2017 © Pedro Peláez
 

library avenger-sh

AsZone Component - Search Hacking Tool

image

aszone/avenger-sh

AsZone Component - Search Hacking Tool

  • Friday, June 2, 2017
  • by aszone
  • Repository
  • 18 Watchers
  • 212 Stars
  • 319 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 34 Forks
  • 3 Open issues
  • 6 Versions
  • 2 % Grown

The README.md

PHP Avenger

PHP Avenger is a modern collection of open source tools written in PHP with focus in security and hacking., (*1)

Beta

  • PHP Avenger sh ( Search Engine )

Future Implementation

  • PHP Avenger bt ( Brute - Force )
  • PHP Avenger sca ( State Code Analyse )
  • PHP Avenger pwp ( Plugin WordPress )
  • PHP Avenger cj ( Component Joomla )

PHP Avenger SH

Php Avenger sh is a open source tool with an idea based in a fork inurlbr by Cleiton Pinheiro. Basically PHP Avenger sh is a tool that automates the process of detecting possible vulnerabilities using mass scan and checking if the vulnerability is true or false. Php Avenger uses search engines like google, bing and others through dorks ( advanced search )., (*2)

Installation

The recommended way to install PHP Avenger is through Composer., (*3)

# Install Composer
curl -sS https://getcomposer.org/installer | php

Next, run the Composer command to install the latest beta version of Php Avenger SH:, (*4)

php composer.phar create-project aszone/avenger-sh
cd avenger-sh

Basic Usage

Use the commands bellow to init the process, results will be printed in the monitor and saved in a .txt file on folder results., (*5)

php avenger sh --dork="site:com.ar ext:sql password"

alt tag, (*6)

Check Sql Injection

php avenger sh --dork="site:com.ar inurl:php?id=" --check="sqli"

Result of Sql Injection

alt tag alt tag, (*7)

Check Local File Download

php avenger sh --dork="site:com.ar inurl:download.php?file=" --check="lfd"

Result of Local File Download

alt tag, (*8)

Check and Exploited Local File Download

This next command you will check vulnerabilities and extract files of server. The files will save in /results/exploits/lfd/, (*9)

php avenger sh --dork="site:com.mx inurl:download.php?file=" --check="lfd" --exploit="lfd"

Result of Extract Files

alt tag, (*10)

Video of Extract Files

Video of extract files, (*11)

Check is Admin Page

php avenger sh --dork="site:com.ar inurl:admin" --check="isAdmin"

Check is Admin Page and if Admin Page for WordPress get all users and start brute force

php avenger sh --dork="site:com inurl:wp-content/uploads" --check="isAdmin" --exploit="btwp"

Help for commands

php avenger sh

Details

Search Engines

  • Google
  • GoogleApi
  • Bing
  • DuckDuckGo
  • Yahoo
  • Yandex

Covered Vulnerabilities

  • Sql Injection (SQLI)
  • Local File Download (LFD)
  • Admin Page
  • Remote File Inclusion (RFI)
  • Cross-Site-Scripting (XSS)

Covered Exploits

  • Local File Download (LFD)
  • Brute Force for WordPress

Covered Vulnerabilities in next versions

  • Sensitive Files
    • Dump Files
    • Config Files
    • Open Folders

Features under development

  • Power Search
  • Send E-mail with results
  • Naming the .txt result file
  • Proxys
    • TOR
    • Site of Proxys
    • Virgin Proxies

Help and docs

The Versions

02/06 2017

dev-master

9999999-dev http://www.lenonleite.com.br

AsZone Component - Search Hacking Tool

  Sources   Download

MIT

The Requires

 

The Development Requires

search google yahoo bing hacking dork dorking hacker dukedukego

01/07 2016

0.1

0.1.0.0 http://www.lenonleite.com.br

AsZone Component - Search Hacking Tool

  Sources   Download

MIT

The Requires

 

by Thiago Dieb

search google yahoo bing hacking dork dorking hacker dukedukego