Example #1
0
def main():
    if argv.server:
        p = Payloader.generate_payloads(input_wordlist, urler(argv.server))
    elif argv.auto:
        if ',' in argv.auto:
            server_path, public_path = argv.auto.split(',')
            public_url = unender(ender(ngrok.connect(port = port), '/') + unstarter(public_path, '/'), '/')
        else:
            server_path = argv.auto
            public_url = unender(ngrok.connect(port = port), '/')
        system(f"(cd {server_path}; fuser -k {port}/tcp 1>/dev/null 2>/dev/null; php -S 0.0.0.0:{port} 1>/dev/null 2>/dev/null &)")
        p = Payloader.generate_payloads(input_wordlist, urler(public_url))
    with ThreadPoolExecutor(max_workers=argv.threads) as mapper:
        mapper.map(try_payload, p)
    print(f"{Color.good} Success. Check your server logs for bounty!")
Example #2
0
 def netloc_generator(self, parsed_url, payloads: list) -> list:
     error_print = lambda e: print(
         f"{Color.bad} Skipping payload generation due to: {e}")
     skip_print = f"{Color.bad} Skipping URL {colored(parsed_url.netloc, color='cyan')}!"
     if parsed_url.netloc.count('.') >= 5 or len(parsed_url.netloc) > 40:
         print(skip_print)
         return []
     if self.Skipper.check_netloc(parsed_url.netloc):
         print(skip_print)
         return []
     else:
         self.Skipper.add_netloc(parsed_url.netloc)
     try:
         error = False
         get(urler(parsed_url.netloc))
     except ConnectionError:
         error_print("Connection Error")
         error = True
     except Timeout:
         error_print("Request Timeout")
         error = True
     except Exception as E:
         error_print(str(E.__class__.__name__))
         error = True
     if error:
         return []
     return [
         merge(parsed_url.netloc, payload) for payload in payloads
         if payload
     ]
Example #3
0
def main():
    sql_dict['HOST'] = ender(urler(sql_dict['HOST']), "/")
    const = input(f"{ColorObj.information} Fetch data or edit (F/E)? ")
    if const == 'F':
        print(f"{ColorObj.good} Fetching data ..")
        query_res = fetch_mysql()
        for i in query_res:
            print(i)
        print(f"{ColorObj.good} Fetched!")
        main()
        exit()
    for keys, values in sql_dict.items():
        print("{} ::: {}".format(keys, colored(values, color='green')))
    print("")
    cont = input(
        f"{ColorObj.information} Continue with above value (Y/N) or update value (U): "
    )
    if cont.upper() == 'Y':
        try:
            insert_mysql()
        except Exception as E:
            print(f"Error {E,E.__class__} occured while inserting data")
            exit(0)
    elif cont.upper() == 'U':
        up = input(f"{ColorObj.information} Enter hostname to update: ")
        update_mysql(up)
    else:
        main()
Example #4
0
def async_generator(url: str):
    global to_try
    if not url:
        return []
    parsed_url = urlparse(urler(url))
    print_asyncgen = lambda data: print(
        f"{Color.information} Generating {data} for: {colored(url, color='cyan')}"
    )
    if parsed_url.query:
        print_asyncgen('query payload')
        try:
            for payloaded_url in Payloader.query_generator(
                    parsed_url, payloads):
                to_try.append(payloaded_url)
        except Exception as E:
            print(E)
        print_asyncgen('path payload')
        try:
            for payloaded_url in Payloader.path_generator(
                    parsed_url, payloads):
                to_try.append(payloaded_url)
        except Exception as E:
            print(E)
    elif parsed_url.path:
        print_asyncgen('path payload')
        try:
            for payloaded_url in Payloader.path_generator(
                    parsed_url, payloads):
                to_try.append(payloaded_url)
        except Exception as E:
            print(E)
    elif parsed_url.netloc:
        print_asyncgen('domain payload')
        for payloaded_url in Payloader.netloc_generator(parsed_url, payloads):
            to_try.append(payloaded_url)
Example #5
0
def insert_mysql():
    statement = "INSERT INTO password (HOST, USERNAME, EMAIL, PASSWORD, 2FA, BACKUP, OTHER) VALUES (%s,%s,%s,%s,%s,%s,%s)"
    values = (ender(
        urler(sql_dict['HOST']).replace('http://', 'https://'),
        "/"), sql_dict['USERNAME'], sql_dict['EMAIL'], sql_dict['PASSWORD'],
              sql_dict['2FA'], sql_dict['BACKUP'], sql_dict['OTHER'])
    cursor.execute(statement, values)
    conn.commit()
Example #6
0
def update_mysql(host):
    data = fetch_mysql()
    where = ""
    for i in data:
        if i[1] == host:
            where = i[0]
            data = i[1:]
            break

