def testSqli(test_request, payload_name):
global request_data, trueCode
test_injectable = 'U*'
test_request.sqli_payload = payload_name
if test_injectable == sqli(
test_request, trueCode=trueCode).getSqliOutput('test_injectable'):
printGreen("[*] Luanmap has identified injection point by : " +
payload_name + '\n')
request_data = test_request
return True
return False
def serbugs(web):
print GR+'\n [*] Loading module...'
serbugsban()
v = raw_input(''+O+' \033[4mTID\033[1;0m '+GR+':> ' + color.END)
print '\n'
if v.strip() == '1':
print ' Type Selected : LFI'
lfi(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '2':
print ' Type Selected : RFI'
rfi(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '3':
print ' Type Selected : RCE'
rce(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '4':
print ' Type Selected : Path Traversal'
pathtrav(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '5':
print ' Type Selected : CSRF'
csrf(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '6':
print ' Type Selected : XSS'
xss(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '7':
print ' Type Selected : SQLi'
sqli(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '8':
print ' Type Selected : LDAP Injection'
ldap(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '9':
print ' Type Selected : HTML Code Injection'
htmli(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '10':
print ' Type Selected : HTTP Response Splitting'
crlf(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '11':
print ' Type Selected : PHP Code Injection'
phpi(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '12':
print ' Type Selected : XPATH Injection'
xpathi(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '13':
print ' Type Selected : Shellshock'
shellshock(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '14':
print ' Type Selected : URL Validation'
redirect(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '15':
print ' Type Selected : Subdomain Takeover'
subdomover(web)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == 'A':
print ' [!] Type Selected : All Modules'
time.sleep(0.5)
print ' [*] Firing up module --> LFI'
lfi(web)
print ' [!] Module Completed --> LFI\n'
time.sleep(1)
print ' [*] Firing up module --> RFI '
rfi(web)
print ' [!] Module Completed --> RFI \n'
time.sleep(1)
print ' [*] Firing up module --> RCE'
rce(web)
print ' [!] Module Completed --> RCE\n'
time.sleep(1)
print ' [*] Firing up module --> Path Traversal'
pathtrav(web)
print ' [!] Module Completed --> Path Traversal\n'
time.sleep(1)
print ' [*] Firing up module --> CSRF'
csrf(web)
print ' [!] Module Completed --> CSRF\n'
time.sleep(1)
print ' [*] Firing up module --> XSS '
xss(web)
print ' [!] Module Completed --> XSS \n'
time.sleep(1)
print ' [*] Firing up module --> SQLi'
sqli(web)
print ' [!] Module Completed --> SQLi\n'
time.sleep(1)
print ' [*] Firing up module --> LDAPi'
ldap(web)
print ' [!] Module Completed --> LDAPi\n'
time.sleep(1)
print ' [*] Firing up module --> CRLF'
crlf(web)
print ' [!] Module Completed --> CRLF\n'
time.sleep(1)
print ' [*] Firing up module --> PHP Code Injection'
phpi(web)
print ' [!] Module Completed --> PHP Code Injection\n'
time.sleep(0.5)
print ' [*] Firing up module --> XPATH Injection'
xpathi(web)
print ' [!] Module Completed --> XPATH Injection\n'
time.sleep(0.5)
print ' [*] Firing up module --> ShellShock'
shellshock(web)
print ' [!] Module Completed --> ShellShock\n'
time.sleep(1)
print ' [*] Firing up module --> URL Forwards'
redirect(web)
print ' [!] Module Completed --> Url Forwards\n'
time.sleep(0.5)
print G+' [+] All modules successfully completed!'
time.sleep(4)
raw_input(O+' [#] Press '+GR+'Enter'+O+' to continue...')
serbugs(web)
elif v.strip() == '99':
print '[!] Back'
time.sleep(0.7)
else:
print ''
dope = ['You high dude?','Hey there! Enter a valid option','Whoops! Thats not an option','Sorry fam! You just typed shit']
print dope[randint(0,3)]
time.sleep(0.7)
os.system('clear')
time.sleep(1)
serbugs(web)
def serbugs(web):
print GR + '\n [*] Loading module...'
