PHPackages                             aszone/avenger-sh - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Search &amp; Filtering](/categories/search)
4. /
5. aszone/avenger-sh

ActiveLibrary[Search &amp; Filtering](/categories/search)

aszone/avenger-sh
=================

AsZone Component - Search Hacking Tool

v0.2.4(9y ago)22338638[2 issues](https://github.com/aszone/avenger-sh/issues)[1 PRs](https://github.com/aszone/avenger-sh/pulls)MITPHPPHP &gt;=5.3.9

Since Jul 1Pushed 8y ago17 watchersCompare

[ Source](https://github.com/aszone/avenger-sh)[ Packagist](https://packagist.org/packages/aszone/avenger-sh)[ Docs](http://www.lenonleite.com.br)[ RSS](/packages/aszone-avenger-sh/feed)WikiDiscussions master Synced 4w ago

READMEChangelog (6)Dependencies (7)Versions (6)Used By (0)

PHP Avenger
===========

[](#php-avenger)

> PHP Avenger is a modern collection of open source tools written in PHP with focus in security and hacking.

### Beta

[](#beta)

- PHP Avenger sh ( Search Engine )

### Future Implementation

[](#future-implementation)

- PHP Avenger bt ( Brute - Force )
- PHP Avenger sca ( State Code Analyse )
- PHP Avenger pwp ( Plugin WordPress )
- PHP Avenger cj ( Component Joomla )

---

### PHP Avenger SH

[](#php-avenger-sh)

> Php Avenger sh is a open source tool with an idea **based in a fork inurlbr by Cleiton Pinheiro**. Basically **PHP Avenger sh** is a tool that automates the process of detecting possible vulnerabilities using mass scan and checking if the vulnerability is true or false. Php Avenger uses search engines like google, bing and others through dorks ( advanced search ).

Installation
------------

[](#installation)

The recommended way to install PHP Avenger is through [Composer](http://getcomposer.org).

```
# Install Composer
curl -sS https://getcomposer.org/installer | php
```

Next, run the Composer command to install the latest beta version of Php Avenger SH:

```
php composer.phar create-project aszone/avenger-sh
cd avenger-sh
```

Basic Usage
-----------

[](#basic-usage)

> Use the commands bellow to init the process, results will be printed in the monitor and saved in a `.txt` file on folder `results`.

### Get trash search

[](#get-trash-search)

```
php avenger sh --dork="site:com.ar ext:sql password"
```

#### Result of trash search

[](#result-of-trash-search)

[![alt tag](https://camo.githubusercontent.com/6c97821d7b84be70fea9de95d4776f089fb351c6271720408bd684bfeec31853/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d312e706e67)](https://camo.githubusercontent.com/6c97821d7b84be70fea9de95d4776f089fb351c6271720408bd684bfeec31853/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d312e706e67)

### Check Sql Injection

[](#check-sql-injection)

```
php avenger sh --dork="site:com.ar inurl:php?id=" --check="sqli"
```

#### Result of Sql Injection

[](#result-of-sql-injection)

[![alt tag](https://camo.githubusercontent.com/9585f266cafa4a3cfe60b94d201c68f571ed9d81a8c647e64d47fb935c3d6644/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d322e706e67)](https://camo.githubusercontent.com/9585f266cafa4a3cfe60b94d201c68f571ed9d81a8c647e64d47fb935c3d6644/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d322e706e67)[![alt tag](https://camo.githubusercontent.com/a350566fd944b20a761273ce0992e984550d68e1a75a52d04b34b131cb11f04f/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d332e706e67)](https://camo.githubusercontent.com/a350566fd944b20a761273ce0992e984550d68e1a75a52d04b34b131cb11f04f/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d332e706e67)

### Check Local File Download

[](#check-local-file-download)

```
php avenger sh --dork="site:com.ar inurl:download.php?file=" --check="lfd"
```

#### Result of Local File Download

[](#result-of-local-file-download)

[![alt tag](https://camo.githubusercontent.com/1aad7968e5c50b7ad6f18e7360e91e278c10be6e2e11ce5a09affb21d73cfb51/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d372e706e67)](https://camo.githubusercontent.com/1aad7968e5c50b7ad6f18e7360e91e278c10be6e2e11ce5a09affb21d73cfb51/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f30362f696d6167656d372e706e67)

### Check and Exploited Local File Download

[](#check-and-exploited-local-file-download)

> This next command you will check vulnerabilities and extract files of server. The files will save in /results/exploits/lfd/

```
php avenger sh --dork="site:com.mx inurl:download.php?file=" --check="lfd" --exploit="lfd"
```

#### Result of Extract Files

[](#result-of-extract-files)

[![alt tag](https://camo.githubusercontent.com/8db038271756fa8358681bb16afb946aac9f2c0546a436c3d87e7915bbfb9a21/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f31312f6c666446696c65732e706e67)](https://camo.githubusercontent.com/8db038271756fa8358681bb16afb946aac9f2c0546a436c3d87e7915bbfb9a21/687474703a2f2f6c656e6f6e6c656974652e636f6d2e62722f77702d636f6e74656e742f75706c6f6164732f323031362f31312f6c666446696c65732e706e67)

