This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP URL Checker"

From OWASP
Jump to: navigation, search
Line 21: Line 21:
 
This tool will check a user defined website for potentially exploitable/ vulnerable URL's by comparing them against the URL extensions in the database, for instance if your target is http://google.com and in the database you have /wp-login.php it would then check if: http://google.com/wp-login.php is available on that site by checking the response. It's a form of of scanning to help you exploit and find weaknesses within the web server. The first time you run the tool it will create a database "restuls.txt" for you, and add a few URL parameters to get you started. But you can add to or change the database as much as you wish and therefore, it's as powerful as you'd like it to be. It gives you real time feedback and the option to save all the successful results. You'll also be happy to know it's open source, and I've also included a win32 compiled version (requires .NET 3.5+). Video tutorial here http://youtu.be/yvc4q7YWpdo
 
This tool will check a user defined website for potentially exploitable/ vulnerable URL's by comparing them against the URL extensions in the database, for instance if your target is http://google.com and in the database you have /wp-login.php it would then check if: http://google.com/wp-login.php is available on that site by checking the response. It's a form of of scanning to help you exploit and find weaknesses within the web server. The first time you run the tool it will create a database "restuls.txt" for you, and add a few URL parameters to get you started. But you can add to or change the database as much as you wish and therefore, it's as powerful as you'd like it to be. It gives you real time feedback and the option to save all the successful results. You'll also be happy to know it's open source, and I've also included a win32 compiled version (requires .NET 3.5+). Video tutorial here http://youtu.be/yvc4q7YWpdo
  
 
==Original source code upon release==
 
 
<pre>
 
#include<windows.h>
 
#include<iostream>
 
#include<fstream>
 
#include<string>
 
#include<wininet.h>
 
#include <limits>
 
 
using namespace std;
 
#pragma comment (lib, "wininet.lib")
 
 
//Simple function to return a bool value to check whether URL is valid
 
bool ValidURL(string url)
 
  {
 
  bool result = false;
 
 
  HINTERNET hSession = InternetOpen("ValidURL", INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);
 
  if (hSession != 0)
 
      {
 
      HINTERNET hFile = InternetOpenUrl(hSession, url.c_str(), 0, 0, INTERNET_FLAG_RELOAD, 0);
 
      if (hFile != 0)
 
        {
 
        int code = 0;
 
        DWORD codeLen = sizeof(int);
 
        HttpQueryInfo(hFile, HTTP_QUERY_STATUS_CODE | HTTP_QUERY_FLAG_NUMBER, &code, &codeLen, 0);
 
 
        result = code == HTTP_STATUS_OK || code == HTTP_STATUS_REDIRECT;
 
 
        InternetCloseHandle(hFile);
 
        }
 
 
      InternetCloseHandle(hSession);
 
      }
 
 
  return(result);
 
  }
 
 
 
 
int main()
 
{
 
 
//Just intro
 
SetConsoleTitle("Vulnerable URL checker 3.0 pentest edition by Dreamwalker");
 
SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);
 
    cout<<"----------------------------------------------------------------------------"<<endl;
 
    cout<<"\tVulnerable URL checker v3.0 pentest edition coded by Dreamwalker"<<endl;
 
cout<<"\t\t\thttp://Dream-Walker.weebly.com/"<<endl;
 
cout<<"----------------------------------------------------------------------------"<<endl;
 
 
 
    /*
 
This tool relies on the urls.txt file which is where is gets all the urls
 
from, essentially working like a database. Here we check if urls.txt exists.
 
If so, we continue to the scanning section, if not we create a new file and
 
add some basic URL extensions to it.
 
*/
 
 
 
 
  cout<<"Checking database...";
 
  ifstream reader("urls.txt",std::ios::in);
 
  if(!reader.good())
 
  {
 
 
 
  cout<<"Database not found, writing a new one...";
 
  ofstream writer("urls.txt",ios::app);
 
 
          //write some basic url extensions to our new database
 
  string defaulturls[20] = {"/robots.txt","/wp-login.php","/login/","/login.php","/admin.asp","/adm/",
 
          "/admin/","/admin.php","/admin/home.php","/admin/cp.asp","/_vti_pvt/","/_vti_pvt/service.pwd","/_vti_inf.html","/cgi-bin/",
 
  "/~root","/cache/","/sitemap.xml","/index.php?catid=","/index.php?id=","/login.shtml"};
 
  for(int i = 0; i < 20; i++)
 
          writer<<defaulturls[i]<<endl;
 
  writer.close();
 
 
  //wait 20 seconds, and inform user they need to restart so db can be loaded into mem correctly, then exit
 
  cout<<"DONE\nA new database \"urls.txt\" has now been created, please restart this tool"<<endl;
 
  cout<<"I will automatically close in 20 seconds..."<<endl;
 
