Python cprint示例

示例#1

文件： info_disclosure.py 项目： DedSecInside/ViPER-CLI

 def get_robots_txt(self, target):
     cprint("[*]Checking for Robots.txt", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target+"/robots.txt")
     r = req.text
     cprint(r, 'blue')

示例#2

文件： info_disclosure.py 项目： severnake/ViPER

 def get_robots_txt(self, target):
     cprint("[*]Checking for Robots.txt", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target + "/robots.txt")
     r = req.text
     cprint(r, 'blue')

示例#3

文件： httpcommands.py 项目： sec-js/ViPER-CLI

 def head_method(self, target):
     cprint("Testing Head Method",'yellow')
     print("")
     req = requests.head(target)
     r = req.status_code
     if r == 200:
         print(r, "OK")
     else:
         print("Response", OK)

示例#4

文件： httpcommands.py 项目： sec-js/ViPER-CLI

 def put_method(self, target):
     cprint("Testing Put Method",'yellow')
     print("")
     req = requests.put(target)
     r = req.status_code
     if r == 200:
         print(r, "OK")
     else:
         print("Response", r)

示例#5

文件： httpcommands.py 项目： sec-js/ViPER-CLI

 def delete_method(self, target):
     cprint("Testing Delete Method",'yellow')
     print("")
     req = requests.delete(target)
     r = req.status_code
     if r == 200:
         print(r, "OK")
     else:
         print("Response", r)

示例#6

文件： xss.py 项目： severnake/ViPER

 def execute_all_func(self, target):
     try:
         self.xsscheck(target)
     except:
         cprint("Error Checking for X-Frame-Options", "red")
     try:
         self.createPOC(target)
     except:
         cprint("Error Creating POC", "red")

示例#7

文件： Cookie.py 项目： sec-js/ViPER-CLI

 def execute_all_func(self, target):
     try:
         self.get_cookie(target)
     except:
         cprint("Errror Getting Cookies", "red")
     try:
         self.decode_cookie(target)
     except:
         cprint("Error Decoding Cookies (base64)", "red")

示例#8

文件： xss.py 项目： DedSecInside/ViPER-CLI

 def execute_all_func(self, target):
     try:
         self.xsscheck(target)
     except:
         cprint("Error Checking for X-Frame-Options", "red")
     try:
         self.createPOC(target)
     except:
         cprint("Error Creating POC", "red")

示例#9

文件： xss.py 项目： DedSecInside/ViPER-CLI

 def xsscheck(self, target):
     try:
         req = requests.get(target)
         head = req.headers["X-Frame-Options"]
         print("X-frame-options found!")
         print("Clickjacking not Possible",)
     except:
         cprint("Alert!", "red")
         cprint("Clickjacking Possible", "red")
         self.createPOC(target)

示例#10

文件： xss.py 项目： severnake/ViPER

 def xsscheck(self, target):
     try:
         req = requests.get(target)
         head = req.headers["X-Frame-Options"]
         print("X-frame-options found!")
         print("Clickjacking not Possible", )
     except:
         cprint("Alert!", "red")
         cprint("Vulnerable to Clickjacking", "red")
         self.createPOC(target)

示例#11

文件： Cookie.py 项目： sec-js/ViPER-CLI

 def get_cookie(self, target):
     cprint("[*]Getting Cookie", "yellow")
     req = requests.get(target)
     c = req.cookies
     i = c.items()
     if i:
         for name, value in i:
             print(name, value)
     else:
         cprint("No cookies found", "red")

示例#12

文件： Cookie.py 项目： sec-js/ViPER-CLI

 def decode_cookie(self, target):
     cprint("")
     cprint("[*]Decoding Cookie", "yellow")
     req = requests.get(target)
     c = req.cookies
     i = c.items()
     for name, value in i:
         b64 = value.replace("%3D", "=")
         try:
             b64 = base64.b64decode(b64).decode('ascii')
         except:
             print("")
         print(name, b64)

示例#13

文件： info_disclosure.py 项目： DedSecInside/ViPER-CLI

 def get_dot_svn(self, target):
     cprint("[*]Checking for .svn folder", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target+"/.svn/entries")
     r = req.status_code
     if r == 200:
         cprint("Alert!", 'red')
         cprint(".SVN folder exposed publicly", 'red')
     else:
         cprint("NO .SVN folder found", 'blue')

