├── zcybercru.jpg ├── README.md ├── templates ├── icon.py ├── rfi.html ├── sqli.html ├── ssi.html ├── lfi.html ├── xss.html ├── rce.html ├── csrf.html ├── csv.html ├── paramtemper.html └── bypassadmin.html ├── .gitignore └── bugreport.py /zcybercru.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/marioyhzkiell/bugreport/HEAD/zcybercru.jpg -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |

Use Python Version 3.*

2 |

how to install?

3 |

try it!

4 |

12 | -------------------------------------------------------------------------------- /templates/icon.py: -------------------------------------------------------------------------------- 1 | class item: 2 | def __init__(self): 3 | print ('\033[91m',''' 4 | ██████╗ ██╗ ██╗ ██████╗ 5 | ██╔══██╗██║ ██║██╔════╝ [ V.1.05 ] 6 | ██████╔╝██║ ██║██║ ███╗ █████╗█████╗ 7 | ██╔══██╗██║ ██║██║ ██║ ╚════╝╚════╝ 8 | ██████╔╝╚██████╔╝╚██████╔╝ 9 | ╚═════╝ ╚═════╝ ╚═════╝ 10 | ██████╗ ███████╗██████╗ ██████╗ ██████╗ ████████╗ 11 | ██╔══██╗██╔════╝██╔══██╗██╔═══██╗██╔══██╗╚══██╔══╝ 12 | ██████╔╝█████╗ ██████╔╝██║ ██║██████╔╝ ██║ 13 | ██╔══██╗██╔══╝ ██╔═══╝ ██║ ██║██╔══██╗ ██║ 14 | ██║ ██║███████╗██║ ╚██████╔╝██║ ██║ ██║ 15 | ╚═╝ ╚═╝╚══════╝╚═╝ ╚═════╝ ╚═╝ ╚═╝ ╚═╝ 16 | ''') 17 | -------------------------------------------------------------------------------- /templates/rfi.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |

54 | 55 | 56 | 57 | 60 | 61 | 62 | 562 | 565 |

58 | [ BUG REPORT ] 59 |

63 | Dear security team, 64 |

Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug RFI(Remote File Inclusion) di website anda.

66 | bug RFI(Remote File Inclusion) dapat memungkinkan penyerang untuk 67 | mengganti alamat file yang akan dipanggil dan kemudian 68 | diproses.

69 | -------------------------------------------------------------------------------- /templates/sqli.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 509 | 512 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug SQL Injection di website anda.

66 | Bug SQL Injection dapat memungkinkan penyerang untuk 67 | menambah data, merubah data, menghapus data, mencuri data pada 68 | database, serta dapat masuk ke dalam sistem.

69 | -------------------------------------------------------------------------------- /templates/ssi.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 456 | 459 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug SSI(Server Side Injection) di website anda.

66 | bug SSI(Server Side Injection) dapat memungkinkan penyerang 67 | mengirim kode ke aplikasi server yang akan dieksekusi nanti, 68 | dan secara lokal, oleh server web.

69 | -------------------------------------------------------------------------------- /templates/lfi.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 403 | 406 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug LFI(Local File Inclusion) di website anda.

66 | bug lFI(Local File Inclusion) dapat memungkinkan penyerang untuk 67 | menyertakan file lokal yang tersimpan di server agar dapat 68 | menjadi bagian dari proses eksekusi aplikasi.

69 | -------------------------------------------------------------------------------- /templates/xss.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 350 | 353 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug XSS(Cross Site Scripting) di website anda.

66 | bug XSS(Cross Site Scripting) dapat memungkinkan penyerang untuk 67 | mem-bypass keamanan di sisi klien, mendapatkan informasi sensitif, 68 | atau menyimpan aplikasi berbahaya.

69 | -------------------------------------------------------------------------------- /templates/rce.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 297 | 300 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug RCE(Remote Code Execution) di website anda.

66 | bug RCE(Remote Code Execuion) dapat memungkinkan penyerang untuk 67 | mengeksekusi kode berbahaya dan mengambil kendali penuh dari 68 | sistem yang terkena dampak dengan hak istimewa pengguna menjalankan 69 | aplikasi.

70 | -------------------------------------------------------------------------------- /templates/csrf.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 244 | 247 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug CSRF(Cross Site Request Forgery) di website anda.

