PYTHON SCRIPT FOR AUDITING ROBOTS.TXT

Before one year i wrote different  methods to exploit robots.txt file; you can find it here. Sometimes, due to weak directory permission you can get into dis-allowed directory from robots.txt.This python script  check the HTTP status code of each Disallow entry in order to check automatically if these directories are available or not.For Original article click here.
It require python3 and urlib3 module.
git clone https://github.com/behindthefirewalls/Parsero.git
cd Parsero
python3 parsero.py -h
python3 parsero.py -u localhost/mutillidae
Exploit Robots.txt
Auditing Robots.txt
Now you can see that which dis-allowed directory is allowed , it means for which we got HTTP-status code 200.

Comments

Post a Comment

Popular posts from this blog

SOME COOL GOOGLE DORK

Symlink dork. Code: inurl:/sym/root/ & intext:"Parent Directory" c99shell dork. Code: inurl:(shell.php | c99.php) Encoder Bind Proc. FTP brute Sec. SQL PHP-code Feedback Self remove Logout c99shell dork(2). Code: inurl:(shell.php | c99.php) intitle:c99shell Encoder Bind Proc. FTP brute Sec. SQL PHP-code Feedback Self remove Logout WordPress MySQL details. Code: inurl:(wp-config.conf | wp-config.txt) ext:(conf | txt | config) Databases username && passwords. Code: inurl:/includes/ & ext:inc & inurl:connect | inurl:dbconnect & -site:phpkode.com Phish The Phisher Code: filetype:txt & intext:"email=" & intext:"pass=" & intext:"charset_test=" phpmyadmin exploit Code: allinurl:index.php?db=information_schema Here is list of other google dork.  Download here .
Read more

HOW TO GET PLAIN TEXT SOURCE FROM SHC COMPLIED BASH SCRIPT ?.

Image
Shc is used to protect your shell script from modification or inspection. If you created bash script want to distribute it , but dono`t want them to easily readble by other people , then you can use it. First We See How To Compiled Bash Script To Binary? wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.7.tgz tar -xvzf shc-3.8.7.tgz cd shc-3.8.7 make ./shc You can see shc usage message. shc Usage: shc [-e date] [-m addr] [-i iopt] [-x cmnd] [-l lopt] [-rvDTCAh] -f script Now we have script which we want to convert in binary. ./shc -f /script_path So now you can see that it will convert plain text bash source into binary which extension is  .sh.x. How To Retrieve Plain Text From Binary? The shc compiled binary decrypts and loads the script into memory when started right after we started the binary, just segfault it and retrieve our script from the core dump. Core dumps are often used to  debug errors in Linux...
Read more

HOW TO EXPLOIT ROBOTS.TXT?

Image
What Is Robots.Txt? Robots.txt is a file that contain path which cannot crawled by bot most of time search-engine bots like google bot or etc. It tells search-engine that this directory is private & can not be crawled by them. If yo are site owner & want to make robots.txt file , then go following link , it will create robots.txt file for you. http://www.mcanerin.com/EN/search-engine/robots-txt.asp so just for now , robots.txt is pretty much what websites use to block certain pages from search engines. Here is a sample :  http://www.whitehouse.gov/robots.txt First Method Now this method is very rare & the web-master would have to be stupid to do this, but you'll be surprised how many stupid people there are in the world. This one is simple, go to one of the disallowed directories & look in the source. Sometimes web-master leave comments there to give hints like passwords/ or user-names. You never know you might find something juicy. :] With this info you could...
Read more