crash.software
Projects
Pull Requests
Issues
Builds
userefuzz
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY userefuzz Commits 6bc5c3db
🤬
  • ■ ■ ■ ■ ■
    README.md
    1 1  <p align="center">
    2  -<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/userefuzz_icon.png">
     2 +<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/ufz_banner_may_23.png">
    3 3  </p>
    4 4  <h1 align="center">
    5 5   
    6 6  [![PYPI](https://img.shields.io/badge/PYPI-UseReFuzz-orange)](https://pypi.org/project/userefuzz/)
    7 7  [![MIT](https://img.shields.io/github/license/root-tanishq/userefuzz)](https://github.com/root-tanishq/userefuzz/blob/main/LICENSE)
    8  -[![Version](https://img.shields.io/badge/Latest--Version-2.1.0-brightgreen)](#)
     8 +[![Version](https://img.shields.io/badge/Latest--Version-2.2.0-brightgreen)](#)
    9 9  [![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/root_tanishq.svg?style=social&label=Follow%20%40root_tanishq)](https://twitter.com/root_tanishq) <br />
    10 10  [![Youtube](https://img.shields.io/youtube/channel/subscribers/UC0HLRnmOx3x_hsAGAdG9VaQ?style=social)](https://www.youtube.com/@boyfromfuture69)
    11 11  [![Github](https://img.shields.io/github/stars/root-tanishq/userefuzz?style=social)](https://github.com/root-tanishq/userefuzz/stargazers)
    skipped 114 lines
    126 126  </p>
    127 127   
    128 128  ### Custom payload with custom sleep
     129 + 
     130 +> Replace `sleep time` with `$UFZ$` variable for double verification of userefuzz
     131 + 
    129 132  ```sh
    130 133  $ userefuzz <LIST/URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>
    131 134  ```
    132  -<p align="center">
    133  -<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject.png">
    134  -<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_pinject2.png">
    135  -</p>
    136 135   
    137 136  ### Multi payload with custom sleep
     137 + 
     138 +> Replace `sleep time` with `$UFZ$` variable for double verification of userefuzz
     139 + 
    138 140  ```sh
    139 141  $ userefuzz <LIST/URL> -i <SQLI PAYLOAD FILE> -s <SLEEP COUNT IN THE PAYLOAD>
    140 142  ```
    141  -<p align="center">
    142  -<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_finject.png">
    143  -</p>
    144 143   
    145 144  ### Custom header injection
    146 145  ```sh
    skipped 34 lines
    181 180  <p align="center">
    182 181  <img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/u_2.1_out_md.png">
    183 182  </p>
    184  -<table>
    185  -<tr>
    186  -<td>
    187  -<h2 align="center">
    188  - 
    189  -## Telify Notifications
    190  -</h2>
    191  - 
    192  -> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify.
    193  - 
    194  -```sh
    195  -$ userefuzz <LIST / URL> -t
    196  -```
    197  - 
    198  -</td>
    199  -</tr>
    200  -</table>
    201 183   
  • ■ ■ ■ ■
    setup.py
    skipped 5 lines
    6 6   
    7 7  setup(
    8 8   name='userefuzz',
    9  - version='2.1.0',
     9 + version='2.2.0',
    10 10   long_description=readme(),
    11 11   long_description_content_type="text/markdown",
    12 12   description='User-Agent and Referer Header SQLI Fuzzer',
    skipped 15 lines
  • ■ ■ ■ ■ ■ ■
    userefuzz/__init__.py
    1 1  # UseReFuzz Modules for Python
    2  -# No Documentations will be provided as the modules are only created for UseReFuzz tool only
    3 2  # Author = Tanishq Rathore
    4  -# Version = 2.1.0
    5 3  import colorama
    6 4  import requests
    7 5  import urllib3
    8 6  import os
     7 +import re
    9 8   
    10 9   
    11  -def header_injector(url,custom_header,injection_payload,userefuzz_message,http_proxy,output,telify_APITOKEN,telify_CHATID,is_telify,verbose,sleep_time):
    12  - # For Colouring in Windows and other OS
     10 +def headerInjector(url,customHeader,injectionPayload,ufzMessage,httpProxy,output,verbose,sleepTime,alreadyVuln):
     11 + # Disable SSL Warnings
     12 + urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
     13 + 
     14 + # For coloring in other OS also
    13 15   colorama.init()
    14  - # Use the following name if you dont want to run the following part of the function
    15  - # custom_header = 'NO_CUSTOM_HEADER'
    16  - # http_proxy = 'NO_PROXY'
     16 +
     17 + # customHeader = 'NO_CUSTOM_HEADER'
     18 + # httpProxy = 'NO_PROXY'
    17 19   # output = 'NO_OUTPUT'
    18  - # Colour Codes
     20 + 
     21 + # Color codes
    19 22   HEADER = '\033[95m'
    20 23   OKBLUE = '\033[94m'
    21 24   OKCYAN = '\033[96m'
    skipped 5 lines
    27 30   UNDERLINE = '\033[4m'
    28 31   SLANT = '\x1B[3m'
    29 32   
    30  - # Disable SSL Warnings
