def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wpass = self.options['wpass']
wuser = self.options['wuser']
url_path = self.options['url_path']
url = check_url(check_end(host,url_path),port)
for user in readfile(self.check(wuser)):
for passwd in readfile(self.check(wpass)):
self.thread(url,method,user,passwd)
def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wpass = self.options['wpass']
wuser = self.options['wuser']
url_path = self.options['url_path']
url = check_url(check_end(host, url_path), port)
for user in readfile(self.check(wuser)):
for passwd in readfile(self.check(wpass)):
self.thread(url, method, user, passwd)
def serror(self,resp):
""" Return error """
_ = None
realpath = path.join(path.realpath(__file__).split('plugins')[0],'lib/db/errors')
abspath = realpath+"/"+"xpath.json"
_ = self.search(resp,loads(readfile(abspath)[0],encoding="utf-8"))
if _ != None: return _
def module_run(self):
path = os.path.join(self.data_path,'os_command_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
headers = self.options['headers']
status = self.options['status']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path
url = check_url(check_end(host,url_path),port)
for payload in readfile(wordlist):
random_string = rand_all(20)
payload = payload.replace('[PAYLOAD]',random_string)
if method == 'GET':
urls = Replace(url,payload,data).run()
for url_ in urls:
print(url_)
resp = self.request(url=url_,method=method,data=data)
if re.search(random_string,resp.content,re.I):
plus('OS Command Vulnerability was found: %s'%(resp.url))
return
elif method == 'POST':
url_ = Replace(url,payload,data).run()[:1]
data_= Replace(url,payload,data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,method=method,data=data)
if re.search(random_string,resp.content,re.I):
plus('OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s'%(resp.url,data))
return
else:return
def module_run(self):
path = os.path.join(self.data_path,'sql_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist']!=('' or None) else path
url = check_url(check_end(host,url_path),port)
for payload in readfile(wordlist):
if method == 'GET':
urls = Replace(url,payload,data).run()
for url_ in urls:
resp = self.request(url=url_,method=method,data=data)
name,error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s'%(resp.url))
print(' \_ DBMS => %s\n \_ ERROR => %s'%(name,error))
return
elif method == 'POST':
url_ = Replace(url,payload,data).run()[:1]
data_= Replace(url,payload,data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,method=method,data=data)
name,error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s'%(resp.url))
print(' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s'%(data,name,error))
return
else:
return
def ragent():
"""random agent"""
user_agents = ()
realpath = path.join(path.realpath(__file__).split('lib')[0], 'lib/db/')
realpath += "useragent.wascan"
for _ in readfile(realpath):
user_agents += (_, )
return user_agents[randint(0, len(user_agents) - 1)]
def serror(self,resp):
""" Return error """
_ = None
realpath = path.join(path.realpath(__file__).split('plugins')[0],'lib/db/sqldberror')
for file in listdir(realpath):
abspath = realpath+"/"+file
_ = self.search(resp,loads(readfile(abspath)[0],encoding="utf-8"))
if _ != None: return _
def module_run(self):
test('Starting bruteforce...')
host = self.options['host']
port = self.options['port']
method = self.options['method']
wordlist = self.options['wordlist']
url_path = self.options['url_path']
url_ = check_url(check_end(host,url_path),port)
for line in readfile(self.check(wordlist)):
url = check_end(url_,line)
self.thread(url,method)
def run(self):
""" Run """
info('Checking Open Redirect..')
for path in readfile(self.search()):
# check url path
url = CPath(self.url,'/')+path
# send request
req = self.Send(url=url,method=self.get)
# if status code == 200
if search(r'https\:\/\/[www\.]google.com',req.url) or search(r'\<title\>Google\<\/title\>',req.content):
plus('A Potential Open Redirect at: {}'.format(url))
break
def run(self):
info('Bruteforce common backdoors...')
# set queue to MAX queues
queue = Queue(MAX)
for _ in xrange(MAX):
# call ThreadBrute class
thread = ThreadBrute(self.url, queue, self)
# set daemon
thread.daemon = True
# starting thread
thread.start()
# reading file
for path in readfile(self.search()):
queue.put(path)
queue.join()
def run(self):
info('Bruteforce admin panel...')
