diff --git a/apk-analyzer.py b/apk-analyzer.py index ab7b2f7..0bae800 100755 --- a/apk-analyzer.py +++ b/apk-analyzer.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -99,7 +99,7 @@ def listPermissionsCreated(): t_term.append( obj ) else: t_noterm.append( obj ) - + printH2( 'PERMISSIONS CREATED () (%d)' % len(t_all) ) printPermissionsCreated( t_term ) if len(t_term) and len(t_noterm): @@ -130,7 +130,7 @@ def listPermissionsUsed(): t_term.append( obj ) else: t_noterm.append( obj ) - + printH2( 'PERMISSIONS USED () (%d)' % len(t_all) ) printPermissionsUsed( t_term ) if len(t_term) and len(t_noterm): @@ -387,7 +387,7 @@ def getProviderURI( authority ): except Exception as e: # sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return t_uri - + for l in output.split("\n"): if not len(l): continue @@ -403,7 +403,7 @@ def getProviderURI( authority ): # uri2 = 'content://' + tiktok + '/' # if not uri2 in t_uri: # t_uri.append( uri2 ) - + return t_uri @@ -469,7 +469,7 @@ def _listFiles( dir ): ignore = True if not ignore: t_files.append( {'filename':filename,'filesize':filesize} ) - + return t_all,t_files diff --git a/cloudflare-origin-ip.py b/cloudflare-origin-ip.py index 1d86f0f..bddfa78 100755 --- a/cloudflare-origin-ip.py +++ b/cloudflare-origin-ip.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2.7 +#!/usr/bin/python2 # I don't believe in license. # You can do whatever you want with this program. @@ -26,12 +26,12 @@ def banner(): print(""" - _ _ __ _ _ _ _ - ___| | ___ _ _ __| |/ _| | __ _ _ __ ___ ___ _ __(_) __ _(_)_ __ (_)_ __ _ __ _ _ + _ _ __ _ _ _ _ + ___| | ___ _ _ __| |/ _| | __ _ _ __ ___ ___ _ __(_) __ _(_)_ __ (_)_ __ _ __ _ _ / __| |/ _ \| | | |/ _` | |_| |/ _` | '__/ _ \ / _ \| '__| |/ _` | | '_ \ | | '_ \ | '_ \| | | | | (__| | (_) | |_| | (_| | _| | (_| | | | __/ | (_) | | | | (_| | | | | | | | |_) | _ | |_) | |_| | \___|_|\___/ \__,_|\__,_|_| |_|\__,_|_| \___| \___/|_| |_|\__, |_|_| |_| |_| .__/ (_) | .__/ \__, | - |___/ |_| |_| |___/ + |___/ |_| |_| |___/ by @gwendallecoguic @@ -272,12 +272,12 @@ def is_cloudflare2( ip ): # except Exception as e: # print( colored("[-] %s: %s" % (ip,e), 'red') ) # return - + # if not 'Content-Type' in r.headers: # r.headers['Content-Type'] = '' - + # score = responseCompare( r_reference, r ) - + # if score['average'] > GOOD_CANDIDATE_SCORE: # if is_cloudflare2( IPAddress(ip) ): # sys.stdout.write( colored("%s" % ip, 'yellow') ) @@ -288,7 +288,7 @@ def is_cloudflare2( ip ): # else: # sys.stdout.write( "%s" % ip ) # sys.stdout.write( " is not a good candidate with an average similarity of %d%%\n" % score['average'] ) - + # print( colored("Status=%d (%d%%), Length=%d (%d%%), Headers=%d (%d%%), Content-Type=%s (%d%%)" % (r.status_code,score['dist_status_code'],len(r.content),score['dist_content'],len(r.headers),score['dist_headers'],r.headers['Content-Type'],score['dist_content_type']), 'white') ) @@ -310,19 +310,19 @@ def testBypass3( t_multiproc, r_reference, host, ip ): except Exception as e: print( colored("[-] %s: %s" % (ip,e), 'red') ) return - + if not 'Content-Type' in r.headers: r.headers['Content-Type'] = '' - + score = responseCompare( r_reference, r ) - + if score['average'] > GOOD_CANDIDATE_SCORE: sys.stdout.write( colored("%s" % ip, 'green') ) sys.stdout.write( " is a GOOD candidate with an average similarity of %d%%\n" % score['average'] ) else: sys.stdout.write( "%s" % ip ) sys.stdout.write( " is not a good candidate with an average similarity of %d%%\n" % score['average'] ) - + print( colored("Status=%d (%d%%), Length=%d (%d%%), Headers=%d (%d%%), Content-Type=%s (%d%%)" % (r.status_code,score['dist_status_code'],len(r.content),score['dist_content'],len(r.headers),score['dist_headers'],r.headers['Content-Type'],score['dist_content_type']), 'white') ) @@ -341,14 +341,14 @@ def responseCompare( r_reference, r ): else: score['status_code'] = 'NOK' score['dist_status_code'] = 0 - + dist = levenshtein( r.headers['Content-Type'], r_reference.headers['Content-Type'] ) score['dist_content_type'] = 100 - ( dist*100 / len(r_reference.headers['Content-Type']) ) dist = levenshtein( r.content[0:COMPARE_FIRST_CHARS], r_reference.content[0:COMPARE_FIRST_CHARS] ) score['dist_content'] = 100 - ( dist*100 / len(r_reference.content[0:COMPARE_FIRST_CHARS]) ) # score['content_dist'] = dist - + s_headers = '' s_reference_headers = '' t_sorted_keys = sorted( r_reference.headers ) diff --git a/cors.py b/cors.py index 935f6fa..1b6306c 100755 --- a/cors.py +++ b/cors.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -27,11 +27,11 @@ def banner(): print(""" - ___ ___ _ __ ___ _ __ _ _ + ___ ___ _ __ ___ _ __ _ _ / __/ _ \| '__/ __| | '_ \| | | | | (_| (_) | | \__ \ _ | |_) | |_| | \___\___/|_| |___/ (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -71,14 +71,14 @@ def testURL( url ): def testPayload( url, payload ): t_urlparse = urlparse(url) u = t_urlparse.scheme + '_' + t_urlparse.netloc - + if not u in t_exceptions: t_exceptions[u] = 0 if t_exceptions[u] >= MAX_EXCEPTION: if _verbose >= 3: print("skip too many exceptions %s" % t_urlparse.netloc) return - + if not u in t_vulnerable: t_vulnerable[u] = 0 if t_vulnerable[u] >= MAX_VULNERABLE: @@ -96,12 +96,12 @@ def testPayload( url, payload ): if _verbose >= 3: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'] else: content_type = '-' - + vuln = '-' if 'Access-Control-Allow-Credentials' in r.headers and r.headers['Access-Control-Allow-Credentials'] == 'true': if 'Access-Control-Allow-Origin' in r.headers: @@ -118,7 +118,10 @@ def testPayload( url, payload ): fp.close() if _verbose >= 2 or (_verbose >= 1 and vuln == 'VULNERABLE'): - sys.stdout.write( '%s' % output ) + if vuln == 'VULNERABLE': + sys.stdout.write( '%s%s%s' % (fg('light_red'),output,attr(0)) ) + else: + sys.stdout.write( output ) if _verbose >= 3: sys.stdout.write( '%s%s%s\n' % (fg('dark_gray'),headers,attr(0)) ) diff --git a/crlf.py b/crlf.py index 3fea870..554bc61 100755 --- a/crlf.py +++ b/crlf.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -28,12 +28,12 @@ def banner(): print(""" - _ __ - ___ _ __| |/ _| _ __ _ _ + _ __ + ___ _ __| |/ _| _ __ _ _ / __| '__| | |_ | '_ \| | | | | (__| | | | _| _ | |_) | |_| | \___|_| |_|_| (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -63,7 +63,7 @@ def _parse_qs( query ): t_params[pname] = [] pvalue = '' if len(t_param) < 2 else t_param[1] t_params[pname].append( pvalue ) - + return t_params @@ -101,7 +101,7 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): path = '' t_path = ['/'] + t_urlparse.path.split('/') - + for dir in t_path: if len(dir): path = path + '/' + dir @@ -159,14 +159,14 @@ def realDoTest( t_params ): t_urlparse = urllib.parse.urlparse(url) u = t_urlparse.scheme + '_' + t_urlparse.netloc - + if not u in t_exceptions: t_exceptions[u] = 0 if t_exceptions[u] >= MAX_EXCEPTION: if _verbose >= 3: print("skip too many exceptions %s" % t_urlparse.netloc) return - + if not u in t_vulnerable: t_vulnerable[u] = 0 if t_vulnerable[u] >= MAX_VULNERABLE: @@ -189,13 +189,13 @@ def realDoTest( t_params ): content_type = r.headers['Content-Type'] else: content_type = '-' - + t_headers = list( map( str.lower,r.headers.keys() ) ) if 'xcrlf' in t_headers: vuln = 'VULNERABLE' else: vuln = '-' - + if vuln == 'VULNERABLE': t_vulnerable[u] = t_vulnerable[u] + 1 @@ -223,14 +223,14 @@ def realDoTest( t_params ): # t_urlparse = urlparse(url) # u = t_urlparse.scheme + '_' + t_urlparse.netloc - + # if not u in t_exceptions: # t_exceptions[u] = 0 # if t_exceptions[u] >= MAX_EXCEPTION: # if _verbose >= 3: # print("skip too many exceptions %s" % t_urlparse.netloc) # return - + # if not u in t_vulnerable: # t_vulnerable[u] = 0 # if t_vulnerable[u] >= MAX_VULNERABLE: @@ -250,13 +250,13 @@ def realDoTest( t_params ): # content_type = r.headers['Content-Type'] # else: # content_type = '-' - + # t_headers = list( map( str.lower,r.headers.keys() ) ) # if 'xcrlf' in t_headers: # vuln = 'VULNERABLE' # else: # vuln = '-' - + # if vuln == 'VULNERABLE': # t_vulnerable[u] = t_vulnerable[u] + 1 diff --git a/csp-analyzer.py b/csp-analyzer.py index c0ef39b..a448178 100755 --- a/csp-analyzer.py +++ b/csp-analyzer.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2.7 +#!/usr/bin/python2 import sys import requests @@ -9,12 +9,12 @@ def banner(): print(""" - _ - ___ ___ _ __ __ _ _ __ __ _| |_ _ _______ _ __ _ __ _ _ + _ + ___ ___ _ __ __ _ _ __ __ _| |_ _ _______ _ __ _ __ _ _ / __/ __| '_ \ / _` | '_ \ / _` | | | | |_ / _ \ '__| | '_ \| | | | | (__\__ \ |_) | | (_| | | | | (_| | | |_| |/ / __/ | _ | |_) | |_| | \___|___/ .__/ \__,_|_| |_|\__,_|_|\__, /___\___|_| (_) | .__/ \__, | - |_| |___/ |_| |___/ + |_| |___/ |_| |___/ by @gwendallecoguic @@ -120,13 +120,13 @@ def usage( err='' ): def getWarningLevel( t_tld_orig, item ): w_level = 0 - + if item in t_help: return 0 if not item.startswith('http'): item = 'https://'+item - + tmp_parse = urlparse( item ) tmp_tld = tldextract.extract( tmp_parse.netloc ) # print(tmp_parse) diff --git a/dnsexpire.py b/dnsexpire.py index b4d1ca7..e101452 100755 --- a/dnsexpire.py +++ b/dnsexpire.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -21,12 +21,12 @@ def banner(): print(""" - _ _ - __| |_ __ ___ _____ ___ __ (_)_ __ ___ _ __ _ _ + _ _ + __| |_ __ ___ _____ ___ __ (_)_ __ ___ _ __ _ _ / _` | '_ \/ __|/ _ \ \/ / '_ \| | '__/ _ \ | '_ \| | | | | (_| | | | \__ \ __/> <| |_) | | | | __/ _ | |_) | |_| | \__,_|_| |_|___/\___/_/\_\ .__/|_|_| \___| (_) | .__/ \__, | - |_| |_| |___/ + |_| |_| |___/ by @gwendallecoguic @@ -113,7 +113,7 @@ def getWhois( domain ): def getExpirationDate( domain ): whois = getWhois( domain ) # print(type(whois)) - + if not type(whois) is bool and 'expiration_date' in whois: # if type(whois.expiration_date) is list: # return whois.expiration_date[0] @@ -173,7 +173,7 @@ def dnsexpire( host ): else: is_alias = re.findall( r'(.*) is an alias for (.*)\.', resolution ); # print(is_alias) - + if not _testall and not is_alias: if not _verbose: sys.stdout.write( '%s%s is not an alias%s\n' % (fg('dark_gray'),host,attr(0)) ) @@ -192,7 +192,7 @@ def dnsexpire( host ): if _verbose < 2 or ('WARNING' in output or 'TAKEOVER' in output): # remove the "progress:" text sys.stdout.write( '%s\n%s' % (' '.rjust(100,' '),output) ) - + if not _testall: sys.stdout.write( '\n' ) diff --git a/domain-finder.py b/domain-finder.py index 824314e..a5912a3 100755 --- a/domain-finder.py +++ b/domain-finder.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. diff --git a/extract-domains.py b/extract-domains.py index 405df05..d0c737d 100755 --- a/extract-domains.py +++ b/extract-domains.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2.7 +#!