> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify.
from __init__ import header_injector , multi_payload
3
+
from __init__ import headerInjector , multiPayload
4
4
except:
5
-
from userefuzz import header_injector , multi_payload
5
+
from userefuzz import headerInjector , multiPayload
6
6
7
7
import colorama
8
8
import argparse
skipped 7 lines
16
16
# For Colouring on Windows based OS
17
17
colorama.init()
18
18
19
-
VERSION = '2.1.0'
19
+
VERSION = '2.2.0'
20
+
20
21
class bcolors:
21
22
HEADER = '\033[95m'
22
23
OKBLUE = '\033[94m'
skipped 28 lines
51
52
parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST")
52
53
parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY")
53
54
parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header")
parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT")
58
58
parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL')
59
59
parser.add_argument('-ch','--customheader', type=str,help=f'🔒_Custom Header for SQLI Injections (For Multiple Header seperate them with | )\t \t{bcolors.BOLD} {bcolors.OKBLUE} FOR ONE HEADER: -ch X-Auth FOR MULTIPLE HEADER: -ch "X-Auth|X-Test|Bearer|Custom_HEAD" {bcolors.ENDC}', default="NO_CUSTOM_HEADER")
60
60
parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5)
61
-
parser.add_argument('-i','--inject', type=str,help=f"""_Send your custom payload Or a file of payloads for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"')
61
+
parser.add_argument('-i','--inject', type=str,help=f"""_Send your custom payload Or a file of payloads for SQL Injection =>`replacesleepwith$UFZ$`\t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep($UFZ$)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep($UFZ$),0))XOR"')
print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}")
79
64
80
65
if args.customheader != 'NO_CUSTOM_HEADER':
81
66
print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE, args.customheader.replace('|',', '),bcolors.ENDC)
Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program