# set queue to MAX queues
queue = Queue(MAX)
for _ in range(MAX):
# call ThreadBrute class
thread = ThreadBrute(self.url, queue, self)
# set daemon
thread.daemon = True
# starting thread
thread.start()
# reading file
for path in readfile(self.search()):
queue.put(path.decode('utf-8'))
queue.join()
def run(self):
info('Bruteforce hidden params...')
info('A potential hidden parameters searching...')
# set queue to MAX queues
queue = Queue(MAX)
for _ in xrange(MAX):
# call ThreadBrute class
thread = ThreadBrute(self.url, queue, self)
# set daemon
thread.daemon = True
# starting thread
thread.start()
# reading file
for path in readfile(self.search()):
queue.put(path)
queue.join()
def run(self):
""" Run """
for path in readfile(self.search()):
# check url path
url = CPath(self.url, path)
# send request
req = self.Send(
url=url,
method=self.get,
)
# if status code == 200
if req.code == 200:
# and search in req.content
if search(
r'\<title\>phpinfo()\<\/title\>|\<h1 class\=\"p\"\>PHP Version',
req.content):
plus('Found phpinfo page at: %s' % (req.url))
break
def module_run(self):
test('Starting bruteforce...')
back_ext = [
' (copy)/','_copy/', '- Copy/','~/','.7z',
'.gz','.tar.gz','.tar','.tar.7z','.tar.bz2','.bak',
'.old','.zip','.rar','.bac','_old','_bak','_backup','1','2','3'
]
host = self.options['host']
port = self.options['port']
method = self.options['method']
wordlist = self.options['wordlist']
url_path = self.options['url_path']
extensions = self.to_dict(self.options['exts']) if self.options['exts'] != None else back_ext
url_ = check_url(check_end(host,url_path),port)
for dir_ in readfile(self.check(wordlist)):
for bk in extensions:
url = check_end(url_,dir_+bk)
self.thread(url,method)
def module_run(self):
path = os.path.join(self.data_path, 'os_command_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
headers = self.options['headers']
status = self.options['status']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist'] != (
'' or None) else path
url = check_url(check_end(host, url_path), port)
for payload in readfile(wordlist):
random_string = rand_all(20)
payload = payload.replace('[PAYLOAD]', random_string)
if method == 'GET':
urls = Replace(url, payload, data).run()
for url_ in urls:
print(url_)
resp = self.request(url=url_, method=method, data=data)
if re.search(random_string, resp.content, re.I):
plus('OS Command Vulnerability was found: %s' %
(resp.url))
return
elif method == 'POST':
url_ = Replace(url, payload, data).run()[:1]
data_ = Replace(url, payload, data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,
method=method,
data=data)
if re.search(random_string, resp.content, re.I):
plus(
'OS Command Vulnerability was found:\n \_ URL => %s\n \_ DATA => %s'
% (resp.url, data))
return
else:
return
def module_run(self):
path = os.path.join(self.data_path, 'sql_injection.galileo')
test('Injecting...')
host = self.options['host']
port = self.options['port']
data = self.options['data']
method = self.options['method']
url_path = self.options['url_path']
wordlist = self.options['wordlist'] if self.options['wordlist'] != (
'' or None) else path
url = check_url(check_end(host, url_path), port)
for payload in readfile(wordlist):
if method == 'GET':
urls = Replace(url, payload, data).run()
for url_ in urls:
resp = self.request(url=url_, method=method, data=data)
name, error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s' % (resp.url))
print(' \_ DBMS => %s\n \_ ERROR => %s' %
(name, error))
return
elif method == 'POST':
url_ = Replace(url, payload, data).run()[:1]
data_ = Replace(url, payload, data).run()[1:]
for _url_ in url_:
for data in data_:
resp = self.request(url=_url_,
method=method,
data=data)
name, error = sql_error(resp.content)
if name and error:
plus('SQL Injection was found: %s' % (resp.url))
print(
' \_ DATA => %s\n \_ NAME => %s\n \_ ERROR => %s'
% (data, name, error))
return
else:
return