示例#14

文件： info_disclosure.py 项目： severnake/ViPER

 def get_dot_svn(self, target):
     cprint("[*]Checking for .svn folder", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target + "/.svn/entries")
     r = req.status_code
     if r == 200:
         cprint("Alert!", 'red')
         cprint(".SVN folder exposed publicly", 'red')
     else:
         cprint("NO .SVN folder found", 'blue')

示例#15

文件： httpcommands.py 项目： sec-js/ViPER-CLI

 def execute_all_func(self, target):
     try:
         self.get_method(target)
     except:
         cprint("Error", "red")
     try:
         self.post_method(target)
     except:
         cprint("Error", "red")
     try:
         self.head_method(target)
     except:
         cprint("Error", "red")
     try:
         self.put_method(target)
     except:
         cprint("Error", "red")
     try:
         self.delete_method(target)
     except:
         cprint("Error", "red")

示例#16

 def cookiebased(self, target):
     cprint("[*] Checking for Cookie based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path + '/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     req = requests.get(target)
     c = req.cookies
     i = c.items()
     for j in range(0, len(error)):
         for ckey, value in i:
             payload[j] = payload[j].strip("\n")
             value = value + payload[j]
             temp = value
             req = requests.get(target, cookies={ckey: value})
             value = temp
             res = req.text
             if error[j] in res:
                 key.append(1)
             else:
                 key.append(0)
     if 1 in key:
         cprint("Vulnerable to Cookie Based SQL Injection!", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#17

文件： sqli.py 项目： DedSecInside/ViPER-CLI

 def cookiebased(self, target):
     cprint("[*] Checking for Cookie based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path+'/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     req = requests.get(target)
     c = req.cookies
     i = c.items()
     for j in range(0, len(error)):
         for ckey, value in i:
             payload[j] = payload[j].strip("\n")
             value = value+payload[j]
             temp = value
             req = requests.get(target, cookies={ckey: value})
             value = temp
             res = req.text
             if error[j] in res:
                 key.append(1)
             else:
                 key.append(0)
     if 1 in key:
         cprint("Vulnerable to Cookie Based SQL Injection", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#18

 def useragentbased(self, target):
     cprint("[*] Checking for User-Agent based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path + '/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     user_agent = {
         'User-agent':
         'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 39.0) Gecko/20100101 Firefox/39.0'
     }
     temp = user_agent['User-agent']
     for i in range(0, len(error)):
         payload[i] = payload[i].strip("\n")
         user_agent['User-agent'] = user_agent['User-agent'] + payload[i]
         req = requests.get(target, headers=user_agent)
         user_agent['User-agent'] = temp
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to User-Agent-based SQL Injection!", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#19

 def execute_all_func(self, target):
     try:
         self.urlbased(target)
     except:
         cprint("Errror In Checking url based SQLi", "red")
     try:
         self.cookiebased(target)
     except:
         cprint("Error In Checking Cookie based SQLi", "red")
     try:
         self.useragentbased(target)
     except:
         cprint("Error In Checking User-agent based SQLi", "red")
     try:
         self.refererbased(target)
     except:
         cprint("Error In Checking Referer-based SQLi", "red")

示例#20

文件： info_disclosure.py 项目： DedSecInside/ViPER-CLI

 def execute_all_func(self, target):
     try:
         self.get_robots_txt(target)
     except:
         cprint("No robots.txt file Found!", "blue")
     try:
         self.get_dot_git(target)
     except:
         cprint("Error !", "red")
     try:
         self.get_dot_svn(target)
     except:
         cprint("Error", "red")
     try:
         self.get_dot_htaccess(target)
     except:
         cprint("Error", "red")

示例#21

文件： sqli.py 项目： DedSecInside/ViPER-CLI

 def execute_all_func(self, target):
     try:
         self.urlbased(target)
     except:
         cprint("Errror In Checking url based SQLi", "red")
     try:
         self.cookiebased(target)
     except:
         cprint("Error In Checking Cookie based SQLi", "red")
     try:
         self.useragentbased(target)
     except:
         cprint("Error In Checking User-agent based SQLi", "red")
     try:
         self.refererbased(target)
     except:
         cprint("Error In Checking Referer-based SQLi", "red")