66 | bug CSRF(Cross Site Request Forgery) dapat memungkinkan penyerang 67 | untuk mengirimkan link atau halaman berisi request tersembunyi 68 | pada pengguna (korban), yang dieksekusi oleh penggunan tersebut 69 | ke website target.

70 | -------------------------------------------------------------------------------- /templates/csv.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 191 | 194 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug CSV onjection di website anda.

66 | bug CSV Injection dapat memungkinkan penyerang untuk 67 | menyuntikkan muatan atau formula berbahaya ke dalam kolom input. 68 | Setelah data diekspor dan file dibuka, aplikasi spreadsheet 69 | mengeksekusi muatan berbahaya dengan asumsi makro standar.

70 | -------------------------------------------------------------------------------- /templates/paramtemper.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 138 | 141 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug Parameter Tempering di website anda.

66 | bug Parameter Tempering dapat memungkinkan penyerang untuk 67 | manipulasi parameter yang dipertukarkan antara klien dan server 68 | untuk memodifikasi data aplikasi, seperti kredensial dan izin 69 | pengguna, harga dan jumlah produk, dll.

70 | -------------------------------------------------------------------------------- /templates/bypassadmin.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 49 | 50 | 51 | 52 | 53 |
54 | 55 | 56 | 57 | 60 | 61 | 62 | 85 | 88 |
58 | [ BUG REPORT ] 59 |
63 | Dear security team, 64 |
Disaat saya melakukan penetrations testing terhadap website anda, 65 | saya menemukan bug Bypass Admin di website anda.

66 | bug Bypass Admin dapat memungkinkan penyerang untuk memasukan 67 | query sql secara paksa pada form login yang nantinya akan dibaca 68 | oleh komputer sebagai sebuah intruksi login (karena intruksinya 69 | memaksa, jadi tanpa user&pass pun komputer akan memprosesnya).

70 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | *.egg-info/ 24 | .installed.cfg 25 | *.egg 26 | MANIFEST 27 | 28 | # PyInstaller 29 | # Usually these files are written by a python script from a template 30 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 31 | *.manifest 32 | *.spec 33 | 34 | # Installer logs 35 | pip-log.txt 36 | pip-delete-this-directory.txt 37 | 38 | # Unit test / coverage reports 39 | htmlcov/ 40 | .tox/ 41 | .coverage 42 | .coverage.* 43 | .cache 44 | nosetests.xml 45 | coverage.xml 46 | *.cover 47 | .hypothesis/ 48 | .pytest_cache/ 49 | 50 | # Translations 51 | *.mo 52 | *.pot 53 | 54 | # Django stuff: 55 | *.log 56 | local_settings.py 57 | db.sqlite3 58 | 59 | # Flask stuff: 60 | instance/ 61 | .webassets-cache 62 | 63 | # Scrapy stuff: 64 | .scrapy 65 | 66 | # Sphinx documentation 67 | docs/_build/ 68 | 69 | # PyBuilder 70 | target/ 71 | 72 | # Jupyter Notebook 73 | .ipynb_checkpoints 74 | 75 | # pyenv 76 | .python-version 77 | 78 | # celery beat schedule file 79 | celerybeat-schedule 80 | 81 | # SageMath parsed files 82 | *.sage.py 83 | 84 | # Environments 85 | .env 86 | .venv 87 | env/ 88 | venv/ 89 | ENV/ 90 | env.bak/ 91 | venv.bak/ 92 | 93 | # Spyder project settings 94 | .spyderproject 95 | .spyproject 96 | 97 | # Rope project settings 98 | .ropeproject 99 | 100 | # mkdocs documentation 101 | /site 102 | 103 | # mypy 104 | .mypy_cache/ 105 | -------------------------------------------------------------------------------- /bugreport.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | import smtplib 4 | import os 5 | from email.mime.base import MIMEBase 6 | from email import encoders 7 | from email.mime.application import MIMEApplication 8 | from email.mime.multipart import MIMEMultipart 9 | from email.mime.text import MIMEText 10 | from email.mime.image import MIMEImage 11 | from os import system 12 | from getpass import getpass 13 | from templates import icon 14 | ''' 15 | CODED BY MARIO YEHEZKIEL 16 | 17 | INSTAGRAM : https://www.instagram.com/zcybercru/ 18 | https://www.instagram.com/mario.yhzkiell/ 19 | GITHUB : https://github.com/marioyhzkiell 20 | hackerone : https://hackerone.com/marioyhzkiell 21 | 22 | ''' 23 | class colors: 24 | def __init__(self,inputColor): 25 | self.Color = inputColor 26 | red = colors('\033[91m') 27 | green = colors('\033[92m') 28 | yellow = colors('\033[93m') 29 | cyan = colors('\033[96m') 30 | 31 | system('clear') 32 | icon.item() 33 | print (red.Color+'###################################################################') 34 | print ('## '+cyan.Color+'[●] This tool is specifically for Gmail and Yahoo users!'+red.Color+' ##') 35 | print ('## '+cyan.Color+'[●] Enable (less secure apps) in your email settings to work!'+red.Color+' ##') 36 | print ('###################################################################') 37 | print ('\n'+yellow.Color+'[●] select type vulnerability you want to report!') 38 | print ('═════════════════════════════════════════════════') 39 | print (' '+green.Color+'[1].'+yellow.Color+' SQLI[SQL Injection]') 40 | print (' '+green.Color+'[2].'+yellow.Color+' LFI[Local File Inclusion]') 41 | print (' '+green.Color+'[3].'+yellow.Color+' RFI[Remote File Inclusion]') 42 | print (' '+green.Color+'[4].'+yellow.Color+' RCE[Remote Code Execution]') 43 | print (' '+green.Color+'[5].'+yellow.Color+' CSRF Attack') 44 | print (' '+green.Color+'[6].'+yellow.Color+' XSS[Cross Site Scripting]') 45 | print (' '+green.Color+'[7].'+yellow.Color+' SSI[Server Side Injection]') 46 | print (' '+green.Color+'[8].'+yellow.Color+' CSV Injection') 47 | print (' '+green.Color+'[9].'+yellow.Color+' Parameter Tampering') 48 | print (' '+green.Color+'[10].'+yellow.Color+' Bypass Admin') 49 | print (' '+green.Color+'[99].'+yellow.Color+' Exit/Quit') 50 | print (' '+green.Color+'[00].'+yellow.Color+' Reinstall/Update Tools\n') 51 | 52 | 53 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter the selected number]') 54 | inputbug = input(green.Color+'╰━━¤ √ : ') 55 | 56 | msg = MIMEMultipart() 57 | 58 | 59 | 60 | 61 | if inputbug == '1': 62 | 63 | inputsite = 'url vuln SQL Injection : ' 64 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/view.php?id=12') 65 | print (yellow.Color+'═════════════════════════════════════════════') 66 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 67 | urlsite = input(green.Color+'╰━━¤ √ : ') 68 | if urlsite: 69 | print ('') 70 | else: 71 | print ('\n'+red.Color+'[!] Please enter site name!') 72 | print (yellow.Color+'═══════════════════════════\n') 73 | exit() 74 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 75 | respect = '

