Hello.

I rewrote the port scanner of this topic: http://www.governmentsecurity.org/forum/in...showtopic=12902

....and added a sql weak password checker(mysql,mssql)...



I tested it succesfully with http://www.100webspace.com/ and my private hoster, but it will not work with all hosts.

bye flashlord

I'll take a look at that flashlord, thank u for sharing that with us
I was also going to rewrite the script myself, so I'll check yours first and then add some features I have in mind

I will let u know about it if I manage to do what I want

great work man, but is not possible to load password or login from a file ?
Because with just 3 password it s a little short
But very good software

Hi,

So here is an enhanced version of yours flashlord.
There is now the possibility to put a password file as someone requested
I wanted to add a multiple thread feature (which is possible), but unfortunately no free hosting provider have such a module installed on their servers
What I also added is the possibility to retrieve the banner of the port... quite useful for example to know what kind of HTTP Server you are looking at

In the attached zip file you will find out two files:
- start.php : is the interface where you choose all the options
~ Start IP
~ End IP
~ Port to scan : there are default ones : HTTP, MSSQL, MYSQL, or you can specify your own
~ Timeout : it is now an optional field, by default is set to 2seconds)
~ Password file : the file containing the list of password you want to test when looking for MSSQL or MYSQL

- scan.php : the file which is doing the scan actually

Enjoy and don't hesitate to give feedback
[attachmentid=2800]

I wonder what our paid webhosts would think Oo

thx 4 sharing this nice script, was already looking for some kind of mysql scanner .... good work!

i tried Rafters edited version of the script and its awesome, works perfectly for me (mysql)....

thx guys

very nice tool man!
but i wanna know:
does this take internet bandwith from my computer or from the webserver?
and is it then faster?

thx 4 sharing

you're great

bye

Suspeneded for 15 days for the thx post

nice job
thanks
how about to add another script to let everyone upload his costom dic.
so some one can share it

thx lol you cant ban me cuz i got more to say lol

well no way to make it able to send the results to a email as soon as it done or somehow you make it log all results in the mysql that hosting it? like if i run it on a host and i got a mysql database maybe it can log it to them?

Tested : Not working on Lycos

(if this could interest you all...)

it seem to be interesting... but this is only be usefull for privat webservers, because the official internet webhoster have a 30sec timeout time.

it means that a script only be executable for 30sec, then it will be killed.


in a private webserver you can edit this time.


it can be my fault and this is wrong what i write.
but my knowledge says me that.

i can't find that usefull.

but you have do great work. u help other people and so on.
keep that!

thanks
kju

Nice work , but can u add some feature to the script so it will
save the result to a file.

Seems like if you know this you can write your way around this, recursive execution of the file. or two files executing each other every time.

This is a nice idea, but I would not use it if you have other means available. Because this must take way more resources then any other scanner.
But nevertheless, this is a nice tool and a nice idea.