/usr/bin/python2 # I don't believe in license. # You can do whatever you want with this program. @@ -32,17 +32,17 @@ for url in t_urls: if not url.startswith( 'http' ): url = 'https://'+url - + t_url_parse = urlparse( url ) # print( t_url_parse ) - + if args.sub: found = t_url_parse.netloc else: t_host_parse = tldextract.extract( t_url_parse.netloc ) # print( t_host_parse ) found = t_host_parse.domain + '.' + t_host_parse.suffix - + if not found in t_found: t_found.append( found ) diff --git a/favicon-hashtrick.py b/favicon-hashtrick.py index 2488267..112b695 100755 --- a/favicon-hashtrick.py +++ b/favicon-hashtrick.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -17,12 +17,12 @@ def banner(): print(""" - __ _ _ _ _ _ _ - / _| __ ___ _(_) ___ ___ _ __ | |__ __ _ ___| |__ | |_ _ __(_) ___| | __ _ __ _ _ + __ _ _ _ _ _ _ + / _| __ ___ _(_) ___ ___ _ __ | |__ __ _ ___| |__ | |_ _ __(_) ___| | __ _ __ _ _ | |_ / _` \ \ / / |/ __/ _ \| '_ \ | '_ \ / _` / __| '_ \| __| '__| |/ __| |/ / | '_ \| | | | | _| (_| |\ V /| | (_| (_) | | | | | | | | (_| \__ \ | | | |_| | | | (__| < _ | |_) | |_| | |_| \__,_| \_/ |_|\___\___/|_| |_| |_| |_|\__,_|___/_| |_|\__|_| |_|\___|_|\_\ (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -37,7 +37,7 @@ def faviconHash( data, web ): b64data = base64.encodebytes(data).decode() else: b64data = base64.encodebytes(data) - + b64data = base64.encodebytes(data).decode() return mmh3.hash(b64data) diff --git a/filterurls.py b/filterurls.py index 484a654..a0a5c65 100755 --- a/filterurls.py +++ b/filterurls.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -322,6 +322,7 @@ parser = argparse.ArgumentParser() # parser.add_argument( 'url', metavar='url', help='an integer for the accumulator') parser.add_argument( "-a","--add",help="extensions to add the default ignore list" ) +parser.add_argument( "-c","--nocolor",help="disable colored output", action="store_true" ) parser.add_argument( "-r","--remove",help="extensions to remove from the default ignore list" ) parser.add_argument( "-i","--ignore",help="set extensions to ignore" ) parser.add_argument( "-k","--keep",help="set extensions to keep" ) @@ -410,23 +411,29 @@ def check_extension( t_urlparse ): return False def check_issue( url, show_issue): - + new_url = url if show_issue[0] == 'all': new_url = re.sub( '[\?&]([a-z0-9_\-\.\[\]]+)=', lambda m: '\x1b[1;32m{}\x1b[0m'.format(m.group()), new_url, flags=re.I ) # new_url = re.sub( '&([a-z0-9_\-\.\[\]]+)=', lambda m: '\x1b[1;32m{}\x1b[0m'.format(m.group()), new_url, flags=re.I ) - return new_url - + if args.nocolor: + return url + else: + return new_url + for issue in show_issue: for param in t_vulns[issue]['params']: new_url = re.sub( '[\?&]'+param+'=', lambda m: '\x1b[1;32m{}\x1b[0m'.format(m.group()), new_url, flags=re.I ) # new_url = re.sub( '&'+param+'=', lambda m: '\x1b[1;32m{}\x1b[0m'.format(m.group()), new_url, flags=re.I ) - + if new_url == url: return '' else: - return new_url + if args.nocolor: + return url + else: + return new_url for url in t_urls: @@ -450,11 +457,10 @@ def check_issue( url, show_issue): if not check_extension(t_urlparse): # print('extension failed') continue - + url = check_issue(url,show_issue) if not len(url): # print('issue failed') continue print( url ) - \ No newline at end of file diff --git a/gitpillage.py b/gitpillage.py index 0230b78..fee682e 100755 --- a/gitpillage.py +++ b/gitpillage.py @@ -1,8 +1,8 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # inspired by https://github.com/koto/gitpillage/blob/master/gitpillage.sh -# example: python3.5 gitpillage.py -u https://www.example.com -t 10 +# example: python3 gitpillage.py -u https://www.example.com -t 10 # I don't believe in license. # You can do whatever you want with this program. @@ -23,25 +23,25 @@ def downloadFile( url ): def downloadOject( t_extension, t_exclude, file ): sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) t_multiproc['n_current'] = t_multiproc['n_current'] + 1 - + file = file.strip() if not len(file): return False - + # 0: object_id , 1: real filename tmp = file.split(':') object_id = tmp[0] real_filename = tmp[1] ext = real_filename.split('.')