示例#22

文件： info_disclosure.py 项目： severnake/ViPER

 def execute_all_func(self, target):
     try:
         self.get_robots_txt(target)
     except:
         cprint("No robots.txt file Found!", "blue")
     try:
         self.get_dot_git(target)
     except:
         cprint("Error !", "red")
     try:
         self.get_dot_svn(target)
     except:
         cprint("Error", "red")
     try:
         self.get_dot_htaccess(target)
     except:
         cprint("Error", "red")

示例#23

 def urlbased(self, target):
     cprint("[*] Checking for URL based SQLi", 'yellow')
     key = list()
     path = os.getcwd()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path + '/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     for i in range(0, len(error)):
         req = requests.get(target + payload[i])
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to Url Based SQL Injection!", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#24

文件： sqli.py 项目： DedSecInside/ViPER-CLI

 def urlbased(self, target):
     cprint("[*] Checking for URL based SQLi", 'yellow')
     key = list()
     path = os.getcwd()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path+'/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     for i in range(0, len(error)):
         req = requests.get(target+payload[i])
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to Url Based SQL Injection", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#25

文件： sqli.py 项目： DedSecInside/ViPER-CLI

 def refererbased(self, target):
     cprint("[*] Checking for Cookie based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path+'/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     referer = target
     temp = referer
     for i in range(0, len(error)):
         payload[i] = payload[i].strip("\n")
         referer = referer + payload[i]
         req = requests.get(target, headers={'Referer': referer})
         referer = temp
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to Referer Based SQL Injection", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#26

文件： sqli.py 项目： DedSecInside/ViPER-CLI

 def useragentbased(self, target):
     cprint("[*] Checking for User-Agent based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path+'/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     user_agent = {'User-agent': 'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv: 39.0) Gecko/20100101 Firefox/39.0'}
     temp = user_agent['User-agent']
     for i in range(0, len(error)):
         payload[i] = payload[i].strip("\n")
         user_agent['User-agent'] = user_agent['User-agent'] + payload[i]
         req = requests.get(target, headers=user_agent)
         user_agent['User-agent'] = temp
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to Referer-based SQL Injection", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#27

 def refererbased(self, target):
     cprint("[*] Checking for Cookie based SQLi", 'yellow')
     path = os.getcwd()
     key = list()
     error = ["MySQL server version", "have an error", "SQL syntax"]
     f = open(path + '/modules/sqlpayloads.txt', 'r')
     payload = f.readlines()
     f.close()
     referer = target
     temp = referer
     for i in range(0, len(error)):
         payload[i] = payload[i].strip("\n")
         referer = referer + payload[i]
         req = requests.get(target, headers={'Referer': referer})
         referer = temp
         res = req.text
         if error[i] in res:
             key.append(1)
         else:
             key.append(0)
     if 1 in key:
         cprint("Vulnerable to Referer Based SQL Injection!", 'red')
     else:
         cprint("No Injection  Possible !", 'blue')

示例#28

文件： head.py 项目： sec-js/ViPER-CLI

 def get_headers(self, target):
     req = requests.head(target)
     req = req.headers
     for i in req.items():
         cprint(i[0].ljust(60) + i[1].rjust(50), 'blue')

示例#29

文件： Viper.py 项目： DedSecInside/ViPER-CLI

def main():
    parser = argparse.ArgumentParser(description="Web Recon Script")
    parser.add_argument('-u', '--url', type=str, help='URL', required=True)
    parser.add_argument('-A1', '--injection', help='Injection Attacks', action="store_true")
    parser.add_argument('-A3', '--xss', help='XSS', action="store_true")
    parser.add_argument('-a', '--All', help='All possible Attacks', action="store_true")
    args = parser.parse_args()
    target = args.url
    cprint('`````````````````````````````````````````````````````', 'red')
    cprint('`````````                                     ```````', 'red')
    cprint('`````````                                  ```````', 'red')
    cprint('`````````                                     ```````', 'red')
    cprint('```````````````````````````````````````````````````````', 'red')
    cprint("--------------------------------------------------------------", 'green')
    cprint("[+]      Getting the Headers", 'yellow')
    cprint("--------------------------------------------------------------", 'green')
    h = header()
    h.get_headers(target)
    cprint("--------------------------------------------------------------", 'green')
    cprint("[+]      Extracting Cookies ", 'yellow')
    cprint("--------------------------------------------------------------", 'green')
    c = Cookie()
    c.execute_all_func(target)
    cprint("--------------------------------------------------------------", 'green')
    cprint("[+]     Information Disclosure", 'yellow')
    cprint("--------------------------------------------------------------", 'green')
    i = info()
    i.execute_all_func(target)
    cprint("--------------------------------------------------------------", 'green')
    cprint("[+]      Testing HTTP Methods", 'yellow')
    cprint("--------------------------------------------------------------", 'green')
    hc = httpCommands()
    hc.execute_all_func(target)
    if args.injection or args.All:
        cprint("--------------------------------------------------------------", 'green')
        cprint("[+]      Checking for SQL Injection", 'yellow')
        cprint("--------------------------------------------------------------", 'green')
        sql = sqli()
        sql.execute_all_func(target)
    if args.xss or args.All:
        cprint("---------------------------------------------------------------", 'green')
        cprint("[+]      Checking for XSS Injection", 'yellow')
        cprint("--------------------------------------------------------------", 'green')
        x = xss()
        x.execute_all_func(target)

