Beispiel #1
0
def run(word_queue, url):
    state = False
    while not word_queue.empty():
        attempt = word_queue.get()
        attempt_list = []
        attempt_list.append(attempt)

        for brute in attempt_list:
            if state == True:
                break
            user_agent = random.choice(regex.USR_AGENTS)
            headers = {'User-Agent': user_agent}
            try:
                url = nano.inject_param(url, str(brute))
                r = requests.get(url, headers=headers, verify=False)
                cont = r.content
                if "uid=" and "gid=" and "groups=" in str(cont):
                    state = True
                    print(
                        "\033[91mPossibly OS Command injection vulnerability\033[00m  "
                        + url)
                    break
                else:
                    pass
            except:
                pass
Beispiel #2
0
def run(word_queue,url):
    
    while not word_queue.empty():
        attempt = word_queue.get()
        attempt_list = []
        attempt_list.append(attempt)

       
        for brute in attempt_list:  
            user_agent=random.choice(regex.USR_AGENTS)
            headers={'User-Agent':user_agent }
            try:
               url = nano.inject_param(url,str(brute))
               url=url.replace("b'","")
               url=url.replace("'","")
               r = requests.get(url,headers=headers,verify=False)
               resp= r.content
               if(re.search('root:', str(resp))):
                   if(re.search('bin:', str(resp))):
                        if(re.search('nobody:', str(resp))):
                              if(re.search(':x:', str(resp))):
                                   print("\033[91mPossibly LFI vulnerability\033[00m  "+url)
                                   break
 
               else:
                   pass
            except:
               pass
Beispiel #3
0
def semple(url):
    state=False
    done=0
    user_agent=random.choice(regex.USR_AGENTS)
    headers = {'User-Agent': user_agent } 
    payload=["'",'"',";","#","-","--","--+"]
    
    for i in payload: 
        if done ==1 :
            break
        try:
            url=inject(url,i)
            r = requests.get(url,headers=headers,verify=False)
            cont = r.content
            for x in regex.SQL_ERROR:
                if(re.search(x, str(cont))):
                    url_=nano.inject_param(url,"x")
                    r_ = requests.get(url_,headers=headers,verify=False)
                    cont_ = r_.content
                    if(re.search(x, str(cont_))):
                        pass
                    else:
                        state=True
                        print("\033[91mPossibly SQL injection vulnerability\033[00m  "+url)
                        done=1
                        break
        except:
            pass
               
    return state
Beispiel #4
0
def ssti_(url):
   
    try:
        for x in regex.payload_ssti_1:
            r = requests.get(nano.inject_param(url,x),verify=False)
            cont1 = r.content
            if(re.search(test1, str(cont1))):
                for i in regex.payload_ssti_2:
                    r = requests.get(nano.inject_param(url,i),verify=False,timeout=10)
                    cont2 = r.content
                    if(re.search(test2, str(cont2))):
                         print("\033[91m Possibly SS template injection vulnerability\033[00m\t"+nano.inject_param(url,i))
                         break
                    else:
                         pass
    except:
        pass
Beispiel #5
0
def xss_(link):

    if nano.reflection(link) == True:
        for rg, p in regex.XSS.items():
            user_agent = random.choice(regex.USR_AGENTS)
            headers = {'User-Agent': user_agent}
            url = nano.inject_param(link, p)
            try:
                r = requests.get(url, headers=headers, verify=False)
                resp = r.content
                x = re.findall(rg, str(resp))
                if (x):
                    print('\033[91mPossibly XSS vulnerability\033[00m  ' + url)
                    break
                else:
                    pass
            except:
                pass
        pay = {'X=GtRNv>': '&X=GtRNv>', 'X=GtRNbv>': '&X%3DGtRNbv%3E'}
        for rg, p in pay.items():
            user_agent = random.choice(regex.USR_AGENTS)
            headers = {'User-Agent': user_agent}
            url = link + p
            try:
                r = requests.post(url, headers=headers, verify=False)
                resp = r.content
                x = re.findall(rg, str(resp))
                if (x):
                    if 'text/html' in str(ContentType):
                        print('\033[91mPossibly XSS vulnerability\033[00m  ' +
                              url)
                        break
                    else:
                        print(
                            '\033[33;1mWarning can be false positives  Content Type: {}\033[00m'
                        ).format(str(ContentType))
                        print('\033[91mPossibly XSS vulnerability\033[00m  ' +
                              url)
                        break
                else:
                    pass
            except:
                pass

    else:
        pass
Beispiel #6
0
def run_(word_queue, url):
    if url != None:
        while not word_queue.empty():
            attempt = word_queue.get()
            attempt_list = []
            attempt_list.append(attempt)

            for brute in attempt_list:
                try:
                    session = requests.Session()
                    url = nano.inject_param(url, brute)
                    session.get(url)
                    if 'crlf' in session.cookies.get_dict(
                    ) and 'injection' in session.cookies.get_dict().values():
                        print(
                            '\033[91m Possibly CRLF injection vulnerability\033[00m  '
                            + url)
                        break
                    else:
                        pass
                except:
                    pass
    else:
        pass
Beispiel #7
0
def lfi_dirF(i):
    lfi.lfi_dir(i)

def crlf_dirF(i):
    crlf.crlf_dir(i)

 
urls= archiveurl.waybackurls(url)
with alive_bar(len(urls)) as bar:
    for i in urls:
        for uniq_url in nano.inject_dir(i,"uNiq_stRiNg"):
             if uniq_url not in uniq:
                 uniq.append(uniq_url)
        if "?" in i:
            uniq_link=nano.inject_param(i,'yaTi8CP7Efh')
   
        else:
            uniq_link=i
            
        
        bar()
        i=i.rstrip()
        p1 = Process(target=traceF, args=(i,))
        p1.start()
        p2 = Process(target=jsparseF, args=(i,))
        p2.start()
        p4 = Process(target=base64F, args=(i,))
        p4.start()