[-1] # print(ext) - + # make the test easier to read/understand if len(t_extension): if ext in t_extension: go = True else: go = False - + if len(t_exclude): if ext in t_exclude: go = False @@ -79,7 +79,7 @@ def downloadOject( t_extension, t_exclude, file ): if t_multiproc['verbose']: display = "[-] %s (%d) %s-> %s%s\n" % (u,r.status_code,fg('yellow'),e,attr(0)) return False - + sys.stdout.write( display ) @@ -94,7 +94,7 @@ def saveObject( output_dir, object_id, content ): except Exception as e: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return False - + fp = open( filename, 'wb') fp.write( content ) fp.close() diff --git a/graphql-introspection-analyzer.py b/graphql-introspection-analyzer.py index c05e543..16cce36 100755 --- a/graphql-introspection-analyzer.py +++ b/graphql-introspection-analyzer.py @@ -1,4 +1,4 @@ -#!/usr/bin/python2.7 +#!/usr/bin/python2 import sys import os @@ -10,12 +10,12 @@ def banner(): print(""" - _ _ _ - __ _ _ __ __ _ _ __ | |__ __ _| | __ _ _ __ __ _| |_ _ _______ _ __ + _ _ _ + __ _ _ __ __ _ _ __ | |__ __ _| | __ _ _ __ __ _| |_ _ _______ _ __ / _` | '__/ _` | '_ \| '_ \ / _` | | / _` | '_ \ / _` | | | | |_ / _ \ '__| - | (_| | | | (_| | |_) | | | | (_| | | | (_| | | | | (_| | | |_| |/ / __/ | - \__, |_| \__,_| .__/|_| |_|\__, |_| \__,_|_| |_|\__,_|_|\__, /___\___|_| - |___/ |_| |_| |___/ + | (_| | | | (_| | |_) | | | | (_| | | | (_| | | | | (_| | | |_| |/ / __/ | + \__, |_| \__,_| .__/|_| |_|\__, |_| \__,_|_| |_|\__,_|_|\__, /___\___|_| + |___/ |_| |_| |___/ by @gwendallecoguic diff --git a/lfi.py b/lfi.py index a33a70d..409a120 100755 --- a/lfi.py +++ b/lfi.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -28,11 +28,11 @@ def banner(): print(""" - | | / _| (_) _ __ _ _ + | | / _| (_) _ __ _ _ | | | |_ | | | '_ \ | | | | | | | _| | | _ | |_) | | |_| | |_| |_| |_| (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -59,7 +59,7 @@ def _parse_qs( query ): t_params[pname] = [] pvalue = '' if len(t_param) < 2 else t_param[1] t_params[pname].append( pvalue ) - + return t_params @@ -99,7 +99,7 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): path = '' t_path = ['/'] + t_urlparse.path.split('/') - + for dir in t_path: if len(dir): path = path + '/' + dir @@ -163,7 +163,7 @@ def realDoTest( t_params ): if _verbose >= 3 and _verbose < 4: print("skip too many exceptions %s" % t_urlparse.netloc) return - + if not u in t_vulnerable: t_vulnerable[u] = 0 if t_vulnerable[u] >= MAX_VULNERABLE: @@ -181,17 +181,17 @@ def realDoTest( t_params ): if _verbose >= 3 and _verbose < 4: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'] else: content_type = '-' - + if 'root:x:' in r.text or '[boot loader]' in r.text: vuln = 'VULNERABLE' else: vuln = '-' - + if vuln == 'VULNERABLE': t_vulnerable[u] = t_vulnerable[u] + 1 diff --git a/openredirect.py b/openredirect.py index 371fcc0..66ce05f 100755 --- a/openredirect.py +++ b/openredirect.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -30,12 +30,12 @@ def banner(): print(""" - _ _ _ - ___ _ __ ___ _ __ _ __ ___ __| (_)_ __ ___ ___| |_ _ __ _ _ + _ _ _ + ___ _ __ ___ _ __ _ __ ___ __| (_)_ __ ___ ___| |_ _ __ _ _ / _ \| '_ \ / _ \ '_ \| '__/ _ \/ _` | | '__/ _ \/ __| __| | '_ \| | | | | (_) | |_) | __/ | | | | | __/ (_| | | | | __/ (__| |_ _ | |_) | |_| | \___/| .