serbugsban()
v = raw_input('' + O + ' \033[4mTID\033[1;0m ' + GR + ':> ' + color.END)
print '\n'
if v == '1':
print ' Type Selected : LFI'
lfi(web)
time.sleep(1)
serbugs(web)
elif v == '2':
print ' Type Selected : RFI'
rfi(web)
time.sleep(1)
serbugs(web)
elif v == '3':
print ' Type Selected : RCE'
rce(web)
time.sleep(1)
serbugs(web)
elif v == '4':
print ' Type Selected : Path Traversal'
pathtrav(web)
time.sleep(1)
serbugs(web)
elif v == '5':
print ' Type Selected : CSRF'
csrf(web)
time.sleep(1)
serbugs(web)
# elif v == '6':
# print ' Type Selected : XSS'
# xss(web)
# time.sleep(1)
# serbugs(web)
elif v == '7':
print ' Type Selected : SQLi'
sqli(web)
time.sleep(1)
serbugs(web)
elif v == '8':
print ' Type Selected : HTTP Response Splitting'
crlf(web)
time.sleep(1)
serbugs(web)
elif v == '9':
print ' Type Selected : Host Header Injection'
hhi(web)
time.sleep(1)
serbugs(web)
elif v == '10':
print ' Type Selected : Shellshock'
shellshock(web)
time.sleep(1)
serbugs(web)
elif v == '11':
print ' Type Selected : URL Validation'
redirect(web)
time.sleep(1)
serbugs(web)
elif v == 'A':
print ' [!] Type Selected : All Modules'
time.sleep(0.5)
print ' [*] Firing up module --> LFI'
lfi(web)
print ' [!] Module Completed --> LFI\n'
time.sleep(1)
print ' [*] Firing up module --> RFI '
rfi(web)
print ' [!] Module Completed --> RFI \n'
time.sleep(1)
print ' [*] Firing up module --> RCE'
rce(web)
print ' [!] Module Completed --> RCE\n'
time.sleep(1)
print ' [*] Firing up module --> Path Traversal'
pathtrav(web)
print ' [!] Module Completed --> Path Traversal\n'
time.sleep(1)
print ' [*] Firing up module --> CSRF'
csrf(web)
print ' [!] Module Completed --> CSRF\n'
time.sleep(1)
# print ' [*] Firing up module --> XSS '
# xss(web)
# print ' [!] Module Completed --> XSS \n'
# time.sleep(1)
print ' [*] Firing up module --> SQLi'
sqli(web)
print ' [!] Module Completed --> SQLi\n'
time.sleep(1)
print ' [*] Firing up module --> CRLF'
crlf(web)
print ' [!] Module Completed --> CRLF\n'
time.sleep(1)
print ' [*] Firing up module --> Host Header Injection'
hhi(web)
print ' [!] Module Completed --> Host Header Injection\n'
time.sleep(0.5)
print ' [*] Firing up module --> ShellShock'
shellshock(web)
print ' [!] Module Completed --> ShellShock\n'
time.sleep(1)
print ' [*] Firing up module --> URL Forwards'
redirect(web)
print ' [!] Module Completed --> Url Forwards\n'
time.sleep(0.5)
print G + ' [+] All modules successfully completed!'
time.sleep(4)
vulnban1()
vuln(web)
elif v == '99':
print '[!] Back'
time.sleep(0.7)
vulnban1()
vuln(web)
else:
print ''
dope = [
'You high dude?', 'Hey there! Enter a valid option',
'Whoops! Thats not an option', 'Sorry fam! You just typed shit'
]
print dope[randint(0, 3)]
time.sleep(0.7)
os.system('clear')
time.sleep(1)
serbugs(web)
else:
printRed(''.join([
'[-] Header parameter \'', key,
'\' appear to be not injectable\n'
]))
if request_data.have_InjectHere() == False:
printRed('[-] All tested parameters appear to be not injectable\n')
sys.exit()
else:
f = open(''.join([sys.path[0], '/output/', domain, '/target.txt']), 'w')
f.write(options.url)
f.close()
request_data.writeFile(''.join(
[sys.path[0], '\\output\\', domain, '\\request.txt']))
sqli = sqli(request_data, trueCode=trueCode)
out.create_table(2)
out.add_line(['Parameter', 'Type'])
out.add_line([request_data.get_InjectParameter(), request_data.sqli_payload])
out.end_table()
def printSqliOutput(sql, title=''):
SqliOutput = sqli.getSqliOutput(sql)
printGreen(sql.join(['[*] ', ' => ']))
print ''.join([SqliOutput, '\n'])
out.create_table(1)
out.add_line([sql if title == '' else title])
out.add_line([SqliOutput])
out.end_table()