def Post(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: d = post_data(urlparse(url).query) if d == 0: break r = nq.Post(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug(bug='SQL injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Get(url): mt = methods.Get(url) if mt == 0: pass elif mt == 1 and refxss.Get(url) == 1: for param in url.split("?")[1].split("&"): for payload in xss_payloads: req = nq.Get(url.replace(param, param + en(payload))) if req != 0: if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)) } show.bug(bug='Cross-site scripting', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) return bug return None
def Get(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in ssti_payloads.items(): all_headers = {} r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='template injection', payload=payload, method='GET', header=header, target=url) break
def Get(url): if methods.Get(url) == 1: if 1 == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) req = nq.Get(url.replace(param, param + en(payload))) if req == 0: break if r < len( findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)), 'target': url.split('?')[0] } show.bug(bug='template injection', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) return bug return None
def Get(url): for param in url.split('?')[1].split('&'): for payload in crlf_payloads: r = nq.Get(url.replace(param,param + en(payload))) if r == 0: break if r.headers.get('Header-Test'): bug = { 'name':'CRLF injection', 'payload':payload.replace('\n','%0a').replace('\r','%0d'), 'method':'GET', 'parameter':param, 'link':url.replace(param,param + en(payload)), 'target':url.split('?')[0] } show.bug( bug='CRLF injection', payload=payload.replace('\n','%0a').replace('\r','%0d'), method='GET', parameter=param, link=url.replace(param,param + en(payload)) ) return bug else: continue return None
def Get(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} r = nq.Get(url) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], method='GET', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r2 = findall(e.encode('utf-8'), save_request.get().content) r3 = findall(e.encode('utf-8'), req.content) if len(r2) < len(r3): show.bug_Header(bug='SQL injection', payload=payload, method='GET', header=header, target=url) break
def Get(url): all_headers = {} d = nq.Dump() for header in SCAN_Headers: for payload in xss_payloads: try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url, headers=all_headers) if req != 0: if payload.encode('utf-8') in req.content: show.bug_Header(bug='Cross-site scripting', payload=payload, method='GET', header=header, target=url) break
def Put(url): if methods.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Put( url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='template injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Put(url): mt = methods.Put(url.split('?')[0], urlparse(url).query) if mt == 0: pass elif mt == 1 and refxss.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='Cross-site scripting', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Put(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: if post_data(urlparse(url).query) == 0: break r = nq.Put(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='SQL injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Get(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: r = nq.Get(url) if r == 0: break save_request.save(r) req = nq.Get(url.replace(param, param + payload)) if req == 0: break for n, e in sql_err.items(): r2 = findall(e.encode('utf-8'), save_request.get().content) r3 = findall(e.encode('utf-8'), req.content) if len(r2) < len(r3): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)), 'target': url.split('?')[0] } show.bug(bug='SQL injection', payload=payload, method='GET', parameter=param, target=url.split('?')[0], link=url.replace(param, param + en(payload))) return bug return None
def NEON_CVE(url): urls = add_path(url) for u in urls: r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>')) if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content: show.bug(bug='Cross-site scripting', payload='<img src=x onerror=alert(1)>', method='GET', parameter='q', target=u, link='q=<img src=x onerror=alert(1)>')
def Get(url): for param in url.split("?")[1].split("&"): for payload in xss_payloads: req = nq.Get(url.replace(param, param + en(payload))) if req != 0: if payload.encode('utf-8') in req.content: show.bug(bug='Cross-site scripting', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) break
def Get(url): for param in url.split('?')[1].split('&'): for payload in crlf_payloads: r = nq.Get(url.replace(param, param + en(payload))) if r == 0: break if 'BLATRUC' == r.headers.get('Header-Test'): show.bug(bug='CRLF injection', payload=payload.replace('\n', '%0a').replace( '\r', '%0d'), method='GET', parameter=param, link=url.replace(param, param + en(payload))) else: continue
def Get(url): for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) req = nq.Get(url.replace(param, param + en(payload))) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='template injection', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) break
def Put(url): for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: show.bug(bug='Cross-site scripting', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) break
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url, data) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug_Header(bug='SQL injection', payload=payload, method='PUT', header=header, target=url) break
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in rce_payloads.items(): all_headers = {} payload = payload.replace('\n', '%0a') try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url.split('?')[0], data) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='command injection', payload=payload.replace('\n', '%0a'), method='PUT', header=header, target=url) break
def Post(url): for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Post(url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='template injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload in xss_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break if payload.encode('utf-8') in req.content: show.bug_Header(bug='Cross-site scripting', payload=payload, method='PUT', header=header, target=url) break