__/ \___|_| |_|_| \___|\__,_|_|_| \___|\___|\__| (_) | .__/ \__, | - |_| |_| |___/ + |_| |_| |___/ by @gwendallecoguic @@ -64,7 +64,7 @@ def _parse_qs( query ): t_params[pname] = [] pvalue = '' if len(t_param) < 2 else t_param[1] t_params[pname].append( pvalue ) - + return t_params @@ -106,7 +106,7 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): path = '' t_path = ['/'] + t_urlparse.path.split('/') - + for dir in t_path: if len(dir): path = path + '/' + dir @@ -169,21 +169,21 @@ def realDoTest( t_params ): t_urlparse = urllib.parse.urlparse(url) u = t_urlparse.scheme + '_' + t_urlparse.netloc - + if not u in t_exceptions: t_exceptions[u] = 0 if t_exceptions[u] >= MAX_EXCEPTION: if _verbose >= 3: print("skip too many exceptions %s" % t_urlparse.netloc) return - + if not u in t_vulnerable: t_vulnerable[u] = 0 if t_vulnerable[u] >= MAX_VULNERABLE: if _verbose >= 3: print("skip already vulnerable %s" % t_urlparse.netloc) return - + try: if method == 'POST': r = requests.post( url, data=post_params, headers=t_custom_headers, timeout=5, verify=False, allow_redirects=True ) @@ -194,18 +194,18 @@ def realDoTest( t_params ): if _verbose >= 3: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'] else: content_type = '-' - + vuln = '-' t_url_parse = urlparse( r.url ) for domain in t_redirect_domain: if domain in t_url_parse.netloc.lower(): vuln = 'VULNERABLE' - + if vuln == '-': for redirect_url in t_redirect_urls: if r.url.lower().startswith(redirect_url): @@ -238,21 +238,21 @@ def realDoTest( t_params ): # t_urlparse = urlparse(url) # u = t_urlparse.scheme + '_' + t_urlparse.netloc - + # if not u in t_exceptions: # t_exceptions[u] = 0 # if t_exceptions[u] >= MAX_EXCEPTION: # if _verbose >= 3: # print("skip too many exceptions %s" % t_urlparse.netloc) # return - + # if not u in t_vulnerable: # t_vulnerable[u] = 0 # if t_vulnerable[u] >= MAX_VULNERABLE: # if _verbose >= 3: # print("skip already vulnerable %s" % t_urlparse.netloc) # return - + # try: # r = requests.head( url, timeout=5, verify=False, allow_redirects=True ) # except Exception as e: @@ -260,18 +260,18 @@ def realDoTest( t_params ): # if _verbose >= 3: # sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) # return - + # if 'Content-Type' in r.headers: # content_type = r.headers['Content-Type'] # else: # content_type = '-' - + # vuln = '-' # t_url_parse = urlparse( r.url ) # for domain in t_redirect_domain: # if domain in t_url_parse.netloc.lower(): # vuln = 'VULNERABLE' - + # if vuln == '-': # for redirect_url in t_redirect_urls: # if r.url.lower().startswith(redirect_url): @@ -455,6 +455,8 @@ def realDoTest( t_params ): '/\/\/google.com/', '/\/google.com/', '/google.com/%2f%2e%2e', + 'http://google.com', + 'https://google.com', '/http://%67%6f%6f%67%6c%65%2e%63%6f%6d', '/http://google.com', '/http:/google.com', diff --git a/quickhits.py b/quickhits.py index 43f58d9..b332791 100755 --- a/quickhits.py +++ b/quickhits.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -24,12 +24,12 @@ def banner(): print(""" - _ _ _ _ _ - __ _ _ _(_) ___| | _| |__ (_) |_ ___ _ __ _ _ + _ _ _ _ _ + __ _ _ _(_) ___| | _| |__ (_) |_ ___ _ __ _ _ / _` | | | | |/ __| |/ / '_ \| | __/ __| | '_ \| | | | | (_| | |_| | | (__| <| | | | | |_\__ \ _ | |_) | |_| | \__, |\__,_|_|\___|_|\_\_| |_|_|\__|___/ (_) | .