Description

Fuckshitup – FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url’s using search engines – and so, dork for interesting files and full path disclosures. Using list of url’s, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files – just like url’s, and any other files. FSU is based on PHP and text files, it’s still under construction so i am aware of any potential bugs. Fuckshitup ‘s Principle of operation is simple.

Options

   .---[SCAN]--------------------------[FILES]---------------------. 
   | scan - Do it!                 | search - DB's serch           |
   | multibruter - Brute dat bitch | show - Display specific file  |
   | brutefpds - Brute ssh w/ fpd  | clear - Remove duplicates     |
   | stat - Status                 | filter - Filter grab results  |
   |---[TARGET]------------------------[OTHERS]--------------------| 
   | massurl - Massive grabber     | top - Top sites scanner       |
   | dork - Well...                | cmd - Execute OS command      |
   | geturl - Grab url's           | help - Shit's right here      |
   | fpds - Grab fpds & users      | exit - Quits                  |
   '---------------------------------------------------------------'

Example

cyborg@cyborg:~$ fuckshitup-scanner 

     _____              __           .__    .__  __                
   _/ ____\_ __   ____ |  | __  _____|  |__ |__|/  |_ __ ________  
   \   __\  |  \_/ ___\|  |/ / /  ___/  |  \|  \   __\  |  \____ \ 
    |  | |  |  /\  \___|    <  \___ \|   Y  \  ||  | |  |  /  |_> >
    |__| |____/  \___  >__|_ \/____  >___|  /__||__| |____/|   __/ 
                     \/     \/     \/     \/               |__|  v0.1

   .---[SCAN]--------------------------[FILES]---------------------. 
   | scan - Do it!                 | search - DB's serch           |
   | multibruter - Brute dat bitch | show - Display specific file  |
   | brutefpds - Brute ssh w/ fpd  | clear - Remove duplicates     |
   | stat - Status                 | filter - Filter grab results  |
   |---[TARGET]------------------------[OTHERS]--------------------| 
   | massurl - Massive grabber     | top - Top sites scanner       |
   | dork - Well...                | cmd - Execute OS command      |
   | geturl - Grab url's           | help - Shit's right here      |
   | fpds - Grab fpds & users      | exit - Quits                  |
   '---------------------------------------------------------------'


 >> multibruter

 Options:
  [1] Grab IP
  [2] Continue
   What: 2

 First IP: 192.168.1.17

 Last IP: 192.168.1.18

 Options:
  [1] FTP
  [2] SSH
  [3] DB's (PgSQL,MySQL,MsSQL)
  [4] IMAP
  [5] All
   What: 5

FTP user: 

 [+] 192.168.1.17

 - FTP seems not working (21)

 - SSH found on port 22

Fuckshitup Bruteforcing...
root:
root:root
root:test
root:admin
root:zaq123wsx
root:1234
root:12345
root:123456
root:haslo
root:Password123

 - MsSQL seems not working (1433)

 - MySQL seems not working (3306)

 - PostgreSQL seems not working (5432)

 - IMAP seems not working (143)


 [+] 192.168.1.18

 - FTP seems not working (21)

 - SSH seems not working (22)

 - MsSQL seems not working (1433)

 - MySQL found on port 3306. 

Fuckshitup  Bruteforcing...
root:
root:root
root:test
root:admin
root:zaq123wsx
root:1234
root:12345
root:123456
root:haslo
root:Password123