RCE Scanner adalah tool scanning otomatis berbasis Python yang dirancang untuk mendeteksi keberadaan beberapa vulnerable endpoints atau file yang sering ditemukan dalam aplikasi web berbasis PHP seperti Laravel, ThinkPHP, dan lainnya.
Script ini sudah dilengkapi dengan pengecekan redirect, pengecekan string khusus, dan metode aman untuk mendeteksi kerentanan tanpa melakukan eksploitasi berbahaya.
- π Multi-threaded fast scanning
- π‘οΈ Bypass redirect detection
- π‘ Mendukung berbagai payload populer seperti:
- PHPUnit RCE
- ThinkPHP RCE
- Laravel Ignition RCE
- FCKeditor file upload
- elFinder exposure
- PHPFileManager detection
- π Deteksi otomatis protokol (http/https)
- π Simpan hasil scan ke
results.txt
| Nama Vulnerability | Path yang Diserang | Metode | Deteksi |
|---|---|---|---|
| PHPUnit | /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php |
POST | ShellOK di response |
| ThinkPHP 5.0.x | /index.php?s=/index/\think\app/invokefunction |
GET | phpinfo |
| Laravel Ignition | /_ignition/execute-solution |
POST | viewFile di response |
| FCKeditor Upload | /fckeditor/editor/filemanager/connectors/php/upload.php |
POST | shell.php response check |
| elFinder | /elfinder/php/connector.minimal.php |
GET | JSON {"api":"2.1"} |
| PHPFileManager | /phpfilemanager.php |
GET | File Manager |
- Installasi
git clone https://github.com/username/next-project-scanner.git
cd next-project-scanner
pip install -r requirements.txt
- Persiapkan list target
Buat file berisi daftar URL target (list.txt) contoh:
example.com
http://targetsite.org
https://another-site.net
- Jalankan script
python scanner.pyMasukkan List
[?] Masukkan nama file target (contoh: list.txt):
>> list.txt
Credit : Next Project