__/ \__, | - |_| |_| |___/ + |_| |_| |___/ by @gwendallecoguic @@ -50,7 +50,7 @@ def testURL( url ): if url in t_history and t_history[ url ] == 1: return - + if (t_multiproc['n_current'] % 1000) == 0: if not lock.is_locked(): try: @@ -81,14 +81,14 @@ def testURL( url ): t_exceptions[u] = t_exceptions[u] + 1 # sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + t_history[ url ] = 1 if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'] else: content_type = '-' - + output = '%sC=%d\t\tL=%d\t\tT=%s\n' % (url.ljust(t_multiproc['u_max_length']),r.status_code,len(r.text),content_type) # sys.stdout.write( '%s' % output ) @@ -98,7 +98,7 @@ def testURL( url ): if str(r.status_code) in t_codes: sys.stdout.write( '%s' % output ) - + if t_multiproc['_grabfiles']: saveFile( t_multiproc['d_output'], t_urlparse, r ) @@ -110,14 +110,14 @@ def saveFile( d_output, t_urlparse, r ): d_output = d_output + '/' + t_urlparse.netloc f_output = d_output + '/' + filename # print(f_output) - + if not os.path.isdir(d_output): try: os.makedirs( d_output ) except Exception as e: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + s_headers = 'HTTP/1.1 ' + str(r.status_code) + ' ' + r.reason + "\n" for k,v in r.headers.items(): s_headers = s_headers + k + ': ' + v + "\n" @@ -265,7 +265,7 @@ def saveFile( d_output, t_urlparse, r ): l = len(u) if l > u_max_length: u_max_length = l - + for host in t_hosts: for file in t_files: u = 'https' if _https else 'http' diff --git a/rce.py b/rce.py index 5dfc555..72272ed 100755 --- a/rce.py +++ b/rce.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -28,11 +28,11 @@ def banner(): print(""" - _ __ ___ ___ _ __ _ _ + _ __ ___ ___ _ __ _ _ | '__| / __| / _ \ | '_ \ | | | | | | | (__ | __/ _ | |_) | | |_| | |_| \___| \___| (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -59,7 +59,7 @@ def _parse_qs( query ): t_params[pname] = [] pvalue = '' if len(t_param) < 2 else t_param[1] t_params[pname].append( pvalue ) - + return t_params @@ -98,7 +98,7 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): path = '' t_path = ['/'] + t_urlparse.path.split('/') - + for dir in t_path: if len(dir): path = path + '/' + dir @@ -163,7 +163,7 @@ def realDoTest( t_params ): if _verbose >= 3 and _verbose < 4: print("skip too many exceptions %s" % t_urlparse.netloc) return - + if not u in t_vulnerable: t_vulnerable[u] = 0 if t_vulnerable[u] >= MAX_VULNERABLE: @@ -181,14 +181,14 @@ def realDoTest( t_params ): if _verbose >= 3 and _verbose < 4: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) return - + if 'Content-Type' in r.headers: content_type = r.headers['Content-Type'] else: content_type = '-' - + vuln = '-' - + # if vuln == 'VULNERABLE': # t_vulnerable[u] = t_vulnerable[u] + 1 diff --git a/resolve.py b/resolve.py index dba4c1e..9d76193 100755 --- a/resolve.py +++ b/resolve.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -15,12 +15,12 @@ def banner(): print(""" - _ - _ __ ___ ___ ___ | |_ _____ _ __ _ _ + _ + _ __ ___ ___ ___ | |_ _____ _ __ _ _ | '__/ _ \/ __|/ _ \| \ \ / / _ \ | '_ \| | | | | | | __/\__ \ (_) | |\ V / __/ _ | |_) | |_| | |_| \___||___/\___/|_| \_/ \___| (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -65,10 +65,10 @@ def resolve( host, store_ip ): host = host.strip() if not len(host): return - + if t_multiproc['n_current']%5000 == 0: save( store_ip ) - + sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) t_multiproc['n_current'] = t_multiproc['n_current'] + 1 diff --git a/smuggler.py b/smuggler.py index 5571e00..1b462ca 100755 --- a/smuggler.py +++ b/smuggler.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -31,12 +31,12 @@ def banner(): print(""" - _ - ___ _ __ ___ _ _ __ _ __ _| | ___ _ __ _ __ _ _ + _ + ___ _ __ ___ _ _ __ _ __ _| | ___ _ __ _ __ _ _ / __| '_ ` _ \| | | |/ _` |/ _` | |/ _ \ '__| | '_ \| | | | \__ \ | | | | | |_| | (_| | (_| | | __/ | _ | |_) | |_| | |___/_| |_| |_|\__,_|\__, |\__, |_|\___|_| (_) | .