    statement = "UPDATE password SET HOST = %s, USERNAME = %s, EMAIL = %s, PASSWORD = %s, 2FA = %s, BACKUP = %s, OTHER = %s WHERE ID = %s"
    values = (ender(
        urler(sql_dict['HOST']).replace('http://', 'https://'),
        "/"), sql_dict['USERNAME'], sql_dict['EMAIL'], sql_dict['PASSWORD'],
              sql_dict['2FA'], sql_dict['BACKUP'], sql_dict['OTHER'],
              int(where))
    cursor.execute(statement, values)
    conn.commit()
Example #7
0
 def extract_from_url(self, url: str) -> bool:
     try:
         output_list = []
         jsurl = urler(url)
         parsed_url = urlparse(jsurl)
         print(
             f"{Color.information} Getting data from {colored(jsurl, color='yellow', attrs=['bold'])}"
         )
         output_list.append(
             (f"URL: {colored(jsurl, color='yellow', attrs=['bold'])}\n\n"))
         (lambda __after:
          [__after() for self.argv.domain in [(parsed_url.netloc)]][0]
          if parsed_url.netloc and not self.argv.domain else __after()
          )(lambda: None)
         if parsed_url.path.endswith('.js'):
             jstext = JSE.returnjs_fromjs(jsurl)
             jscomments, js_exlines, js_hidden, js_links, js_imgsrc = (None,
                                                                       None,
                                                                       None,
                                                                       None,
                                                                       None)
         elif not parsed_url.path.endswith('.js'):
             jstext, js_other = JSE.returnjs_fromhtml(jsurl)
             jscomments, js_exlines, js_hidden, js_links, js_imgsrc = js_other
         if js_links or js_imgsrc:
             for js_link in js_links:
                 output_list.append(self.link_extract(js_link))
             for js_src in js_imgsrc:
                 output_list.append(self.link_extract(js_src, is_src=True))
         if jscomments:
             for jscomment in jscomments:
                 jscomment = '"{}"'.format(jscomment.strip(' '))
                 print(
                     f"{Color.good} Comments: {colored(jscomment, color='red', attrs=['bold'])}"
                 )
                 output_list.append([
                     manage_output(f"{jscomment} <--- Comments\n"),
                     'Comments'
                 ])
         if js_exlines:
             for exline in js_exlines:
                 output_list.append(self.exline_extract(exline['src']))
         if js_hidden:
             print(
                 f"{Color.good} Hidden input parameters: {colored(js_hidden, color='red', attrs=['bold'])}"
             )
             output_list.append([
                 manage_output(f"{js_hidden} <--- Hidden parameters\n"),
                 'Hidden'
             ])
         for line in jstext:
             line = line.strip(' ').rstrip('{').rstrip(' ').lstrip(
                 '}').lstrip(' ')
             output_list.append(self.domsource_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.domsink_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.url_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.path_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.subdomain_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.custom_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
             output_list.append(self.shannon_extract(line))
             if self.jstext_continuer:
                 self.jstext_continuer = 0
                 continue
         return tuple(filter(None, output_list))
     except Exception:
         print_exc()
Example #8
0
                   help="Fetch from config file (optional, not implemented)")
group.add_argument('-a',
                   '--argv',
                   action="store_true",
                   help="Fetch from command line (optional, not implemented)")
group.add_argument('-i',
                   '--input',
                   action="store_true",
                   help="Fetch from input (optional, not implemented)")
argv = parser.parse_args()

mode = starter(argv)

if mode == 'argv':
    sql_dict['HOST'] = ender(
        urler(argv.host).replace('http://', 'https://'), "/")
    sql_dict['USERNAME'] = argv.username
    sql_dict['EMAIL'] = argv.email
    sql_dict['PASSWORD'] = argv.password
    sql_dict['2FA'] = argv.two_factor
    sql_dict['BACKUP'] = argv.backup
    sql_dict['OTHER'] = argv.other
elif mode == 'input':
    sql_dict['HOST'] = ender(
        (urler(input(f"{ColorObj.information} Enter Host: "))).replace(
            'http://', 'https://'), "/")
    sql_dict['USERNAME'] = input(f"{ColorObj.information} Enter Username: "******"{ColorObj.information} Enter Email: ")
    sql_dict['PASSWORD'] = input(f"{ColorObj.information} Enter Password: "******"{ColorObj.information} Enter 2FA: ")
    sql_dict['BACKUP'] = input(f"{ColorObj.information} Enter Backup: ")