Hormat saya,
' 76 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 77 | yourname = input(green.Color+'╰━━¤ √ : ') 78 | if yourname: 79 | print('') 80 | else: 81 | print ('\n'+red.Color+'[!] Please enter your name!') 82 | print (yellow.Color+'═══════════════════════════\n') 83 | exit() 84 | tableclose = '''
86 | reported using bugreport tools
tools made by zcybercru 87 |
89 | ''' 90 | msg.attach(MIMEText(open('templates/sqli.html',).read(),'html')) 91 | msg.attach(MIMEText(inputsite,'html')) 92 | msg.attach(MIMEText(urlsite,'html')) 93 | msg.attach(MIMEText(closemail,'html')) 94 | msg.attach(MIMEText(respect,'html')) 95 | msg.attach(MIMEText(yourname,'html')) 96 | msg.attach(MIMEText(tableclose,'html')) 97 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 98 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 99 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 100 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 101 | print (yellow.Color+'═══════════════════════════════════════════════════') 102 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 103 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 104 | filename = os.path.basename(file_location) 105 | attachment = open(file_location, "rb") 106 | part = MIMEBase('application', 'octet-stream') 107 | part.set_payload(attachment.read()) 108 | encoders.encode_base64(part) 109 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 110 | msg.attach(part) 111 | 112 | 113 | 114 | elif inputbug == '2': 115 | 116 | inputsite = 'url vuln Local File Inclusion : ' 117 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/view/?file=../etc/passwd') 118 | print (yellow.Color+'══════════════════════════════════════════════════════') 119 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 120 | urlsite = input(green.Color+'╰━━¤ √ : ') 121 | if urlsite: 122 | print ('') 123 | else: 124 | print ('\n'+red.Color+'[!] Please enter site name!') 125 | print (yellow.Color+'═══════════════════════════\n') 126 | exit() 127 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 128 | respect = '

