def run(word_queue, url):
state = False
while not word_queue.empty():
attempt = word_queue.get()
attempt_list = []
attempt_list.append(attempt)
for brute in attempt_list:
if state == True:
break
user_agent = random.choice(regex.USR_AGENTS)
headers = {'User-Agent': user_agent}
try:
url = nano.inject_param(url, str(brute))
r = requests.get(url, headers=headers, verify=False)
cont = r.content
if "uid=" and "gid=" and "groups=" in str(cont):
state = True
print(
"\033[91mPossibly OS Command injection vulnerability\033[00m "
+ url)
break
else:
pass
except:
pass
def run(word_queue,url):
while not word_queue.empty():
attempt = word_queue.get()
attempt_list = []
attempt_list.append(attempt)
for brute in attempt_list:
user_agent=random.choice(regex.USR_AGENTS)
headers={'User-Agent':user_agent }
try:
url = nano.inject_param(url,str(brute))
url=url.replace("b'","")
url=url.replace("'","")
r = requests.get(url,headers=headers,verify=False)
resp= r.content
if(re.search('root:', str(resp))):
if(re.search('bin:', str(resp))):
if(re.search('nobody:', str(resp))):
if(re.search(':x:', str(resp))):
print("\033[91mPossibly LFI vulnerability\033[00m "+url)
break
else:
pass
except:
pass
def semple(url):
state=False
done=0
user_agent=random.choice(regex.USR_AGENTS)
headers = {'User-Agent': user_agent }
payload=["'",'"',";","#","-","--","--+"]
for i in payload:
if done ==1 :
break
try:
url=inject(url,i)
r = requests.get(url,headers=headers,verify=False)
cont = r.content
for x in regex.SQL_ERROR:
if(re.search(x, str(cont))):
url_=nano.inject_param(url,"x")
r_ = requests.get(url_,headers=headers,verify=False)
cont_ = r_.content
if(re.search(x, str(cont_))):
pass
else:
state=True
print("\033[91mPossibly SQL injection vulnerability\033[00m "+url)
done=1
break
except:
pass
return state
def ssti_(url):
try:
for x in regex.payload_ssti_1:
r = requests.get(nano.inject_param(url,x),verify=False)
cont1 = r.content
if(re.search(test1, str(cont1))):
for i in regex.payload_ssti_2:
r = requests.get(nano.inject_param(url,i),verify=False,timeout=10)
cont2 = r.content
if(re.search(test2, str(cont2))):
print("\033[91m Possibly SS template injection vulnerability\033[00m\t"+nano.inject_param(url,i))
break
else:
pass
except:
pass
def xss_(link):
if nano.reflection(link) == True:
for rg, p in regex.XSS.items():
user_agent = random.choice(regex.USR_AGENTS)
headers = {'User-Agent': user_agent}
url = nano.inject_param(link, p)
try:
r = requests.get(url, headers=headers, verify=False)
resp = r.content
x = re.findall(rg, str(resp))
if (x):
print('\033[91mPossibly XSS vulnerability\033[00m ' + url)
break
else:
pass
except:
pass
pay = {'X=GtRNv>': '&X=GtRNv>', 'X=GtRNbv>': '&X%3DGtRNbv%3E'}
for rg, p in pay.items():
user_agent = random.choice(regex.USR_AGENTS)
headers = {'User-Agent': user_agent}
url = link + p
try:
r = requests.post(url, headers=headers, verify=False)
resp = r.content
x = re.findall(rg, str(resp))
if (x):
if 'text/html' in str(ContentType):
print('\033[91mPossibly XSS vulnerability\033[00m ' +
url)
break
else:
print(
'\033[33;1mWarning can be false positives Content Type: {}\033[00m'
).format(str(ContentType))
print('\033[91mPossibly XSS vulnerability\033[00m ' +
url)
break
else:
pass
except:
pass
else:
pass
def run_(word_queue, url):
if url != None:
while not word_queue.empty():
attempt = word_queue.get()
attempt_list = []
attempt_list.append(attempt)
for brute in attempt_list:
try:
session = requests.Session()
url = nano.inject_param(url, brute)
session.get(url)
if 'crlf' in session.cookies.get_dict(
) and 'injection' in session.cookies.get_dict().values():
print(
'\033[91m Possibly CRLF injection vulnerability\033[00m '
+ url)
break
else:
pass
except:
pass
else:
pass
def lfi_dirF(i):
lfi.lfi_dir(i)
def crlf_dirF(i):
crlf.crlf_dir(i)
urls= archiveurl.waybackurls(url)
with alive_bar(len(urls)) as bar:
for i in urls:
for uniq_url in nano.inject_dir(i,"uNiq_stRiNg"):
if uniq_url not in uniq:
uniq.append(uniq_url)
if "?" in i:
uniq_link=nano.inject_param(i,'yaTi8CP7Efh')
else:
uniq_link=i
bar()
i=i.rstrip()
p1 = Process(target=traceF, args=(i,))
p1.start()
p2 = Process(target=jsparseF, args=(i,))
p2.start()
p4 = Process(target=base64F, args=(i,))
p4.start()