  Sleep(20000);
 
  reader.close();
 
  return 0;
 
 
  }
 
  if(!reader)
 
  {
 
  cout<<"\nError reading database, ensure urls.txt is in\n"
 
  "the same directory as this application, if you do\n"
 
  "and it still isn't working, try running this program\n"
 
  "as Administrator as it could be an access error\n\nclosing..."<<endl;
 
  Sleep(20000);
 
  return-1;
 
 
  }cout<<"DONE!"<<endl;
 
 
 
  //-------------File handling all sorted---------------//
 
 
     
 
      //!TODO: the file_url array param needs updating to the MAX allowed
 
  string original_input_url, file_url[20000], full_url, successes;
 
 
   
 
      cout<<"Enter full URL (ignore last forward slash, for instance http://google.com):\n>";
 
      cin>>original_input_url;
 
     
 
      //PERFORM INITIAL CHECK TO SEE IF URL IS VALID
 
      cout<<"Performing check to see if website is valid"<<endl;
 
 
 
 
    if(ValidURL(original_input_url) == false)
 
    {
 
      cout<<"Invalid URL, closing..."<<endl;
 
      Sleep(10000);
 
      return 0;
 
    }
 
    else cout<<"That worked, now scanning files/directories..."<<endl;
 
cout<<"\n##############################################################"<<endl;
 
 
 
 
    //NOW SCAN FILES/DIRECTORIES
 
int i = 0;
 
while (!reader.eof())
 
    {
 
  i++;
 
      getline(reader,file_url[i]);
 
      full_url = original_input_url;
 
  full_url += file_url[i];
 
     
 
 
      if(ValidURL(full_url) == false)
 
      {
 
          SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),12);
 
          cout<<full_url<<" FAILED"<<endl;         
 
      }
 
      else
 
      {
 
          SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE),10);
 
          cout<<full_url<<" SUCCESS!"<<endl; 
 
  successes+=full_url+"\n";//store results for later saving
 
      }
 
 
  //temp: if url's are > 20000, then abort due to array bounds
 
  if(i >= 20000)
 
  {
 
  cout<<"Maximum URL's allowed reached, aborting..."<<endl;
 
  break;
 
  }
 
     
 
    }
 
   
 
      SetConsoleTextAttribute(GetStdHandle(STD_OUTPUT_HANDLE), 7);     
 
  cout<<"\n##############################################################\nFinished, do you want me to save the sucessful results? y/n:"<<endl;
 
  string answer;
 
  cin>>answer;
 
 
  //
 
  if((answer == "y") || (answer == "Y"))
 
  {
 
ofstream writer2("results.txt");
 
if(!writer2)
 
{
 
cout<<"Error writing file!"<<endl;
 
return -1;
 
}
 
writer2<<successes<<endl;
 
writer2.close();
 
cout<<"OK, your results are saved in \"results.txt\""<<endl;
 
  }
 
 
  cout<<"Closing..."<<endl;
 
 
      //sleep for a bit
 
  reader.close();
 
      Sleep(6000);
 
 
return 0;
 
 
 
}
 
 
</pre>
 
  
 
==Licensing==
 
==Licensing==

Revision as of 22:58, 24 June 2014

OWASP Project Header.jpg

OWASP URL Checker

Screen shot:

Urlscanscreen.jpeg


Introduction

An open source editable tool to scan websites for URL's which may lead to information divulging, exploits and common attack patterns.

Description

This tool will check a user defined website for potentially exploitable/ vulnerable URL's by comparing them against the URL extensions in the database, for instance if your target is http://google.com and in the database you have /wp-login.php it would then check if: http://google.com/wp-login.php is available on that site by checking the response. It's a form of of scanning to help you exploit and find weaknesses within the web server. The first time you run the tool it will create a database "restuls.txt" for you, and add a few URL parameters to get you started. But you can add to or change the database as much as you wish and therefore, it's as powerful as you'd like it to be. It gives you real time feedback and the option to save all the successful results. You'll also be happy to know it's open source, and I've also included a win32 compiled version (requires .NET 3.5+). Video tutorial here http://youtu.be/yvc4q7YWpdo


Licensing

OWASP URL Checker is free to use. It is licensed under the GNU GPL v3 license, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is URL Checker?

OWASP URL Checker provides:

  • .exe (executable) and *.cpp (source)



Project Leader

Craig Fox (OWASP email)

Dreamwalker Software

DWS sub-domain

Pentest Ltd

fb profile

Related Projects

Visit Dreamwalker software page here

Quick Download

Direct download server #1

Softpedia Secure Download (US)

Softpedia Secure Download (UK)


Email List

Sign up!


Classifications

New projects.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_URL_Checker&oldid=177508"