Hormat saya,
' 129 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 130 | yourname = input(green.Color+'╰━━¤ √ : ') 131 | if yourname: 132 | print('') 133 | else: 134 | print ('\n'+red.Color+'[!] Please enter your name!') 135 | print (yellow.Color+'═══════════════════════════\n') 136 | exit() 137 | tableclose = '''
139 | reported using bugreport tools
tools made by zcybercru 140 |
142 | ''' 143 | msg.attach(MIMEText(open('templates/lfi.html',).read(),'html')) 144 | msg.attach(MIMEText(inputsite,'html')) 145 | msg.attach(MIMEText(urlsite,'html')) 146 | msg.attach(MIMEText(closemail,'html')) 147 | msg.attach(MIMEText(respect,'html')) 148 | msg.attach(MIMEText(yourname,'html')) 149 | msg.attach(MIMEText(tableclose,'html')) 150 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 151 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 152 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 153 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 154 | print (yellow.Color+'═══════════════════════════════════════════════════') 155 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 156 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 157 | filename = os.path.basename(file_location) 158 | attachment = open(file_location, "rb") 159 | part = MIMEBase('application', 'octet-stream') 160 | part.set_payload(attachment.read()) 161 | encoders.encode_base64(part) 162 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 163 | msg.attach(part) 164 | 165 | 166 | 167 | elif inputbug == '3': 168 | 169 | inputsite = 'url vuln Remote File Inclusion : ' 170 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/view/?page=http://ex.com/shell.txt') 171 | print (yellow.Color+'════════════════════════════════════════════════════════════════') 172 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 173 | urlsite = input(green.Color+'╰━━¤ √ : ') 174 | if urlsite: 175 | print ('') 176 | else: 177 | print ('\n'+red.Color+'[!] Please enter site name!') 178 | print (yellow.Color+'═══════════════════════════\n') 179 | exit() 180 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 181 | respect = '

Hormat saya,
' 182 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 183 | yourname = input(green.Color+'╰━━¤ √ : ') 184 | if yourname: 185 | print('') 186 | else: 187 | print ('\n'+red.Color+'[!] Please enter your name!') 188 | print (yellow.Color+'═══════════════════════════\n') 189 | exit() 190 | tableclose = '''
192 | reported using bugreport tools
tools made by zcybercru 193 |
195 | ''' 196 | msg.attach(MIMEText(open('templates/rfi.html',).read(),'html')) 197 | msg.attach(MIMEText(inputsite,'html')) 198 | msg.attach(MIMEText(urlsite,'html')) 199 | msg.attach(MIMEText(closemail,'html')) 200 | msg.attach(MIMEText(respect,'html')) 201 | msg.attach(MIMEText(yourname,'html')) 202 | msg.attach(MIMEText(tableclose,'html')) 203 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 204 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 205 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 206 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 207 | print (yellow.Color+'═══════════════════════════════════════════════════') 208 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 209 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 210 | filename = os.path.basename(file_location) 211 | attachment = open(file_location, "rb") 212 | part = MIMEBase('application', 'octet-stream') 213 | part.set_payload(attachment.read()) 214 | encoders.encode_base64(part) 215 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 216 | msg.attach(part) 217 | 218 | 219 | 220 | elif inputbug == '4': 221 | 222 | inputsite = 'url vuln Remote Code Execution : ' 223 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/cgi_bin/main.cgi?board=FREE_BOARD') 224 | print (yellow.Color+'═══════════════════════════════════════════════════════════════') 225 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 226 | urlsite = input(green.Color+'╰━━¤ √ : ') 227 | if urlsite: 228 | print ('') 229 | else: 230 | print ('\n'+red.Color+'[!] Please enter site name!') 231 | print (yellow.Color+'═══════════════════════════\n') 232 | exit() 233 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 234 | respect = '

