def Get(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload, message in ssti_payloads.items():
all_headers = {}
r = nq.Get(url)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0], headers=all_headers)
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug_Header(bug='template injection',
payload=payload,
method='GET',
header=header,
target=url)
break
def Get(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in sqli_payloads:
all_headers = {}
r = nq.Get(url)
if r == 0:
break
save_request.save(r)
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0], method='GET', headers=all_headers)
if req == 0:
break
for n, e in sql_err.items():
r2 = findall(e.encode('utf-8'), save_request.get().content)
r3 = findall(e.encode('utf-8'), req.content)
if len(r2) < len(r3):
show.bug_Header(bug='SQL injection',
payload=payload,
method='GET',
header=header,
target=url)
break
def Get(url):
all_headers = {}
d = nq.Dump()
for header in SCAN_Headers:
for payload in xss_payloads:
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url, headers=all_headers)
if req != 0:
if payload.encode('utf-8') in req.content:
show.bug_Header(bug='Cross-site scripting',
payload=payload,
method='GET',
header=header,
target=url)
break
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in sqli_payloads:
all_headers = {}
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
r = nq.Put(url, data)
if r == 0:
break
save_request.save(r)
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
for n, e in sql_err.items():
r = findall(e.encode('utf-8'), save_request.get().content)
r2 = findall(e.encode('utf-8'), req.content)
if len(r) < len(r2):
show.bug_Header(bug='SQL injection',
payload=payload,
method='PUT',
header=header,
target=url)
break
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload, message in rce_payloads.items():
all_headers = {}
payload = payload.replace('\n', '%0a')
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
r = nq.Put(url.split('?')[0], data)
if r == 0:
break
r = len(findall(message.encode('utf-8'), r.content))
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
if r < len(findall(message.encode('utf-8'), req.content)):
show.bug_Header(bug='command injection',
payload=payload.replace('\n', '%0a'),
method='PUT',
header=header,
target=url)
break
def Put(url):
d = nq.Dump()
for header in SCAN_Headers:
for payload in xss_payloads:
all_headers = {}
try:
url.split('?')[1].split('&')
data = urlparse(url).query
data = post_data(data)
if data == 0:
data = {}
except:
data = {}
try:
H = nq.Dump()['headers'][header]
P = f'{H}{payload}'
except:
P = payload
for H, V in d['headers'].items():
if H == header:
pass
else:
all_headers[H] = V
all_headers[header] = P
req = REQ(url.split('?')[0],
data=data,
method='PUT',
headers=all_headers)
if req == 0:
break
if payload.encode('utf-8') in req.content:
show.bug_Header(bug='Cross-site scripting',
payload=payload,
method='PUT',
header=header,
target=url)
break
