Rod - Find admin pages of website

#include <stdio.h> #include <string.h> #include <stdlib.h> #include <sys/socket.h> #include <arpa/inet.h> #include <netdb.h> #include <errno.h> #include <time.h> #include <fcntl.h> #include <unistd.h> //constants #define URL_MAX_SIZE 100 #define LINE_MAX_SIZE 80 #define MAX_PATHS 500 //Change it if you add new paths #define BUFFER_REQUEST 100 #define BUFFER_RESPONSE 300 #define MAX_TIMEOUT 2000 //functions void help(); void info(); void check_arguments(int argc, char* argv[]); void load_list(); int hostname_to_ip(char *, char *); int get_head(char* path, char* ip); void remove_newline_ch(char *line); //variables int timeout = 0; int list_size = 0; int verbose = 0; int count = -1; char url[URL_MAX_SIZE]; char paths[MAX_PATHS][LINE_MAX_SIZE]; char ip[100]; char bingo[MAX_PATHS][LINE_MAX_SIZE]; //Final list of founded paths //check arguments, load paths from file, print informations int main(int argc, char* argv[]) { int i; int percent = 1; int status = 0; bzero(url, URL_MAX_SIZE); check_arguments(argc, argv); load_list(); srand(time(NULL)); int prev = 0; for(i=0; i<list_size; i++) { if(timeout != 0 && i%timeout == 0) { int n = rand() % MAX_TIMEOUT + 1; int n_sleep = n * 1000000000; printf("\tTimeout: %dms\n", n); nanosleep((struct timespec[]){{0, n_sleep}}, NULL); } if(get_head(paths[i], ip) != 1) { status++; if(status == 5) { printf("\nError: Server blocked connection!\n\n"); exit(0); } } else status = 0; percent = (i*100) / list_size; if(percent != prev) { printf("%d%% ", percent); fflush(stdout); prev = percent; } } printf("\n\nFinished!\n"); if(count >= 0) { printf("\nBingo!!! Paths:\n"); for(i=0; i<=count; i++) printf("%d. %s/%s\n", i+1, url, bingo[i]); } else printf("\n\nCan't find any admin path!\n"); printf("\n"); } //get response header and process it int get_head(char* path, char* ip) { int socket_desc; struct sockaddr_in server; char message[BUFFER_REQUEST]; char server_reply[BUFFER_RESPONSE]; int status = 1; socket_desc = socket(AF_INET, SOCK_STREAM, 0); if (socket_desc == -1) { printf("/nError: Could not create socket!\n\n"); exit(-1); } server.sin_addr.s_addr = inet_addr(ip); server.sin_family = AF_INET; server.sin_port = htons(80); if(connect(socket_desc , (struct sockaddr *)&server , sizeof(server)) < 0) { printf("\nError: Can't connect to host!\n\n"); exit(-1); } bzero(message,BUFFER_REQUEST); bzero(server_reply,BUFFER_RESPONSE); remove_newline_ch(path); strcat(message, "HEAD /"); strcat(message, path); strcat(message, " HTTP/1.1\r\n"); strcat(message, "Host: "); strcat(message, url); strcat(message, "\r\n\r\n"); if(send(socket_desc, message, strlen(message), 0) < 0) { printf("\nWarning: Can't connect ... %s\n", path); status = 0; } else { if(recv(socket_desc, server_reply, BUFFER_RESPONSE, 0) < 0) printf("\nWarning: Response failed!\n"); else { if(strstr(server_reply, "200") != NULL) { if(verbose == 1) printf("\nBINGO: %s - Status code: %d\n",path,200); strcpy(bingo[++count], path); } } } close(socket_desc); return status; } //load list of paths from file void load_list() { FILE *list; char line[LINE_MAX_SIZE]; int i = 0; list = fopen("rod_list", "r"); if(list == NULL) { printf("Problem with rod_list!"); exit(EXIT_FAILURE); } while (fgets(line,LINE_MAX_SIZE, list)!=NULL) { strcpy(paths[i], line); i++; } fclose(list); if(i == 0) { printf("Problem with rod_list!"); exit(EXIT_FAILURE); } list_size = i; } //Check program arguments void check_arguments(int argc, char* argv[]) { //Check general if(argc < 2 || argc > 6) { help(argv[0],1); exit(0); } //Check 1 - URL, HELP, INFO if(strcmp(argv[1],"-u") == 0) { strcpy(url, argv[2]); if(hostname_to_ip(url, ip) != 0) { help(argv[0],4); exit(0); } } else if(strcmp(argv[1],"-h") == 0) { help(argv[0],0); exit(0); } else if(strcmp(argv[1],"-i") == 0) { info(); exit(0); } else { help(argv[0],2); exit(0); } //Check timeout if(argc > 3) { if(argc == 6) { if(strcmp(argv[5], "-v") == 0) verbose = 1; else { help(argv[0],2); exit(0); } } if(argc == 4) { if(strcmp(argv[3], "-v") == 0) verbose = 1; else { help(argv[0],2); exit(0); } } else { if(strcmp(argv[3], "-t") == 0) { timeout = atoi(argv[4]); if(timeout == 0) { help(argv[0],3); exit(0); } } else { help(argv[0],3); exit(0); } } } } //print help informations void help(char* name, int error) { if(error == 1) printf("\nError: Missing arguments.\n\n"); else if(error == 2) printf("\nError: Bad arguments.\n\n"); else if(error == 3) printf("\nError: Bad timeout argument.\n\n"); else if(error == 4) printf("\nError: Can't resolve ip address of target.\n\n"); else printf("\n"); printf("Usage: %s -u <target> [-t <n>] [-v]\n\n", name); printf("\t-u <target> - target url (WITHOUT http://)\n"); printf("\t-t - fire timeout on every n connections\n"); printf("\t-t - display all informations\n\n"); printf("\t-i - about this tool\n"); printf("\t-h - this text\n\n"); printf("Example 1: %s -u pirotski.com\n", name); printf("Example 2: %s -u pirotski.com -v\n", name); printf("Example 3: %s -u pirotski.com -t 10\n", name); printf("Example 4: %s -u pirotski.com -t 15 -v\n\n", name); } //print info void info() { printf("\nAbout: Use this tool to find admin path on website\n"); printf("Contact: stonemanhero@gmail.com\n\n"); } //get ip address from hostname int hostname_to_ip(char * hostname , char* ip) { struct hostent *he; struct in_addr **addr_list; int i; if((he=gethostbyname(hostname)) == NULL) return 1; addr_list = (struct in_addr **) he->h_addr_list; for(i = 0; addr_list[i] != NULL; i++) { strcpy(ip , inet_ntoa(*addr_list[i]) ); return 0; } return 1; } //remove new line character from char array void remove_newline_ch(char *line) { int new_line = strlen(line)-1; //get length of array if (line[new_line] == '\n') //check if last character is new line line[new_line] = '\0'; //change last character with end of string character }