def path_generator(self, parsed_url, payloads: list) -> list:
payloads_to_try = []
skip_print = f"{Color.bad} Skipping some used paths."
upto_path = urlerslasher(parsed_url.netloc)
if parsed_url.path == '/' or len(parsed_url.path) == 1:
payloads_list = self.netloc_generator(parsed_url, payloads)
payloads_to_try = [p for p in payloads_list]
else:
path_list = [
ender(path, '/')
for path in findall(r'([^/]+)', parsed_url.path)
]
path_range = range(len(path_list) - 1, 0, -1)
for index in path_range:
unslashed = unender(path_list[index - 1], '/')
if self.Skipper.check_path(path_list[index - 1]):
print(skip_print)
return payloads_to_try
elif search('[a-zA-Z].+[0-9]$', unslashed):
print(skip_print)
return payloads_to_try
elif search('^[0-9].*$', unslashed) and len(unslashed) >= 2:
print(skip_print)
return payloads_to_try
elif not self.Skipper.check_path(path_list[index - 1]):
self.Skipper.add_path(path_list[index - 1])
for payload in payloads:
path_list[index] = unstarter(payload, '/')
path_payload = upto_path + "".join(path_list)
payloads_to_try.append(path_payload)
path_list.pop()
return payloads_to_try
def main():
sql_dict['HOST'] = ender(urler(sql_dict['HOST']), "/")
const = input(f"{ColorObj.information} Fetch data or edit (F/E)? ")
if const == 'F':
print(f"{ColorObj.good} Fetching data ..")
query_res = fetch_mysql()
for i in query_res:
print(i)
print(f"{ColorObj.good} Fetched!")
main()
exit()
for keys, values in sql_dict.items():
print("{} ::: {}".format(keys, colored(values, color='green')))
print("")
cont = input(
f"{ColorObj.information} Continue with above value (Y/N) or update value (U): "
)
if cont.upper() == 'Y':
try:
insert_mysql()
except Exception as E:
print(f"Error {E,E.__class__} occured while inserting data")
exit(0)
elif cont.upper() == 'U':
up = input(f"{ColorObj.information} Enter hostname to update: ")
update_mysql(up)
else:
main()
def insert_mysql():
statement = "INSERT INTO password (HOST, USERNAME, EMAIL, PASSWORD, 2FA, BACKUP, OTHER) VALUES (%s,%s,%s,%s,%s,%s,%s)"
values = (ender(
urler(sql_dict['HOST']).replace('http://', 'https://'),
"/"), sql_dict['USERNAME'], sql_dict['EMAIL'], sql_dict['PASSWORD'],
sql_dict['2FA'], sql_dict['BACKUP'], sql_dict['OTHER'])
cursor.execute(statement, values)
conn.commit()
def check_parameter(self, url: str, parameter: str) -> bool:
url = ender(url, '?')
exist = bool(self.parameter_list.get(url))
if exist:
for self_parameter in self.parameter_list[url]:
if self_parameter == parameter:
return True
return False
def add_parameter(self, url: str, parameter_list: list) -> list:
url = ender(url, '?')
if bool(self.parameter_list.get(url)):
var = self.parameter_list[url]
var.update(set(parameter_list))
self.parameter_list[url] = var
return False
self.parameter_list[url] = set(parameter_list)
return True
def write_output(filename, orgs, commons, filepath=None) -> tuple:
if filepath:
output_file = open(ender(filepath, '/') + filename + '.certex', 'a')
else:
output_file = open(filename, 'a')
for org in orgs:
output_file.write(org)
output_file.write('\n')
for common in commons:
output_file.write(common + '\n')
output_file.close()
def main():
if argv.server:
p = Payloader.generate_payloads(input_wordlist, urler(argv.server))
elif argv.auto:
if ',' in argv.auto:
server_path, public_path = argv.auto.split(',')
public_url = unender(ender(ngrok.connect(port = port), '/') + unstarter(public_path, '/'), '/')
else:
server_path = argv.auto
public_url = unender(ngrok.connect(port = port), '/')
system(f"(cd {server_path}; fuser -k {port}/tcp 1>/dev/null 2>/dev/null; php -S 0.0.0.0:{port} 1>/dev/null 2>/dev/null &)")
p = Payloader.generate_payloads(input_wordlist, urler(public_url))
with ThreadPoolExecutor(max_workers=argv.threads) as mapper:
mapper.map(try_payload, p)
print(f"{Color.good} Success. Check your server logs for bounty!")