#### Video of Extract Files

[](#video-of-extract-files)

[![Video of extract files](https://camo.githubusercontent.com/aa77d657efc2d4faf1b5f9714d37021b9d59200744ed09e69ddc3630e7c0cac5/68747470733a2f2f696d672e796f75747562652e636f6d2f76692f4964727051374b516c6d552f302e6a7067)](https://www.youtube.com/watch?v=IdrpQ7KQlmU)

### Check is Admin Page

[](#check-is-admin-page)

```
php avenger sh --dork="site:com.ar inurl:admin" --check="isAdmin"
```

### Check is Admin Page and if Admin Page for WordPress get all users and start brute force

[](#check-is-admin-page-and-if-admin-page-for-wordpress-get-all-users-and-start-brute-force)

```
php avenger sh --dork="site:com inurl:wp-content/uploads" --check="isAdmin" --exploit="btwp"
```

### Help for commands

[](#help-for-commands)

```
php avenger sh
```

Details
-------

[](#details)

#### Search Engines

[](#search-engines)

- Google
- GoogleApi
- Bing
- DuckDuckGo
- Yahoo
- Yandex

#### Covered Vulnerabilities

[](#covered-vulnerabilities)

- Sql Injection (SQLI)
- Local File Download (LFD)
- Admin Page
- Remote File Inclusion (RFI)
- Cross-Site-Scripting (XSS)

#### Covered Exploits

[](#covered-exploits)

- Local File Download (LFD)
- Brute Force for WordPress

#### Covered Vulnerabilities in next versions

[](#covered-vulnerabilities-in-next-versions)

- Sensitive Files
    - Dump Files
    - Config Files
    - Open Folders

#### Features under development

[](#features-under-development)

- Power Search
- Send E-mail with results
- Naming the `.txt` result file
- Proxys
    - TOR
    - Site of Proxys
    - **Virgin Proxies**

Help and docs
-------------

[](#help-and-docs)

- [Documentation](http://phpavenger.aszone.com.br).
- [Examples](http://phpavenger.aszone.com.br/examples).
- [Videos](https://www.youtube.com/user/MrLenonleite).
- [Steakoverflow](http://phpavenger.aszone.com.br).

###  Health Score

34

—

LowBetter than 75% of packages

Maintenance20

Infrequent updates — may be unmaintained

Popularity32

Limited adoption so far

Community25

Small or concentrated contributor base

Maturity52

Maturing project, gaining track record

 Bus Factor2

2 contributors hold 50%+ of commits

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~23 days

Total

5

Last Release

3557d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/10215677?v=4)[ASZone](/maintainers/aszone)[@aszone](https://github.com/aszone)

---

Top Contributors

[![lenonleite](https://avatars.githubusercontent.com/u/218436?v=4)](https://github.com/lenonleite "lenonleite (17 commits)")[![leonnleite](https://avatars.githubusercontent.com/u/1596192?v=4)](https://github.com/leonnleite "leonnleite (7 commits)")[![rafaelqueiroz](https://avatars.githubusercontent.com/u/275919?v=4)](https://github.com/rafaelqueiroz "rafaelqueiroz (3 commits)")[![abdala](https://avatars.githubusercontent.com/u/219340?v=4)](https://github.com/abdala "abdala (2 commits)")[![geekcom](https://avatars.githubusercontent.com/u/3955933?v=4)](https://github.com/geekcom "geekcom (2 commits)")[![Oxicode](https://avatars.githubusercontent.com/u/1320709?v=4)](https://github.com/Oxicode "Oxicode (2 commits)")[![WendellAdriel](https://avatars.githubusercontent.com/u/11641518?v=4)](https://github.com/WendellAdriel "WendellAdriel (1 commits)")[![B-Galati](https://avatars.githubusercontent.com/u/895123?v=4)](https://github.com/B-Galati "B-Galati (1 commits)")[![Marinofull](https://avatars.githubusercontent.com/u/4636436?v=4)](https://github.com/Marinofull "Marinofull (1 commits)")

---

Tags

searchgoogleyahoobingHackinghackerdorkdukedukegodorking

### Embed Badge

![Health badge](/badges/aszone-avenger-sh/health.svg)

```
[![Health](https://phpackages.com/badges/aszone-avenger-sh/health.svg)](https://phpackages.com/packages/aszone-avenger-sh)
```

###  Alternatives

[serps/core

Search engine scrapper

94166.4k8](/packages/serps-core)[jan-drda/laravel-google-custom-search-engine

Laravel package to get Google Custom Search results from Google Custom Search Engine API for both free and paid version.

5137.8k](/packages/jan-drda-laravel-google-custom-search-engine)[ymigval/laravel-indexnow

Laravel Service Library for notifying search engines about the latest content changes on their URLs using IndexNow.

3312.9k](/packages/ymigval-laravel-indexnow)[imarc/google-site-search

A PHP Interface to the Google Custom Search API

3011.2k](/packages/imarc-google-site-search)[garf/laravel-pinger

Ping search engines about website updates

2322.4k](/packages/garf-laravel-pinger)[tomwalder/php-appengine-search

Google App Engine Search Library for PHP

242.2k](/packages/tomwalder-php-appengine-search)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)
