Description
Fuckshitup – FSU is bunch of tools written in PHP-CLI. Using build-in functions, you are able to grab url’s using search engines – and so, dork for interesting files and full path disclosures. Using list of url’s, scanner will look for Cross Site Scripting, Remote File Inclusion, SQL Injection and Local File Inclusion vulnerabilities. It is able to perform mass bruteforce attacks for specific range of hosts, or bruteforce ssh with specific username taken from FPD. Whenever something interesting will be found, like vulnerability or broken auth credentials, data will be saved in .txt files – just like url’s, and any other files. FSU is based on PHP and text files, it’s still under construction so i am aware of any potential bugs. Fuckshitup ‘s Principle of operation is simple.
Options
-
.---[SCAN]--------------------------[FILES]---------------------. | scan - Do it! | search - DB's serch | | multibruter - Brute dat bitch | show - Display specific file | | brutefpds - Brute ssh w/ fpd | clear - Remove duplicates | | stat - Status | filter - Filter grab results | |---[TARGET]------------------------[OTHERS]--------------------| | massurl - Massive grabber | top - Top sites scanner | | dork - Well... | cmd - Execute OS command | | geturl - Grab url's | help - Shit's right here | | fpds - Grab fpds & users | exit - Quits | '---------------------------------------------------------------'
Example
cyborg@cyborg:~$ fuckshitup-scanner _____ __ .__ .__ __ _/ ____\_ __ ____ | | __ _____| |__ |__|/ |_ __ ________ \ __\ | \_/ ___\| |/ / / ___/ | \| \ __\ | \____ \ | | | | /\ \___| < \___ \| Y \ || | | | / |_> > |__| |____/ \___ >__|_ \/____ >___| /__||__| |____/| __/ \/ \/ \/ \/ |__| v0.1 .---[SCAN]--------------------------[FILES]---------------------. | scan - Do it! | search - DB's serch | | multibruter - Brute dat bitch | show - Display specific file | | brutefpds - Brute ssh w/ fpd | clear - Remove duplicates | | stat - Status | filter - Filter grab results | |---[TARGET]------------------------[OTHERS]--------------------| | massurl - Massive grabber | top - Top sites scanner | | dork - Well... | cmd - Execute OS command | | geturl - Grab url's | help - Shit's right here | | fpds - Grab fpds & users | exit - Quits | '---------------------------------------------------------------' >> multibruter Options: [1] Grab IP [2] Continue What: 2 First IP: 192.168.1.17 Last IP: 192.168.1.18 Options: [1] FTP [2] SSH [3] DB's (PgSQL,MySQL,MsSQL) [4] IMAP [5] All What: 5 FTP user: [+] 192.168.1.17 - FTP seems not working (21) - SSH found on port 22 Fuckshitup Bruteforcing... root: root:root root:test root:admin root:zaq123wsx root:1234 root:12345 root:123456 root:haslo root:Password123 - MsSQL seems not working (1433) - MySQL seems not working (3306) - PostgreSQL seems not working (5432) - IMAP seems not working (143) [+] 192.168.1.18 - FTP seems not working (21) - SSH seems not working (22) - MsSQL seems not working (1433) - MySQL found on port 3306. Fuckshitup Bruteforcing... root: root:root root:test root:admin root:zaq123wsx root:1234 root:12345 root:123456 root:haslo root:Password123