def run(word_queue, url): state = False while not word_queue.empty(): attempt = word_queue.get() attempt_list = [] attempt_list.append(attempt) for brute in attempt_list: if state == True: break user_agent = random.choice(regex.USR_AGENTS) headers = {'User-Agent': user_agent} try: url = nano.inject_param(url, str(brute)) r = requests.get(url, headers=headers, verify=False) cont = r.content if "uid=" and "gid=" and "groups=" in str(cont): state = True print( "\033[91mPossibly OS Command injection vulnerability\033[00m " + url) break else: pass except: pass
def run(word_queue,url): while not word_queue.empty(): attempt = word_queue.get() attempt_list = [] attempt_list.append(attempt) for brute in attempt_list: user_agent=random.choice(regex.USR_AGENTS) headers={'User-Agent':user_agent } try: url = nano.inject_param(url,str(brute)) url=url.replace("b'","") url=url.replace("'","") r = requests.get(url,headers=headers,verify=False) resp= r.content if(re.search('root:', str(resp))): if(re.search('bin:', str(resp))): if(re.search('nobody:', str(resp))): if(re.search(':x:', str(resp))): print("\033[91mPossibly LFI vulnerability\033[00m "+url) break else: pass except: pass
def semple(url): state=False done=0 user_agent=random.choice(regex.USR_AGENTS) headers = {'User-Agent': user_agent } payload=["'",'"',";","#","-","--","--+"] for i in payload: if done ==1 : break try: url=inject(url,i) r = requests.get(url,headers=headers,verify=False) cont = r.content for x in regex.SQL_ERROR: if(re.search(x, str(cont))): url_=nano.inject_param(url,"x") r_ = requests.get(url_,headers=headers,verify=False) cont_ = r_.content if(re.search(x, str(cont_))): pass else: state=True print("\033[91mPossibly SQL injection vulnerability\033[00m "+url) done=1 break except: pass return state
def ssti_(url): try: for x in regex.payload_ssti_1: r = requests.get(nano.inject_param(url,x),verify=False) cont1 = r.content if(re.search(test1, str(cont1))): for i in regex.payload_ssti_2: r = requests.get(nano.inject_param(url,i),verify=False,timeout=10) cont2 = r.content if(re.search(test2, str(cont2))): print("\033[91m Possibly SS template injection vulnerability\033[00m\t"+nano.inject_param(url,i)) break else: pass except: pass
def xss_(link): if nano.reflection(link) == True: for rg, p in regex.XSS.items(): user_agent = random.choice(regex.USR_AGENTS) headers = {'User-Agent': user_agent} url = nano.inject_param(link, p) try: r = requests.get(url, headers=headers, verify=False) resp = r.content x = re.findall(rg, str(resp)) if (x): print('\033[91mPossibly XSS vulnerability\033[00m ' + url) break else: pass except: pass pay = {'X=GtRNv>': '&X=GtRNv>', 'X=GtRNbv>': '&X%3DGtRNbv%3E'} for rg, p in pay.items(): user_agent = random.choice(regex.USR_AGENTS) headers = {'User-Agent': user_agent} url = link + p try: r = requests.post(url, headers=headers, verify=False) resp = r.content x = re.findall(rg, str(resp)) if (x): if 'text/html' in str(ContentType): print('\033[91mPossibly XSS vulnerability\033[00m ' + url) break else: print( '\033[33;1mWarning can be false positives Content Type: {}\033[00m' ).format(str(ContentType)) print('\033[91mPossibly XSS vulnerability\033[00m ' + url) break else: pass except: pass else: pass
def run_(word_queue, url): if url != None: while not word_queue.empty(): attempt = word_queue.get() attempt_list = [] attempt_list.append(attempt) for brute in attempt_list: try: session = requests.Session() url = nano.inject_param(url, brute) session.get(url) if 'crlf' in session.cookies.get_dict( ) and 'injection' in session.cookies.get_dict().values(): print( '\033[91m Possibly CRLF injection vulnerability\033[00m ' + url) break else: pass except: pass else: pass
def lfi_dirF(i): lfi.lfi_dir(i) def crlf_dirF(i): crlf.crlf_dir(i) urls= archiveurl.waybackurls(url) with alive_bar(len(urls)) as bar: for i in urls: for uniq_url in nano.inject_dir(i,"uNiq_stRiNg"): if uniq_url not in uniq: uniq.append(uniq_url) if "?" in i: uniq_link=nano.inject_param(i,'yaTi8CP7Efh') else: uniq_link=i bar() i=i.rstrip() p1 = Process(target=traceF, args=(i,)) p1.start() p2 = Process(target=jsparseF, args=(i,)) p2.start() p4 = Process(target=base64F, args=(i,)) p4.start()