def run_tests(links, testLevel = 1, v = False) :
if (links == [] or links == None) :
bcolors.printFail("[-]Invalid input parameters! Exiting...")
return
proxyhandler = Proxy(True)
proxyhandler.proxify()
proxyhandler.validate_proxy()
TestObjects = []
for link in links :
sqlI = True # Used to check if we need to perform a second time-based sqlInjection test
res = sql_error_scan(link, v)
if(res != None) :
TestObjects.append(TestObject.TestObject(link, "SQLi", res))
sqlI = False
#Time based SQLi
if (testLevel > 1 and sqlI ) :
res = sql_time_scan(link, v)
if(res != None) :
TestObjects.append(TestObject.TestObject(link, "SQLiT", res))
#XSS
if (testLevel > 2) :
res = xss_vuln_scan(link, v)
if(res != None) :
TestObjects.append(TestObject.TestObject(link, "XSS", res))
if (v) :
if (TestObjects != []) :
bcolors.printGreen("~*~*~*~*~PRINTING FOUND TARGETS~*~*~*~*~")
for t in TestObjects :
t.print_test()
else :
bcolors.printFail("~*~*~*~*~NO TARGETS FOUND~*~*~*~*~")
return TestObjects
def run_tests(links, testLevel=1, v=False):
if (links == [] or links == None):
bcolors.printFail("[-]Invalid input parameters! Exiting...")
return
proxyhandler = Proxy(True)
proxyhandler.proxify()
proxyhandler.validate_proxy()
TestObjects = []
for link in links:
sqlI = True # Used to check if we need to perform a second time-based sqlInjection test
res = sql_error_scan(link, v)
if (res != None):
TestObjects.append(TestObject.TestObject(link, "SQLi", res))
sqlI = False
#Time based SQLi
if (testLevel > 1 and sqlI):
res = sql_time_scan(link, v)
if (res != None):
TestObjects.append(TestObject.TestObject(link, "SQLiT", res))
#XSS
if (testLevel > 2):
res = xss_vuln_scan(link, v)
if (res != None):
TestObjects.append(TestObject.TestObject(link, "XSS", res))
if (v):
if (TestObjects != []):
bcolors.printGreen("~*~*~*~*~PRINTING FOUND TARGETS~*~*~*~*~")
for t in TestObjects:
t.print_test()
else:
bcolors.printFail("~*~*~*~*~NO TARGETS FOUND~*~*~*~*~")
return TestObjects
class Search:
#Initializes variables
def __init__(self, useproxy, retries=None, verbose=False, sleep=5):
self.urls = [] # contains scraped urls
self.blacklist = [] # contains blacklisted proxies
self.useproxy = useproxy # dictates use of proxy
self.retries = retries # sets the number of search retries, if None => unlimited
self.verbose = verbose # sets verbosity level
self.sleep = sleep # dictates sleep while searching for urls
self.cookie_jar = cookie_jar = http.cookiejar.CookieJar()
self.proxyhandler = None
if (self.useproxy):
self.proxyhandler = Proxy(self.verbose)
self.proxyhandler.proxify()
if (self.verbose):
bcolors.printGreen("[+]Search object created!")
def print_state(self):
bcolors.printBold("****Printing object state****")
bcolors.printBold("URLs:\n")
print(str(self.urls))
bcolors.printBold("Blacklist:\n")
print(str(self.blacklist))
bcolors.printBold("Settings:\n")
print("Retries: " + str(self.retries) + ", verbose: " +
str(self.verbose) + ", sleep: " + str(self.sleep))
def print_urls(self):
bcolors.printBold("****PRINTING URLS****\n")
for url in self.urls:
print(str(url))
# Returns the HTML page of a website.
# It incorporates error checking and retries
# If an unknown error was raised we call the fatal_exception() method
def get_html(self, url):
if (self.useproxy):
self.proxyhandler.validate_proxy()
req = urllib.request.Request(url, None, data.headers)
tries = 0
while (self.retries == None or tries < self.retries):
try:
res = urllib.request.urlopen(req)
self.cookie_jar.extract_cookies(res, req)
src = res.read()
break
except urllib.error.HTTPError as e:
if (e.code != 503):
bcolors.printFail("[-]HTTP Error " + str(e) +
" was raised!")
return None
if (self.useproxy):
if (self.verbose):
bcolors.printWarning(
"[*]503 Error raised when acquiring search results! Updating proxy..."
)
self.update_proxy()
# If we have to retry, append current proxy to blacklist
if (self.useproxy):
# blacklists both proxies if error occured!
self.proxyhandler.blacklist_current_proxy(True)
tries += 1
return html.fromstring(str(src))
def update_proxy(self, https=False):
self.proxyhandler.proxify(https, True)
self.proxyhandler.validate_proxy()
def fatal_exception(self, e=None, function_name=None):
bcolors.printFail("A fatal exception has occured!")
if (not e == None):
print(str(e))
if (not function_name == None):
print(str(function_name))
bcolors.printBold("****PROGRAM STATE****")
self.print_state()
sys.exit(0)
class Search :
#Initializes variables
def __init__(self, useproxy, retries = None, verbose = False, sleep = 5):
self.urls = [] # contains scraped urls
self.blacklist = [] # contains blacklisted proxies
self.useproxy = useproxy # dictates use of proxy
self.retries = retries # sets the number of search retries, if None => unlimited
self.verbose = verbose # sets verbosity level
self.sleep = sleep # dictates sleep while searching for urls
self.cookie_jar = cookie_jar = http.cookiejar.CookieJar()
self.proxyhandler = None
if (self.useproxy) :
self.proxyhandler = Proxy(self.verbose)
self.proxyhandler.proxify()
if (self.verbose) :
bcolors.printGreen("[+]Search object created!")
def print_state(self) :
bcolors.printBold("****Printing object state****")
bcolors.printBold("URLs:\n")
print(str(self.urls))
bcolors.printBold("Blacklist:\n")
print(str(self.blacklist))
bcolors.printBold("Settings:\n")
print("Retries: " + str(self.retries) + ", verbose: " + str(self.verbose) + ", sleep: " + str(self.sleep))
def print_urls(self) :
bcolors.printBold("****PRINTING URLS****\n")
for url in self.urls :
print(str(url))
# Returns the HTML page of a website.
# It incorporates error checking and retries
# If an unknown error was raised we call the fatal_exception() method
def get_html(self, url) :
if (self.useproxy) :
self.proxyhandler.validate_proxy()
req = urllib.request.Request(url, None, data.headers)
tries = 0
while (self.retries == None or tries < self.retries):
try :
res = urllib.request.urlopen(req)
self.cookie_jar.extract_cookies(res, req)
src = res.read()
break
except urllib.error.HTTPError as e:
if (e.code != 503) :
bcolors.printFail("[-]HTTP Error " + str(e) + " was raised!")
return None
if (self.useproxy) :
if (self.verbose) :
bcolors.printWarning("[*]503 Error raised when acquiring search results! Updating proxy...")
self.update_proxy()
# If we have to retry, append current proxy to blacklist
if (self.useproxy) :
# blacklists both proxies if error occured!
self.proxyhandler.blacklist_current_proxy(True)
tries += 1
return html.fromstring(str(src))
def update_proxy(self, https=False) :
self.proxyhandler.proxify(https, True)
self.proxyhandler.validate_proxy()
def fatal_exception(self,e = None, function_name = None) :
bcolors.printFail("A fatal exception has occured!")
if (not e == None) :
print(str(e))
if (not function_name == None) :
print(str(function_name))
bcolors.printBold("****PROGRAM STATE****")
self.print_state()
sys.exit(0)
