See https://lolware.net/2019/05/12/abusing-safebrowse.html for information
#!/usr/bin/env ruby | |
require 'httparty' | |
FILELIST = [ | |
'/dropbox.zip', | |
'/robots.txt', # Not from the original list - this serves as a sanity check as it usually exists | |
'/css/business-frontpage.css', | |
'/newphase.zip', | |
'/Doc.zip', | |
'/wp-content.zip', | |
'/auth.zip', | |
'/Pdf.zip', | |
'/secure-dropbox.zip', | |
'/dropbox2016.zip', | |
'/yahoo%202.txt', | |
'/adobe.zip', | |
'/mn.zip', | |
'/Dropbox.zip', | |
'/x.txt', | |
'/dhl.zip', | |
'/accepted_visitors.txt', | |
'/GoogleDoc.zip', | |
'/USAA2014.zip', | |
'/docs.zip', | |
'/8-login-form.zip', | |
'/sent.zip', | |
'/new2015.zip', | |
'/Adobe.zip', | |
'/G550.zip', | |
'/info.txt', | |
'/secured-view%20(2).zip', | |
'/box.zip', | |
'/rof.txt', | |
'/webmail.zip', | |
'/laXa1a1.txt', | |
'/Drop.zip', | |
'/page.zip', | |
'/log.txt', | |
'/adobelatest.zip', | |
'/WellsLINK.zip', | |
'/apple.zip', | |
'/china.zip', | |
'/License_linux.txt', | |
'/new.zip', | |
'/newp.zip', | |
'/b1.txt', | |
'/paypal.zip', | |
'/ipad.zip', | |
'/gmail.zip', | |
'/Dropfile.zip', | |
'/FE4Nt3a.zip', | |
'/Arch.zip', | |
'/IRS.zip', | |
'/review.zip', | |
'/yh.txt', | |
'/eogpr.zip', | |
'/dbfile.zip', | |
'/1.txt', | |
'/account.zip', | |
'/godaddy.zip', | |
'/PDF%20-01.zip', | |
'/share.zip', | |
'/secure.zip', | |
'/login.alibaba.com.zip', | |
'/Documentos.file.html.zip', | |
'/pi9sI3ca6.zip', | |
'/Gdoc.zip', | |
'/as.txt', | |
'/mam.txt', | |
'/action.zip', | |
'/office365.zip', | |
'/la4BA0Re3L.zip', | |
'/aol..txt', | |
'/usaa.zip', | |
'/MailVerification.zip', | |
'/app.zip', | |
'/pageo.zip', | |
'/web1.zip', | |
'/chq.zip', | |
'/drop.zip', | |
'/GOOGLENEWW.zip', | |
'/admin.zip', | |
'/nD.zip', | |
'/Counter.zip', | |
'/css.zip', | |
'/survey.zip', | |
'/CO9La3.zip', | |
'/file.zip', | |
'/ali.txt', | |
'/logs.zip', | |
'/account-liemted.info.zip', | |
'/db.zip', | |
'/zonalzone.zip', | |
'/files.zip', | |
'/adobeCom.zip', | |
'/revalidate.zip', | |
'/PDF.zip', | |
'/google.zip', | |
'/verify.zip', | |
'/l0gz.txt', | |
'/match2.zip', | |
'/ww.zip', | |
'/mobile.free.fr.zip', | |
'/bmg.zip', | |
'/Goldencat.zip', | |
'/fA3NT3A.zip', | |
'/Alibaba.com.zip', | |
'/drive.zip', | |
'/melog-india.txt', | |
'/doc.zip', | |
'/pagedoc.zip', | |
'/art.zip', | |
'/Google.zip', | |
'/GD1.zip', | |
'/googledoc.zip', | |
'/wells.zip', | |
'/New.zip', | |
'/IR.zip', | |
'/newhotmail.zip', | |
'/gduc.zip', | |
'/lnnn.zip', | |
'/netflix.zip', | |
'/example.zip', | |
'/christianmingle.zip', | |
'/payment.zip', | |
'/2015.zip', | |
'/googledrive.zip', | |
'/Ameli.zip', | |
'/update.zip', | |
'/mgsnew..zip', | |
'/note.txt', | |
'/man.txt', | |
'/hotmail.zip', | |
'/login.zip', | |
'/b4.txt', | |
'/znD.zip', | |
'/domain.zip', | |
'/wellsfargo.zip', | |
'/030317_akt.zip', | |
'/newpage.zip', | |
'/cnm.zip', | |
'/irs.zip', | |
'/Yahoo.zip', | |
'/TT.zip', | |
'/dp.zip', | |
'/googledocs.zip', | |
'/http.zip', | |
'/ourtime.zip', | |
'/m2u.zip', | |
'/href.zip', | |
'/Verify_now.zip', | |
'/AOL.zip', | |
'/changes.txt', | |
'/1.zip', | |
'/ipic.zip', | |
'/remax.zip', | |
'/kma.zip', | |
'/Zone1.zip', | |
'/2014gdocs.zip', | |
'/msn.zip', | |
'/users.txt', | |
'/office.zip', | |
'/g-doc-secure.zip', | |
'/pdf.zip', | |
'/rhb.com.my.zip', | |
'/mgs.zip', | |
'/ca7nA4la2.zip', | |
'/Goldbook.zip', | |
'/u1.zip', | |
'/document.zip', | |
'/m.zip', | |
'/base.zip', | |
'/docss.zip', | |
'/bookmark.zip', | |
'/Account.zip', | |
'/Full.txt', | |
'/cap1-360.zip', | |
'/mint.zip', | |
'/yahoo.zip', | |
'/GD.zip', | |
'/error_log.txt', | |
'/host.zip', | |
'/BDBB.zip', | |
'/newdocxb.zip', | |
'/License_windows.txt', | |
'/Ed.zip', | |
'/chm.zip', | |
'/www.zip', | |
'/upgrade.zip', | |
'/ayo1.zip', | |
'/wp-admin.zip', | |
'/godaddyac.zip', | |
'/ID.txt', | |
'/drpbox.zip', | |
'/dpbx.zip', | |
'/web.zip', | |
'/confirmation.zip', | |
'/AmEx.zip', | |
'/excel.zip', | |
'/Login.zip', | |
'/DHL.zip', | |
'/logs.txt', | |
'/gdocc.zip', | |
'/Aol.txt', | |
'/view.zip', | |
'/ipaad.zip', | |
'/Contact%20Logs.txt', | |
'/succes.txt', | |
'/cO9nI8C.zip', | |
'/30horasdigitalmodulodesegurancafeitoparavoce.zip', | |
'/agreement_docs2.zip', | |
'/vu.txt', | |
'/credits.txt', | |
'/c6.zip', | |
'/aol.zip', | |
'/docx.zip', | |
'/home.zip', | |
'/onedrive.zip', | |
'/STD.zip', | |
'/gdoc.zip', | |
'/drive.ggle.com.zip' | |
].freeze | |
if ARGV.length != 1 | |
puts "Usage: phishget.rb https://website.com" | |
exit | |
end | |
address = ARGV[0] | |
FILELIST.each do |u| | |
response = HTTParty.get("#{address}#{u}") | |
puts "Interesting URL found: #{u}" if response.code == 200 | |
end | |
puts "Successfully scanned #{FILELIST.length} URLs" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment