def get_robots_txt(self, target): cprint("[*]Checking for Robots.txt", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target+"/robots.txt") r = req.text cprint(r, 'blue')
def get_robots_txt(self, target): cprint("[*]Checking for Robots.txt", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target + "/robots.txt") r = req.text cprint(r, 'blue')
def head_method(self, target): cprint("Testing Head Method",'yellow') print("") req = requests.head(target) r = req.status_code if r == 200: print(r, "OK") else: print("Response", OK)
def put_method(self, target): cprint("Testing Put Method",'yellow') print("") req = requests.put(target) r = req.status_code if r == 200: print(r, "OK") else: print("Response", r)
def delete_method(self, target): cprint("Testing Delete Method",'yellow') print("") req = requests.delete(target) r = req.status_code if r == 200: print(r, "OK") else: print("Response", r)
def execute_all_func(self, target): try: self.xsscheck(target) except: cprint("Error Checking for X-Frame-Options", "red") try: self.createPOC(target) except: cprint("Error Creating POC", "red")
def execute_all_func(self, target): try: self.get_cookie(target) except: cprint("Errror Getting Cookies", "red") try: self.decode_cookie(target) except: cprint("Error Decoding Cookies (base64)", "red")
def execute_all_func(self, target): try: self.xsscheck(target) except: cprint("Error Checking for X-Frame-Options", "red") try: self.createPOC(target) except: cprint("Error Creating POC", "red")
def xsscheck(self, target): try: req = requests.get(target) head = req.headers["X-Frame-Options"] print("X-frame-options found!") print("Clickjacking not Possible",) except: cprint("Alert!", "red") cprint("Clickjacking Possible", "red") self.createPOC(target)
def xsscheck(self, target): try: req = requests.get(target) head = req.headers["X-Frame-Options"] print("X-frame-options found!") print("Clickjacking not Possible", ) except: cprint("Alert!", "red") cprint("Vulnerable to Clickjacking", "red") self.createPOC(target)
def get_cookie(self, target): cprint("[*]Getting Cookie", "yellow") req = requests.get(target) c = req.cookies i = c.items() if i: for name, value in i: print(name, value) else: cprint("No cookies found", "red")
def decode_cookie(self, target): cprint("") cprint("[*]Decoding Cookie", "yellow") req = requests.get(target) c = req.cookies i = c.items() for name, value in i: b64 = value.replace("%3D", "=") try: b64 = base64.b64decode(b64).decode('ascii') except: print("") print(name, b64)
def get_dot_svn(self, target): cprint("[*]Checking for .svn folder", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target+"/.svn/entries") r = req.status_code if r == 200: cprint("Alert!", 'red') cprint(".SVN folder exposed publicly", 'red') else: cprint("NO .SVN folder found", 'blue')
def get_dot_svn(self, target): cprint("[*]Checking for .svn folder", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target + "/.svn/entries") r = req.status_code if r == 200: cprint("Alert!", 'red') cprint(".SVN folder exposed publicly", 'red') else: cprint("NO .SVN folder found", 'blue')
def execute_all_func(self, target): try: self.get_method(target) except: cprint("Error", "red") try: self.post_method(target) except: cprint("Error", "red") try: self.head_method(target) except: cprint("Error", "red") try: self.put_method(target) except: cprint("Error", "red") try: self.delete_method(target) except: cprint("Error", "red")
def cookiebased(self, target): cprint("[*] Checking for Cookie based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path + '/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() req = requests.get(target) c = req.cookies i = c.items() for j in range(0, len(error)): for ckey, value in i: payload[j] = payload[j].strip("\n") value = value + payload[j] temp = value req = requests.get(target, cookies={ckey: value}) value = temp res = req.text if error[j] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Cookie Based SQL Injection!", 'red') else: cprint("No Injection Possible !", 'blue')
def cookiebased(self, target): cprint("[*] Checking for Cookie based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path+'/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() req = requests.get(target) c = req.cookies i = c.items() for j in range(0, len(error)): for ckey, value in i: payload[j] = payload[j].strip("\n") value = value+payload[j] temp = value req = requests.get(target, cookies={ckey: value}) value = temp res = req.text if error[j] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Cookie Based SQL Injection", 'red') else: cprint("No Injection Possible !", 'blue')
def useragentbased(self, target): cprint("[*] Checking for User-Agent based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path + '/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() user_agent = { 'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 39.0) Gecko/20100101 Firefox/39.0' } temp = user_agent['User-agent'] for i in range(0, len(error)): payload[i] = payload[i].strip("\n") user_agent['User-agent'] = user_agent['User-agent'] + payload[i] req = requests.get(target, headers=user_agent) user_agent['User-agent'] = temp res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to User-Agent-based SQL Injection!", 'red') else: cprint("No Injection Possible !", 'blue')
def execute_all_func(self, target): try: self.urlbased(target) except: cprint("Errror In Checking url based SQLi", "red") try: self.cookiebased(target) except: cprint("Error In Checking Cookie based SQLi", "red") try: self.useragentbased(target) except: cprint("Error In Checking User-agent based SQLi", "red") try: self.refererbased(target) except: cprint("Error In Checking Referer-based SQLi", "red")
def execute_all_func(self, target): try: self.get_robots_txt(target) except: cprint("No robots.txt file Found!", "blue") try: self.get_dot_git(target) except: cprint("Error !", "red") try: self.get_dot_svn(target) except: cprint("Error", "red") try: self.get_dot_htaccess(target) except: cprint("Error", "red")
def execute_all_func(self, target): try: self.urlbased(target) except: cprint("Errror In Checking url based SQLi", "red") try: self.cookiebased(target) except: cprint("Error In Checking Cookie based SQLi", "red") try: self.useragentbased(target) except: cprint("Error In Checking User-agent based SQLi", "red") try: self.refererbased(target) except: cprint("Error In Checking Referer-based SQLi", "red")
def execute_all_func(self, target): try: self.get_robots_txt(target) except: cprint("No robots.txt file Found!", "blue") try: self.get_dot_git(target) except: cprint("Error !", "red") try: self.get_dot_svn(target) except: cprint("Error", "red") try: self.get_dot_htaccess(target) except: cprint("Error", "red")
def urlbased(self, target): cprint("[*] Checking for URL based SQLi", 'yellow') key = list() path = os.getcwd() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path + '/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() for i in range(0, len(error)): req = requests.get(target + payload[i]) res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Url Based SQL Injection!", 'red') else: cprint("No Injection Possible !", 'blue')
def urlbased(self, target): cprint("[*] Checking for URL based SQLi", 'yellow') key = list() path = os.getcwd() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path+'/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() for i in range(0, len(error)): req = requests.get(target+payload[i]) res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Url Based SQL Injection", 'red') else: cprint("No Injection Possible !", 'blue')
def refererbased(self, target): cprint("[*] Checking for Cookie based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path+'/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() referer = target temp = referer for i in range(0, len(error)): payload[i] = payload[i].strip("\n") referer = referer + payload[i] req = requests.get(target, headers={'Referer': referer}) referer = temp res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Referer Based SQL Injection", 'red') else: cprint("No Injection Possible !", 'blue')
def useragentbased(self, target): cprint("[*] Checking for User-Agent based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path+'/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() user_agent = {'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 39.0) Gecko/20100101 Firefox/39.0'} temp = user_agent['User-agent'] for i in range(0, len(error)): payload[i] = payload[i].strip("\n") user_agent['User-agent'] = user_agent['User-agent'] + payload[i] req = requests.get(target, headers=user_agent) user_agent['User-agent'] = temp res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Referer-based SQL Injection", 'red') else: cprint("No Injection Possible !", 'blue')
def refererbased(self, target): cprint("[*] Checking for Cookie based SQLi", 'yellow') path = os.getcwd() key = list() error = ["MySQL server version", "have an error", "SQL syntax"] f = open(path + '/modules/sqlpayloads.txt', 'r') payload = f.readlines() f.close() referer = target temp = referer for i in range(0, len(error)): payload[i] = payload[i].strip("\n") referer = referer + payload[i] req = requests.get(target, headers={'Referer': referer}) referer = temp res = req.text if error[i] in res: key.append(1) else: key.append(0) if 1 in key: cprint("Vulnerable to Referer Based SQL Injection!", 'red') else: cprint("No Injection Possible !", 'blue')
def get_headers(self, target): req = requests.head(target) req = req.headers for i in req.items(): cprint(i[0].ljust(60) + i[1].rjust(50), 'blue')
def main(): parser = argparse.ArgumentParser(description="Web Recon Script") parser.add_argument('-u', '--url', type=str, help='URL', required=True) parser.add_argument('-A1', '--injection', help='Injection Attacks', action="store_true") parser.add_argument('-A3', '--xss', help='XSS', action="store_true") parser.add_argument('-a', '--All', help='All possible Attacks', action="store_true") args = parser.parse_args() target = args.url cprint('`````````````````````````````````````````````````````', 'red') cprint('````````` ```````', 'red') cprint('````````` ```````', 'red') cprint('````````` ```````', 'red') cprint('```````````````````````````````````````````````````````', 'red') cprint("--------------------------------------------------------------", 'green') cprint("[+] Getting the Headers", 'yellow') cprint("--------------------------------------------------------------", 'green') h = header() h.get_headers(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Extracting Cookies ", 'yellow') cprint("--------------------------------------------------------------", 'green') c = Cookie() c.execute_all_func(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Information Disclosure", 'yellow') cprint("--------------------------------------------------------------", 'green') i = info() i.execute_all_func(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Testing HTTP Methods", 'yellow') cprint("--------------------------------------------------------------", 'green') hc = httpCommands() hc.execute_all_func(target) if args.injection or args.All: cprint("--------------------------------------------------------------", 'green') cprint("[+] Checking for SQL Injection", 'yellow') cprint("--------------------------------------------------------------", 'green') sql = sqli() sql.execute_all_func(target) if args.xss or args.All: cprint("---------------------------------------------------------------", 'green') cprint("[+] Checking for XSS Injection", 'yellow') cprint("--------------------------------------------------------------", 'green') x = xss() x.execute_all_func(target)
def get_dot_htaccess(self, target): cprint("[*]Checking for .htaccess", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target + "/.htaccess") r = req.text statcode = req.status_code if statcode == 403: cprint("403 Forbidden", 'blue') elif statcode == 200: cprint("Alert!!", 'blue') cprint(".htaccess file found publicly!", 'blue') else: cprint("Status code", 'blue') cprint(statcode, 'blue')
def get_dot_htaccess(self, target): cprint("[*]Checking for .htaccess", 'yellow') url = target target = "{0.scheme}://{0.netloc}/".format(urlsplit(url)) req = requests.get(target+"/.htaccess") r = req.text statcode = req.status_code if statcode == 403: cprint("403 Forbidden", 'blue') elif statcode == 200: cprint("Alert!!", 'blue') cprint(".htaccess file found!", 'blue') else: cprint("Status code", 'blue') cprint(statcode, 'blue')
def main(): parser = argparse.ArgumentParser(description="Web Recon Script") parser.add_argument('-u', '--url', type=str, help='URL', required=True) parser.add_argument('-A1', '--injection', help='Injection Attacks', action="store_true") parser.add_argument('-A3', '--xss', help='XSS', action="store_true") parser.add_argument('-a', '--All', help='All possible Attacks', action="store_true") args = parser.parse_args() target = args.url cprint('`````````````````````````````````````````````````````', 'red') cprint('````````` ```````', 'red') cprint('````````` ```````', 'red') cprint('````````` ```````', 'red') cprint('```````````````````````````````````````````````````````', 'red') cprint("--------------------------------------------------------------", 'green') cprint("[+] Getting the Headers", 'yellow') cprint("--------------------------------------------------------------", 'green') h = header() h.get_headers(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Extracting Cookies ", 'yellow') cprint("--------------------------------------------------------------", 'green') c = Cookie() c.execute_all_func(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Information Disclosure", 'yellow') cprint("--------------------------------------------------------------", 'green') i = info() i.execute_all_func(target) cprint("--------------------------------------------------------------", 'green') cprint("[+] Testing HTTP Methods", 'yellow') cprint("--------------------------------------------------------------", 'green') hc = httpCommands() hc.execute_all_func(target) if args.injection or args.All: cprint( "--------------------------------------------------------------", 'green') cprint("[+] Checking for SQL Injection", 'yellow') cprint( "--------------------------------------------------------------", 'green') sql = sqli() sql.execute_all_func(target) if args.xss or args.All: cprint( "---------------------------------------------------------------", 'green') cprint("[+] Checking for XSS Injection", 'yellow') cprint( "--------------------------------------------------------------", 'green') x = xss() x.execute_all_func(target)