def write_output(objects, filename=None, path=None):
if path:
output_file = open(ender(path, '/') + filename + '.CRLFi', 'a')
elif filename:
output_file = open(filename, 'a')
else:
print("Cant write output")
for single_object in objects:
the_payload, is_exploitable = single_object.result()
if is_exploitable:
print(
f"{Color.good} Yes, the url is exploitable\t,Payload: {the_payload}"
)
output_file.write("Exploitable:{}, Payload:{}\n".format(
is_exploitable, the_payload))
return output_file.close()
def update_mysql(host):
data = fetch_mysql()
where = ""
for i in data:
if i[1] == host:
where = i[0]
data = i[1:]
break
statement = "UPDATE password SET HOST = %s, USERNAME = %s, EMAIL = %s, PASSWORD = %s, 2FA = %s, BACKUP = %s, OTHER = %s WHERE ID = %s"
values = (ender(
urler(sql_dict['HOST']).replace('http://', 'https://'),
"/"), sql_dict['USERNAME'], sql_dict['EMAIL'], sql_dict['PASSWORD'],
sql_dict['2FA'], sql_dict['BACKUP'], sql_dict['OTHER'],
int(where))
cursor.execute(statement, values)
conn.commit()
def output_writer(filename, to_write, filepath=None):
if filepath:
output_file = open(ender(filepath, '/') + filename + '.jscan', 'a')
else:
output_file = open(filename, 'a')
for jsresults in to_write:
jarray = sorted(jsresults.result(), key=lambda x: x[1])
for jsresult in jarray:
output_file.write(jsresult[0])
#for tag in tag_dict.items():
#for jsresult in jarray:
#print(f"JR1: {jsresult[1]}, Tag0: {tag[0]}")
#if not tag[1] and tag[0] == jsresult[1]:
# output_file.write(f"{tag[0]}:\t")
# tag_dict[tag[0]] = True
#else:
# print("Writing content", end=" ")
# print(f"Jresult[0] {jsresult[0]}")
# output_file.write(jsresult[0])
#else:
# print(f"T0: {tag[0]},J1: {jsresult[1]}")
#output_file.write('\n')
output_file.close()
def output_directory_writer(filepath, filename, dork_list: list) -> bool:
output_file = open(
ender(filepath, '/') + unstarter(filepath, '/') + '.google', 'a')
for dork_line in dork_list:
output_file.write(dork_line)
output_file.close()
action="store_true",
help="Fetch from config file (optional, not implemented)")
group.add_argument('-a',
'--argv',
action="store_true",
help="Fetch from command line (optional, not implemented)")
group.add_argument('-i',
'--input',
action="store_true",
help="Fetch from input (optional, not implemented)")
argv = parser.parse_args()
mode = starter(argv)
if mode == 'argv':
sql_dict['HOST'] = ender(
urler(argv.host).replace('http://', 'https://'), "/")
sql_dict['USERNAME'] = argv.username
sql_dict['EMAIL'] = argv.email
sql_dict['PASSWORD'] = argv.password
sql_dict['2FA'] = argv.two_factor
sql_dict['BACKUP'] = argv.backup
sql_dict['OTHER'] = argv.other
elif mode == 'input':
sql_dict['HOST'] = ender(
(urler(input(f"{ColorObj.information} Enter Host: "))).replace(
'http://', 'https://'), "/")
sql_dict['USERNAME'] = input(f"{ColorObj.information} Enter Username: "******"{ColorObj.information} Enter Email: ")
sql_dict['PASSWORD'] = input(f"{ColorObj.information} Enter Password: "******"{ColorObj.information} Enter 2FA: ")
sql_dict['BACKUP'] = input(f"{ColorObj.information} Enter Backup: ")
def generate_url(self, half_url: str, parameters: list) -> list:
return [
ender(half_url, '?') + '&'.join(parameter)
for parameter in parameters
]
def write_output_directory(filepath, filename, towrite):
f = open(ender(filepath, '/') + filename + ".github", 'a')
[f.write(d) for data in towrite for d in data]
f.close()