Merge pull request #11 from shipcod3/master

Adding more payloads for PHP fuzz and 'malicious.txt', strings for finding backdoor shells, rootkits, botnets, and exploitable functions

Discovery/ASP_CommonBackdoors.fuzz.txt

@@ -0,0 +1,23 @@
+3fexe.asp
+ASpy.asp
+EFSO.asp
+RemExp.asp
+aspxSH.asp
+aspxshell.aspx
+aspydrv.asp
+cmd.asp
+cmd.aspx
+cmdexec.aspx
+elmaliseker.asp
+filesystembrowser.aspx
+fileupload.aspx
+ntdaddy.asp
+spexec.aspx
+sql.aspx
+tool.asp
+toolaspshell.asp
+up.asp
+zehir.asp
+zehir.aspx
+zehir4.asp
+zehir4.aspx

Discovery/PHP.fuzz.txt

@@ -15,9 +15,91 @@
 /php
 /phpsecinfo
 /phpinfo
-/phpmyadmin/
-/phpMyAdmin/
-/mysqladmin/
+/phpMyAdmin
+/phpmyadmin
+/PMA
+/admin
+/dbadmin
+/mysql
+/myadmin
+/phpmyadmin2
+/phpMyAdmin2
+/phpMyAdmin-2
+/php-my-admin
+/phpMyAdmin-2.2.3
+/phpMyAdmin-2.2.6
+/phpMyAdmin-2.5.1
+/phpMyAdmin-2.5.4
+/phpMyAdmin-2.5.5-rc1
+/phpMyAdmin-2.5.5-rc2
+/phpMyAdmin-2.5.5
+/phpMyAdmin-2.5.5-pl1
+/phpMyAdmin-2.5.6-rc1
+/phpMyAdmin-2.5.6-rc2
+/phpMyAdmin-2.5.6
+/phpMyAdmin-2.5.7
+/phpMyAdmin-2.5.7-pl1
+/phpMyAdmin-2.6.0-alpha
+/phpMyAdmin-2.6.0-alpha2
+/phpMyAdmin-2.6.0-beta1
+/phpMyAdmin-2.6.0-beta2
+/phpMyAdmin-2.6.0-rc1
+/phpMyAdmin-2.6.0-rc2
+/phpMyAdmin-2.6.0-rc3
+/phpMyAdmin-2.6.0
+/phpMyAdmin-2.6.0-pl1
+/phpMyAdmin-2.6.0-pl2
+/phpMyAdmin-2.6.0-pl3
+/phpMyAdmin-2.6.1-rc1
+/phpMyAdmin-2.6.1-rc2
+/phpMyAdmin-2.6.1
+/phpMyAdmin-2.6.1-pl1
+/phpMyAdmin-2.6.1-pl2
+/phpMyAdmin-2.6.1-pl3
+/phpMyAdmin-2.6.2-rc1
+/phpMyAdmin-2.6.2-beta1
+/phpMyAdmin-2.6.2-rc1
+/phpMyAdmin-2.6.2
+/phpMyAdmin-2.6.2-pl1
+/phpMyAdmin-2.6.3
+/phpMyAdmin-2.6.3-rc1
+/phpMyAdmin-2.6.3-pl1
+/phpMyAdmin-2.6.4-rc1
+/phpMyAdmin-2.6.4-pl1
+/phpMyAdmin-2.6.4-pl2
+/phpMyAdmin-2.6.4-pl3
+/phpMyAdmin-2.6.4-pl4
+/phpMyAdmin-2.6.4
+/phpMyAdmin-2.7.0-beta1
+/phpMyAdmin-2.7.0-rc1
+/phpMyAdmin-2.7.0-pl1
+/phpMyAdmin-2.7.0-pl2
+/phpMyAdmin-2.7.0
+/phpMyAdmin-2.8.0-beta1
+/phpMyAdmin-2.8.0-rc1
+/phpMyAdmin-2.8.0-rc2
+/phpMyAdmin-2.8.0
+/phpMyAdmin-2.8.0.1
+/phpMyAdmin-2.8.0.2
+/phpMyAdmin-2.8.0.3
+/phpMyAdmin-2.8.0.4
+/phpMyAdmin-2.8.1-rc1
+/phpMyAdmin-2.8.1
+/phpMyAdmin-2.8.2
+/sqlmanager
+/mysqlmanager
+/p/m/a
+/PMA2005
+/pma2005
+/phpmanager
+/php-myadmin
+/phpmy-admin
+/webadmin
+/sqlweb
+/websql
+/webdb
+/mysqladmin
+/mysql-admin
 /MySQLadmin
 /MySQLAdmin
 /login.php

GrepStrings/malicious.txt

@@ -0,0 +1,94 @@
+# strings for finding backdoor shells, rootkits, botnets, and exploitable functions
+# grep -Rn "shell *(" /var/www
+
+passthru
+shell_exec
+system
+phpinfo
+base64_decode
+chmod
+mkdir
+fopen
+fclose
+readfile
+php_uname
+eval
+edoced_46esab
+popen
+include
+create_function
+mysql_execute
+php_uname
+proc_open
+pcntl_exec
+``
+include_once
+require
+require_once
+posix_mkfifo
+posix_getlogin
+posix_ttyname
+getenv
+get_current_user
+proc_get_status
+get_cfg_var
+disk_free_space
+disk_total_space
+diskfreespace
+getcwd
+getlastmo
+getmygid
+getmyinode
+getmypid
+getmyuid
+assert
+extract
+parse_str
+putenv
+ini_set
+pfsockopen
+fsockopen
+apache_child_terminate
+posix_kill
+posix_setpgid
+posix_setsid
+posix_setuid
+tmpfile
+bzopen
+gzopen
+chgrp
+chown
+copy
+file_put_contents
+lchgrp
+lchown
+link
+mkdir
+move_uploaded_file
+symlink
+tempnam
+imagecreatefromgif
+imagecreatefromjpeg
+imagecreatefrompng
+imagecreatefromwbmp
+imagecreatefromxbm
+imagecreatefromxpm
+ftp_put
+ftp_nb_put
+exif_read_data
+read_exif_data
+exif_thumbnail
+exif_imagetype
+hash_file
+hash_hmac_file
+hash_update_file
+md5_file
+sha1_file
+highlight_file
+show_source
+php_strip_whitespace
+get_meta_tags
+str_repeat
+unserialize
+register_tick_function
+register_shutdown_function