Hormat saya,
' 235 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 236 | yourname = input(green.Color+'╰━━¤ √ : ') 237 | if yourname: 238 | print('') 239 | else: 240 | print ('\n'+red.Color+'[!] Please enter your name!') 241 | print (yellow.Color+'═══════════════════════════\n') 242 | exit() 243 | tableclose = '''
245 | reported using bugreport tools
tools made by zcybercru 246 |
248 | ''' 249 | msg.attach(MIMEText(open('templates/rce.html',).read(),'html')) 250 | msg.attach(MIMEText(inputsite,'html')) 251 | msg.attach(MIMEText(urlsite,'html')) 252 | msg.attach(MIMEText(closemail,'html')) 253 | msg.attach(MIMEText(respect,'html')) 254 | msg.attach(MIMEText(yourname,'html')) 255 | msg.attach(MIMEText(tableclose,'html')) 256 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 257 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 258 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 259 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 260 | print (yellow.Color+'═══════════════════════════════════════════════════') 261 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 262 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 263 | filename = os.path.basename(file_location) 264 | attachment = open(file_location, "rb") 265 | part = MIMEBase('application', 'octet-stream') 266 | part.set_payload(attachment.read()) 267 | encoders.encode_base64(part) 268 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 269 | msg.attach(part) 270 | 271 | 272 | 273 | elif inputbug =='5': 274 | 275 | inputsite = 'url vuln CSRF Attack : ' 276 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/download/?acc=paul&price=1000') 277 | print (yellow.Color+'═══════════════════════════════════════════════════════════') 278 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 279 | urlsite = input(green.Color+'╰━━¤ √ : ') 280 | if urlsite: 281 | print ('') 282 | else: 283 | print ('\n'+red.Color+'[!] Please enter site name!') 284 | print (yellow.Color+'═══════════════════════════\n') 285 | exit() 286 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 287 | respect = '

Hormat saya,
' 288 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 289 | yourname = input(green.Color+'╰━━¤ √ : ') 290 | if yourname: 291 | print('') 292 | else: 293 | print ('\n'+red.Color+'[!] Please enter your name!') 294 | print (yellow.Color+'═══════════════════════════\n') 295 | exit() 296 | tableclose = '''
298 | reported using bugreport tools
tools made by zcybercru 299 |
301 | ''' 302 | msg.attach(MIMEText(open('templates/csrf.html',).read(),'html')) 303 | msg.attach(MIMEText(inputsite,'html')) 304 | msg.attach(MIMEText(urlsite,'html')) 305 | msg.attach(MIMEText(closemail,'html')) 306 | msg.attach(MIMEText(respect,'html')) 307 | msg.attach(MIMEText(yourname,'html')) 308 | msg.attach(MIMEText(tableclose,'html')) 309 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 310 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 311 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 312 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 313 | print (yellow.Color+'═══════════════════════════════════════════════════') 314 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 315 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 316 | filename = os.path.basename(file_location) 317 | attachment = open(file_location, "rb") 318 | part = MIMEBase('application', 'octet-stream') 319 | part.set_payload(attachment.read()) 320 | encoders.encode_base64(part) 321 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 322 | msg.attach(part) 323 | 324 | 325 | 326 | elif inputbug == '6': 327 | 328 | inputsite = 'url vuln XSS attack : ' 329 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/search/?q=') 330 | print (yellow.Color+'════════════════════════════════════════') 331 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 332 | urlsite = input(green.Color+'╰━━¤ √ : ') 333 | if urlsite: 334 | print ('') 335 | else: 336 | print ('\n'+red.Color+'[!] Please enter site name!') 337 | print (yellow.Color+'═══════════════════════════\n') 338 | exit() 339 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 340 | respect = '

Hormat saya,
' 341 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 342 | yourname = input(green.Color+'╰━━¤ √ : ') 343 | if yourname: 344 | print('') 345 | else: 346 | print ('\n'+red.Color+'[!] Please enter your name!') 347 | print (yellow.Color+'═══════════════════════════\n') 348 | exit() 349 | tableclose = '''
351 | reported using bugreport tools
tools made by zcybercru 352 |
354 | ''' 355 | msg.attach(MIMEText(open('templates/xss.html',).read(),'html')) 356 | msg.attach(MIMEText(inputsite,'html')) 357 | msg.attach(MIMEText(urlsite,'html')) 358 | msg.attach(MIMEText(closemail,'html')) 359 | msg.attach(MIMEText(respect,'html')) 360 | msg.attach(MIMEText(yourname,'html')) 361 | msg.attach(MIMEText(tableclose,'html')) 362 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 363 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 364 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 365 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 366 | print (yellow.Color+'═══════════════════════════════════════════════════') 367 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 368 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 369 | filename = os.path.basename(file_location) 370 | attachment = open(file_location, "rb") 371 | part = MIMEBase('application', 'octet-stream') 372 | part.set_payload(attachment.read()) 373 | encoders.encode_base64(part) 374 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 375 | msg.attach(part) 376 | 377 | 378 | 379 | elif inputbug == '7': 380 | 381 | inputsite = 'url vuln Server Side Injection : ' 382 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/member/login.shtml?page=') 383 | print (yellow.Color+'══════════════════════════════════════════════════════') 384 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 385 | urlsite = input(green.Color+'╰━━¤ √ : ') 386 | if urlsite: 387 | print ('') 388 | else: 389 | print ('\n'+red.Color+'[!] Please enter site name!') 390 | print (yellow.Color+'═══════════════════════════\n') 391 | exit() 392 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 393 | respect = '

Hormat saya,
' 394 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 395 | yourname = input(green.Color+'╰━━¤ √ : ') 396 | if yourname: 397 | print('') 398 | else: 399 | print ('\n'+red.Color+'[!] Please enter your name!') 400 | print (yellow.Color+'═══════════════════════════\n') 401 | exit() 402 | tableclose = '''
404 | reported using bugreport tools
tools made by zcybercru 405 |
407 | ''' 408 | msg.attach(MIMEText(open('templates/ssi.html',).read(),'html')) 409 | msg.attach(MIMEText(inputsite,'html')) 410 | msg.attach(MIMEText(urlsite,'html')) 411 | msg.attach(MIMEText(closemail,'html')) 412 | msg.attach(MIMEText(respect,'html')) 413 | msg.attach(MIMEText(yourname,'html')) 414 | msg.attach(MIMEText(tableclose,'html')) 415 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 416 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 417 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 418 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 419 | print (yellow.Color+'═══════════════════════════════════════════════════') 420 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 421 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 422 | filename = os.path.basename(file_location) 423 | attachment = open(file_location, "rb") 424 | part = MIMEBase('application', 'octet-stream') 425 | part.set_payload(attachment.read()) 426 | encoders.encode_base64(part) 427 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 428 | msg.attach(part) 429 | 430 | 431 | 432 | elif inputbug == '8': 433 | 434 | inputsite = 'url vuln CSV Injection : ' 435 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/member/upload_video/#addvideo') 436 | print (yellow.Color+'═══════════════════════════════════════════════════════════') 437 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 438 | urlsite = input(green.Color+'╰━━¤ √ : ') 439 | if urlsite: 440 | print ('') 441 | else: 442 | print ('\n'+red.Color+'[!] Please enter site name!') 443 | print (yellow.Color+'═══════════════════════════\n') 444 | exit() 445 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 446 | respect = '

Hormat saya,
' 447 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 448 | yourname = input(green.Color+'╰━━¤ √ : ') 449 | if yourname: 450 | print('') 451 | else: 452 | print ('\n'+red.Color+'[!] Please enter your name!') 453 | print (yellow.Color+'═══════════════════════════\n') 454 | exit() 455 | tableclose = '''
457 | reported using bugreport tools
tools made by zcybercru 458 |
460 | ''' 461 | msg.attach(MIMEText(open('templates/csv.html',).read(),'html')) 462 | msg.attach(MIMEText(inputsite,'html')) 463 | msg.attach(MIMEText(urlsite,'html')) 464 | msg.attach(MIMEText(closemail,'html')) 465 | msg.attach(MIMEText(respect,'html')) 466 | msg.attach(MIMEText(yourname,'html')) 467 | msg.attach(MIMEText(tableclose,'html')) 468 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 469 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 470 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 471 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 472 | print (yellow.Color+'═══════════════════════════════════════════════════') 473 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 474 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 475 | filename = os.path.basename(file_location) 476 | attachment = open(file_location, "rb") 477 | part = MIMEBase('application', 'octet-stream') 478 | part.set_payload(attachment.read()) 479 | encoders.encode_base64(part) 480 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 481 | msg.attach(part) 482 | 483 | 484 | 485 | elif inputbug == '9': 486 | 487 | inputsite = 'url vuln Parameter Tempering : ' 488 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/download/?vid=asian.mp4&price=1000') 489 | print (yellow.Color+'════════════════════════════════════════════════════════════════') 490 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 491 | urlsite = input(green.Color+'╰━━¤ √ : ') 492 | if urlsite: 493 | print ('') 494 | else: 495 | print ('\n'+red.Color+'[!] Please enter site name!') 496 | print (yellow.Color+'═══════════════════════════\n') 497 | exit() 498 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 499 | respect = '

Hormat saya,
' 500 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 501 | yourname = input(green.Color+'╰━━¤ √ : ') 502 | if yourname: 503 | print('') 504 | else: 505 | print ('\n'+red.Color+'[!] Please enter your name!') 506 | print (yellow.Color+'═══════════════════════════\n') 507 | exit() 508 | tableclose = '''
510 | reported using bugreport tools
tools made by zcybercru 511 |
513 | ''' 514 | msg.attach(MIMEText(open('templates/paramtemper.html',).read(),'html')) 515 | msg.attach(MIMEText(inputsite,'html')) 516 | msg.attach(MIMEText(urlsite,'html')) 517 | msg.attach(MIMEText(closemail,'html')) 518 | msg.attach(MIMEText(respect,'html')) 519 | msg.attach(MIMEText(yourname,'html')) 520 | msg.attach(MIMEText(tableclose,'html')) 521 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 522 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 523 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 524 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 525 | print (yellow.Color+'═══════════════════════════════════════════════════') 526 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 527 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 528 | filename = os.path.basename(file_location) 529 | attachment = open(file_location, "rb") 530 | part = MIMEBase('application', 'octet-stream') 531 | part.set_payload(attachment.read()) 532 | encoders.encode_base64(part) 533 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 534 | msg.attach(part) 535 | 536 | 537 | 538 | elif inputbug == '10': 539 | 540 | inputsite = 'url vuln Bypass Admin : ' 541 | print ('\n'+cyan.Color+'[●] Ex : https://pornsite.com/adminporn/login.php') 542 | print (yellow.Color+'═════════════════════════════════════════════════') 543 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter the bug website url]') 544 | urlsite = input(green.Color+'╰━━¤ √ : ') 545 | if urlsite: 546 | print ('') 547 | else: 548 | print ('\n'+red.Color+'[!] Please enter site name!') 549 | print (yellow.Color+'═══════════════════════════\n') 550 | exit() 551 | closemail = '

dengan laporan ini semoga bug report saya dapat diterima dengan baik, terimakasih.' 552 | respect = '

Hormat saya,
' 553 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter Your Name]') 554 | yourname = input(green.Color+'╰━━¤ √ : ') 555 | if yourname: 556 | print('') 557 | else: 558 | print ('\n'+red.Color+'[!] Please enter your name!') 559 | print (yellow.Color+'═══════════════════════════\n') 560 | exit() 561 | tableclose = '''

