Read More »

Share Button

Syhunt Web Backdoor Scanner .LUA or .EXE – Easy Customization and Configuration

So I found this neat little script laying around, it makes looking for backdoors and webshells on webservers a cake walk. Backdoors are always changing and different hacker groups rename common backdoors so you can update this script with new intel in two seconds. To add a new filename to search simple add /newfilename in… Read More »

Share Button

Simple Python List that checks a file list to see if a webserver HTTP is running

#!/usr/bin/python import sys, httplib def main(host, path): try:# make a http HEAD request h = httplib.HTTP(host) h.putrequest(“HEAD”, “/”+path.strip(“n”)) h.putheader(“Host”, host) h.endheaders() status, reason, headers = h.getreply() print “[+]”,host+”/”+path.strip(“n”),”:”,status, reason except: print “[-] Error Occurred” pass if len(sys.argv) != 2: print “Usage: ./getresp.py <list of sites>” sys.exit(1) print “n d3hydr8[at]gmail[dot]com getResp v1.0” print “———————————————-” try: list1… Read More »

Share Button

Python Script to scan for vulnerable servers allowing SQL Injection

#!/usr/bin/python import sys, httplib def main(host, path): try: conn = httplib.HTTPConnection(host) conn.request(“GET”, path) r1 = conn.getresponse() print “[+]”,host+path,”:”,r1.status, r1.reason except: print “[-] Error Occurred” pass if len(sys.argv) != 3: print “nUsage: ./sqlresp.py <site> <list of injections>” print “Example: ./sqlresp.py www.site.com/buy.php?id= injections.txtn” sys.exit(1) print “n d3hydr8[at]gmail[dot]com sqlResp v1.0” print “———————————————-” try: injects = open(sys.argv[2], “r”).readlines() except(IOError):… Read More »

Share Button

Simple Python Script to Scan for MySQL servers running without a ROOT password set

#!/usr/bin/env python import MySQLdb, random, sys def randip(): A = random.randrange(255) + 1 B = random.randrange(255) + 1 C = random.randrange(255) + 1 D = random.randrange(255) + 1 ip = “%d.%d.%d.%d” % (A,B,C,D) return ip def title(): print “n d3hydr8[at]gmail[dot]com MySQL_default v1.0” print “————————————————-” #Add or subract users here. users = [“root”,”admin”,”administrator”] if len(sys.argv) <=… Read More »

Share Button