__/ \__, | - |___/ |___/ |_| |___/ + |___/ |___/ |_| |___/ by @gwendallecoguic @@ -159,7 +159,7 @@ def update_content_length( self, msg, cl ): def underjoin1( self, msg ): msg = msg.replace( 'Transfer-Encoding', 'Transfer_Encoding' ) return msg - + def underscore2( self, msg ): msg = msg.replace( 'Content-Length', 'Content_Length' ) return msg @@ -167,11 +167,11 @@ def underscore2( self, msg ): def spacejoin1( self, msg ): msg = msg.replace( 'Transfer-Encoding', 'Transfer Encoding' ) return msg - + def space1( self, msg ): msg = msg.replace( 'Transfer-Encoding', 'Transfer-Encoding ' ) return msg - + def space2( self, msg ): msg = msg.replace( 'Content-Length', 'Content-Length ' ) return msg @@ -427,7 +427,7 @@ class sockRequest: def __init__( self, url, message ): self.url = url self.message = message - + def receive_all( self, sock ): datas = '' @@ -454,7 +454,7 @@ def extractDatas( self ): self.content_length = len( self.content ) tmp = self.headers.split( CRLF ) - + first_line = tmp[0].split( ' ' ) self.status_code = int(first_line[1]) self.status_reason = first_line[2] @@ -470,14 +470,14 @@ def extractDatas( self ): def send( self ): t_urlparse = urlparse( self.url ) - + if t_urlparse.port: port = t_urlparse.port elif t_urlparse.scheme == 'https': port = 443 else: port = 80 - + # not supposed to happen but thanks to AlessandroZ # https://github.com/gwen001/pentest-tools/pull/3 if ':' in t_urlparse.netloc: @@ -506,7 +506,7 @@ def send( self ): except Exception as e: sys.stdout.write( "%s[-] send (connect) - error occurred: %s (%s)%s\n" % (fg('red'),e,self.url,attr(0)) ) return False - + sock.sendall( str.encode(self.message) ) start = time.time() @@ -515,7 +515,7 @@ def send( self ): except Exception as e: sys.stdout.write( "%s[-] send (receive) - error occurred: %s (%s)%s\n" % (fg('red'),e,self.url,attr(0)) ) return False - + end = time.time() try: diff --git a/subruten.py b/subruten.py index 2329099..2d2ee0c 100755 --- a/subruten.py +++ b/subruten.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -13,7 +13,7 @@ def doWork(): def resolve( host ): if t_multiproc['n_current']%5000 == 0: save(False) - + sys.stdout.write( 'progress: %d/%d\r' % (t_multiproc['n_current'],t_multiproc['n_total']) ) t_multiproc['n_current'] = t_multiproc['n_current'] + 1 diff --git a/xss.py b/xss.py index 4826b2b..eb03c80 100755 --- a/xss.py +++ b/xss.py @@ -1,4 +1,4 @@ -#!/usr/bin/python3.5 +#!/usr/bin/python3 # I don't believe in license. # You can do whatever you want with this program. @@ -22,11 +22,11 @@ def banner(): print(""" - __ _____ ___ _ __ _ _ + __ _____ ___ _ __ _ _ \ \/ / __/ __| | '_ \| | | | > <\__ \__ \ _ | |_) | |_| | /_/\_\___/___/ (_) | .__/ \__, | - |_| |___/ + |_| |___/ by @gwendallecoguic @@ -52,7 +52,7 @@ def _parse_qs( query ): t_params[pname] = [] pvalue = '' if len(t_param) < 2 else t_param[1] t_params[pname].append( pvalue ) - + return t_params @@ -88,7 +88,7 @@ def testFragment( t_urlparse, payload ): def testPath( t_urlparse, payload ): path = '' t_path = ['/'] + t_urlparse.path.split('/') - + for dir in t_path: if len(dir): path = path + '/' + dir @@ -161,12 +161,12 @@ def realDoTest( t_params ): if _verbose >= 3 and _verbose < 4: sys.stdout.write( "%s[-] error occurred: %s%s\n" % (fg('red'),e,attr(0)) ) # pass - + if 'called' in cmd_output: vuln = 'VULNERABLE' else: vuln = '-' - + output = "%s\t\tP=%s\t\tV=%s\n" % (url,post_params,vuln) fp = open( t_multiproc['f_output'], 'a+' )