563 | reported using bugreport tools
tools made by zcybercru 564 |

566 | ''' 567 | msg.attach(MIMEText(open('templates/rfi.html',).read(),'html')) 568 | msg.attach(MIMEText(inputsite,'html')) 569 | msg.attach(MIMEText(urlsite,'html')) 570 | msg.attach(MIMEText(closemail,'html')) 571 | msg.attach(MIMEText(respect,'html')) 572 | msg.attach(MIMEText(yourname,'html')) 573 | msg.attach(MIMEText(tableclose,'html')) 574 | print (cyan.Color+'[●] Enter your file as a POC (Proof of Concept)!') 575 | print ('[●] Ex : /storage/emulated/0/Document/bugreport.pdf') 576 | print ('[●] Ex : /storage/emulated/0/Pictures/bugreport.jpg') 577 | print ('[●] Ex : /storage/emulated/0/Recorder/bugreport.mp4') 578 | print (yellow.Color+'═══════════════════════════════════════════════════') 579 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your document file (default:zcybercru.jpg)]') 580 | file_location = input(green.Color+'╰━━¤ √ : ') or 'zcybercru.jpg' 581 | filename = os.path.basename(file_location) 582 | attachment = open(file_location, "rb") 583 | part = MIMEBase('application', 'octet-stream') 584 | part.set_payload(attachment.read()) 585 | encoders.encode_base64(part) 586 | part.add_header('Content-Disposition', "attachment; filename= %s" % filename) 587 | msg.attach(part) 588 | 589 | 590 | 591 | elif inputbug == '99': 592 | print ('\n'+cyan.Color+'[●] have a nice day!') 593 | print (yellow.Color+'════════════════════') 594 | exit() 595 | 596 | elif inputbug == '00': 597 | sys = system('cd .. && rm -rf bugreport && git clone https://github.com/marioyhzkiell/bugreport.git') 598 | print ('\n'+cyan.Color+'[●] Success Reinstall/Update Tools!') 599 | print ('[●] CTRL + D for exit, and login again!') 600 | print (yellow.Color+'═══════════════════════════════════════') 601 | exit() 602 | else: 603 | print ('\n'+red.Color+'[!] wrong input!') 604 | print (yellow.Color+'════════════════') 605 | exit() 606 | 607 | 608 | system('clear') 609 | icon.item() 610 | print (cyan.Color+'[●] Select the email account server used!') 611 | print (yellow.Color+'═════════════════════════════════════════') 612 | print (' '+green.Color+'[1].'+yellow.Color+' Gmail') 613 | print (' '+green.Color+'[2].'+yellow.Color+' Yahoo') 614 | print (' '+green.Color+'[99].'+yellow.Color+' Exit/Quit') 615 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter the selected number]') 616 | choice = input(green.Color+'╰━━¤ √ : ') 617 | if choice == '1': 618 | server = smtplib.SMTP('smtp.gmail.com', 587) 619 | elif choice == '2': 620 | server = smtplib.SMTP('smtp.mail.yahoo.com', 587) 621 | elif choice == '99': 622 | print ('\n'+cyan.Color+'[●] have a nice day!') 623 | print (yellow.Color+'════════════════════') 624 | exit() 625 | else: 626 | print ('\n'+red.Color+'[!] wrong input!') 627 | print (yellow.Color+'════════════════') 628 | exit() 629 | 630 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter your email]') 631 | email = input(green.Color+'╰━━¤ √ : ') 632 | if email: 633 | print ('') 634 | else: 635 | print ('\n'+red.Color+'[!] Please enter your email!') 636 | print (yellow.Color+'════════════════════════════\n') 637 | exit() 638 | 639 | print (cyan.Color+'[●] Blank passwd OR See passwd for entering your pass?') 640 | print (yellow.Color+'══════════════════════════════════════════════════════') 641 | print (' '+green.Color+'[1].'+yellow.Color+' See Password') 642 | print (' '+green.Color+'[2].'+yellow.Color+' Blank Password') 643 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter the selected number]') 644 | inputpass = input(green.Color+'╰━━¤ √ : ') 645 | if inputpass == '1': 646 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter your password email]') 647 | password = input(green.Color+'╰━━¤ √ : ') 648 | if password: 649 | print ('') 650 | else: 651 | print ('\n'+red.Color+'[!] Please enter your password!') 652 | print (yellow.Color+'═══════════════════════════════\n') 653 | exit() 654 | elif inputpass == '2': 655 | print ('\n'+green.Color+'╭━━¤'+yellow.Color+' [Enter your password email]') 656 | password = getpass(green.Color+'╰━━¤ √ : ') 657 | if password: 658 | print ('') 659 | else: 660 | print ('\n'+red.Color+'[!] Please enter your password!') 661 | print (yellow.Color+'═══════════════════════════════\n') 662 | exit() 663 | else: 664 | print ('\n'+red.Color+'[!] wrong input!') 665 | print (yellow.Color+'════════════════') 666 | exit() 667 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your email destination]') 668 | toaddr = input(green.Color+'╰━━¤ √ : ') 669 | if toaddr: 670 | print ('') 671 | else: 672 | print ('\n'+red.Color+'[!] Please enter your email destination!') 673 | print (yellow.Color+'════════════════════════════════════════\n') 674 | exit() 675 | print (cyan.Color+'[●] Enter your email title!') 676 | print ('[●] Ex : [BUG BOUNTY TOKOPEDIA] Stored XSS to get user info') 677 | print ('[●] Ex : [xx.xx.go.id] SQL INJECTION on /berita.php?id=12') 678 | print ('[●] Ex : [pornsite.com] SQL INJECTION on /index.php?id=12') 679 | print (yellow.Color+'═════════════════════════════════════════════════════════') 680 | print (green.Color+'╭━━¤'+yellow.Color+' [Enter your email title]') 681 | title = input(green.Color+'╰━━¤ √ : ') 682 | if title: 683 | print ('') 684 | else: 685 | print ('\n'+red.Color+'[!] Please enter your email title!') 686 | print (yellow.Color+'══════════════════════════════════\n') 687 | exit() 688 | msg['From'] = email 689 | msg['To'] = toaddr 690 | msg['Subject'] = title 691 | server.starttls() 692 | text = msg.as_string() 693 | server.login(email,password) 694 | server.sendmail(email, toaddr, text) 695 | print ('\n'+cyan.Color+'[●] Successfully sent! check the sent message in your email!') 696 | server.quit() 697 | --------------------------------------------------------------------------------