示例#30

文件： info_disclosure.py 项目： severnake/ViPER

 def get_dot_htaccess(self, target):
     cprint("[*]Checking for .htaccess", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target + "/.htaccess")
     r = req.text
     statcode = req.status_code
     if statcode == 403:
         cprint("403 Forbidden", 'blue')
     elif statcode == 200:
         cprint("Alert!!", 'blue')
         cprint(".htaccess file found publicly!", 'blue')
     else:
         cprint("Status code", 'blue')
         cprint(statcode, 'blue')

示例#31

文件： info_disclosure.py 项目： DedSecInside/ViPER-CLI

 def get_dot_htaccess(self, target):
     cprint("[*]Checking for .htaccess", 'yellow')
     url = target
     target = "{0.scheme}://{0.netloc}/".format(urlsplit(url))
     req = requests.get(target+"/.htaccess")
     r = req.text
     statcode = req.status_code
     if statcode == 403:
         cprint("403 Forbidden", 'blue')
     elif statcode == 200:
         cprint("Alert!!", 'blue')
         cprint(".htaccess file found!", 'blue')
     else:
         cprint("Status code", 'blue')
         cprint(statcode, 'blue')

示例#32

def main():
    parser = argparse.ArgumentParser(description="Web Recon Script")
    parser.add_argument('-u', '--url', type=str, help='URL', required=True)
    parser.add_argument('-A1',
                        '--injection',
                        help='Injection Attacks',
                        action="store_true")
    parser.add_argument('-A3', '--xss', help='XSS', action="store_true")
    parser.add_argument('-a',
                        '--All',
                        help='All possible Attacks',
                        action="store_true")
    args = parser.parse_args()
    target = args.url
    cprint('`````````````````````````````````````````````````````', 'red')
    cprint('`````````                                     ```````', 'red')
    cprint('`````````                                  ```````', 'red')
    cprint('`````````                                     ```````', 'red')
    cprint('```````````````````````````````````````````````````````', 'red')
    cprint("--------------------------------------------------------------",
           'green')
    cprint("[+]      Getting the Headers", 'yellow')
    cprint("--------------------------------------------------------------",
           'green')
    h = header()
    h.get_headers(target)
    cprint("--------------------------------------------------------------",
           'green')
    cprint("[+]      Extracting Cookies ", 'yellow')
    cprint("--------------------------------------------------------------",
           'green')
    c = Cookie()
    c.execute_all_func(target)
    cprint("--------------------------------------------------------------",
           'green')
    cprint("[+]     Information Disclosure", 'yellow')
    cprint("--------------------------------------------------------------",
           'green')
    i = info()
    i.execute_all_func(target)
    cprint("--------------------------------------------------------------",
           'green')
    cprint("[+]      Testing HTTP Methods", 'yellow')
    cprint("--------------------------------------------------------------",
           'green')
    hc = httpCommands()
    hc.execute_all_func(target)
    if args.injection or args.All:
        cprint(
            "--------------------------------------------------------------",
            'green')
        cprint("[+]      Checking for SQL Injection", 'yellow')
        cprint(
            "--------------------------------------------------------------",
            'green')
        sql = sqli()
        sql.execute_all_func(target)
    if args.xss or args.All:
        cprint(
            "---------------------------------------------------------------",
            'green')
        cprint("[+]      Checking for XSS Injection", 'yellow')
        cprint(
            "--------------------------------------------------------------",
            'green')
        x = xss()
        x.execute_all_func(target)