def Put(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: if post_data(urlparse(url).query) == 0: break r = nq.Put(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='SQL injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Post(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: d = post_data(urlparse(url).query) if d == 0: break r = nq.Post(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug(bug='SQL injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Put(url): mt = methods.Put(url.split('?')[0], urlparse(url).query) if mt == 0: pass elif mt == 1 and refxss.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='Cross-site scripting', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Put(url): if methods.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Put( url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='template injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Put(url,data=None): try: if nq.Put(url.split('?')[0],post_data(urlparse(url).query)).status_code != 405: return 1 else: return 0 except: return 0
def Put(url): for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: show.bug(bug='Cross-site scripting', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) break
def Put(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Put(url.split('?')[0],post_data(url)) if r.content.decode().lower().find('scantrrr') != -1: return 1 else: return 0 except: return 0
def NEON_CVE(url): urls = add_path(url) for u in urls: r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>')) if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content: show.bug(bug='Cross-site scripting', payload='<img src=x onerror=alert(1)>', method='GET', parameter='q', target=u, link='q=<img src=x onerror=alert(1)>')
def inject(host): for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: r = nq.Get(host.replace(param,param + payload)) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host.replace(param,param + payload)}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Post(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> POST\n{info} Data :> {data}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Put(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> PUT\n{info} Data :> {data}') done = 1 if done == 1: break
def Post(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Post(url.split('?')[0],post_data(url)) for header,value in r.headers.items(): if 'scantrrr' in header or 'scantrrr' in value: return 1 else: return 0 except: return 0
def Post(url): for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Post(url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='template injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url, data) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug_Header(bug='SQL injection', payload=payload, method='PUT', header=header, target=url) break
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in rce_payloads.items(): all_headers = {} payload = payload.replace('\n', '%0a') try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url.split('?')[0], data) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='command injection', payload=payload.replace('\n', '%0a'), method='PUT', header=header, target=url) break
def new_req(method='GET', Dump=None, proxy=None, url=None, redirect=False, data=None, timeout=10, headers={}, cookies=None): method = method.upper() if data: data = post_data(data) if method == 'GET': r = get(url=url, proxies=proxy, cookies=cookies, allow_redirects=redirect, timeout=timeout, verify=False, headers=headers) if method == 'POST': r = post(url=url, data=data, proxies=proxy, allow_redirects=redirect, verify=False, timeout=timeout, cookies=cookies, headers=headers) if method == 'PUT': r = put(url=url, data=data, proxies=proxy, allow_redirects=redirect, verify=False, cookies=cookies, timeout=timeout, headers=headers) if Dump: d_r = dump.dump_all(r) print(d_r.decode()) return r
def GO(url, host): l = len(ssrf_parameters) newurl = url for par in ssrf_parameters: pay = f'{host}/{par}' if newurl != url: if len(urlparse(newurl).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' else: if len(urlparse(url).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' if len(urlparse(newurl).query.split( '=')) == parameters_in_one_request + 1: nq.Get(newurl) nq.Post(url.split('?')[0], post_data(urlparse(newurl).query)) newurl = url
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload in xss_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break if payload.encode('utf-8') in req.content: show.bug_Header(bug='Cross-site scripting', payload=payload, method='PUT', header=header, target=url) break
except Exception as e: print(e) sys.exit() else: Header = {} if opts.Random: Random = True else: Random = False if opts.proxy: proxy = opts.proxy proxy = {'http': proxy, 'https': proxy} else: proxy = None if opts.cookie: cookie = post_data(opts.cookie) if cookie == 0: print('\n{bad} invalid data'.format(bad=bad)) sys.exit() else: cookie = None if opts.redirect: redirect = True else: redirect = False if opts.List: List = opts.List try: List = open(List, 'r') except Exception as e: print(e)
def GO(url, host): for par in ssrf_parameters: nq.Get(f"{url.split('?')[0]}/?{par}={host}/{par}") nq.Post(url.split('?')[0], post_data(f'{par}={host}/{par}')) nq.Put(url.split('?')[0], post_data(f'{par}={host}/{par}'))