php/crawler/old/rfind.php

   1 #!/usr/bin/php
   2 <?php
   3 //RFIFinder 0.1 (filter for crawlers)
   4 //<-Harvie 2oo7
   5 /*
   6  *This thing will find urls with expected RFI hole in pages specified by STDIN lines.
   7  *Use it well...
   8  */
   9
  10  function is_rfi_positive($url) {
  11         $rfi_regexp = '(\?|&)(page|url|include|readfile|require|inc)=.*\.(html|htm|php|php.|txt)';
  12         return eregi($rfi_regexp, $url);
  13  }
  14
  15  $stdin = fopen('php://stdin', 'r');
  16  while(!feof($stdin)) {
  17         $url = trim(fgets($stdin)); //echo($url); //Debug
  18         if(is_rfi_positive($url)) echo("$url\n");
  19         $in = @file($url); if(!$in || !is_array($in)) continue;
  20         foreach($in as $line) {
  21                 $line = spliti('href="http://', $line);
  22                 if(sizeof($line) > 1) {
  23                         array_shift($line); //print_r($line); //Debug
  24                         foreach($line as $nurl) {
  25                                 //echo("#"); //debug
  26                                 $nurl = spliti('"', $nurl);
  27                                 $nurl = 'http://'.trim(htmlspecialchars_decode($nurl[0])); //echo($nurl."\n"); //Debug
  28                                 $test = @fopen($nurl, 'r');
  29                                 if(is_rfi_positive($nurl) && $test) echo("$nurl\n");
  30                         }
  31                 }
  32         }
  33 }
  34