    31  - urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
     33 + # Already Vulnerable URL check
     34 + if url in alreadyVuln:
     35 + return None
    32 36   
    33  - # X-Auth|Bearer|X-Forward-For
    34  - if custom_header != 'NO_CUSTOM_HEADER':
    35  - headlist = custom_header.split('|')
     37 + # Injection payload configuration
     38 + if len(re.findall(r'\$UFZ\$' , injectionPayload)) >= 1:
     39 + iPayload = injectionPayload.replace("$UFZ$" , str(sleepTime))
     40 + iPayload2 = injectionPayload.replace("$UFZ$" , str(21)) # 21 sleep to verify properly
     41 + else:
     42 + print(f"😺{WARNING}_SQLI Payload not in correct format {bcolors.ENDC}{bcolors.BOLD}# userefuzz --help {ENDC}")
     43 + exit(0)
     44 + 
     45 + # Custom header verification
     46 + # X-Auth|Authorization|X-Forwarded-For
     47 + if customHeader != 'NO_CUSTOM_HEADER':
     48 + headList = customHeader.split('|')
    36 49   header = {}
    37  - for head in headlist:
    38  - header[head] = injection_payload
    39  -
    40  - header['UseReFuzz'] = userefuzz_message
     50 + header2 = {}
     51 + for head in headList:
     52 + header[head] = iPayload
     53 + header2[head] = iPayload2
    41 54   else:
    42  - header = {'User-Agent':injection_payload , 'Referer': injection_payload , 'X-Forwarded-For': injection_payload , 'UseReFuzz': userefuzz_message}
     55 + header = {'User-Agent':iPayload , 'Referer': iPayload , 'X-Forwarded-For': iPayload , 'UseReFuzz': ufzMessage}
     56 + header2 = {'User-Agent':iPayload2 , 'Referer': iPayload2 , 'X-Forwarded-For': iPayload2 , 'UseReFuzz': ufzMessage}
     57 + 
     58 + 
     59 + # Proxy configuration for sending request
     60 + proxy = {'http' : httpProxy , 'https': httpProxy}
    43 61  
    44  - proxy = {'http' : http_proxy , 'https': http_proxy}
     62 + # First checking request
    45 63   sess = requests.Session()
    46  - resp = sess.get(url, headers=header , verify=False)
    47  - resp_time = resp.elapsed.total_seconds()
     64 + resp1 = sess.get(url, headers=header , verify=False)
     65 + resp1Time = resp1.elapsed.total_seconds()
     66 + 
     67 + # Main Verification
    48 68   try:
    49  - if resp_time >= sleep_time-1:
    50  - if http_proxy != 'NO_PROXY':
    51  - try:
    52  - sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001)
    53  - except:
    54  - pass
    55  - print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
    56  - print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] (↑) PAYLOAD => {ENDC}', injection_payload)
    57  - else:
    58  - print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
    59  - print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{OKGREEN} ] (↑) PAYLOAD => {ENDC}', injection_payload)
     69 + if resp1Time >= sleepTime and resp1Time <= sleepTime+4: # the 4 is for verification purpose
     70 + # Secondary verification
     71 + resp2 = sess.get(url, headers=header2 , verify=False)
     72 + resp2Time = resp2.elapsed.total_seconds()
     73 + if resp2Time >= 21 and resp2Time <= 21+4: # the 4 is for verification purpose
     74 + alreadyVuln.append(url)
     75 + if httpProxy != 'NO_PROXY': # proxy for sending request to burp or ZAP
     76 + try:
     77 + sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001)
     78 + except:
     79 + pass
     80 + print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
     81 + print(f'{OKGREEN}{BOLD}[💉P{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{OKGREEN} ] (↑) Payload => {ENDC}', iPayload)
     82 + print()
     83 + else:
     84 + print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{OKGREEN} ] URL => {ENDC}', url)
     85 + print(f'{OKGREEN}{BOLD}[💉💉{ENDC}{OKGREEN}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{OKGREEN} ] (↑) Payload => {ENDC}', iPayload)
     86 + print()
    60 87   
    61  - if output != 'NO_OUTPUT':
    62  - fileappend = open(output + ".md" , "a")
    63  - fileappend.write(f'| {resp_time} | "{url}" | ��True | "{injection_payload}"\n')
    64  - fileappend.flush()
    65  - fileappend.close()
     88 + if output != 'NO_OUTPUT':
     89 + fileappend = open(output + ".md" , "a")
     90 + fileappend.write(f'| {resp1Time} | "{url}" | ��true | "{iPayload}"\n')
     91 + fileappend.flush()
     92 + fileappend.close()
     93 + else:
     94 + if verbose:
     95 + print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
     96 + print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] (↑) Payload => {ENDC}', iPayload)
     97 + print()
    66 98   
    67  - if is_telify == 'TELIFY_UP':
    68  - telifyurl = f'https://api.telegram.org/bot{telify_APITOKEN}/sendMessage'
    69  - requests.post(telifyurl, json={'chat_id': telify_CHATID, 'text': f'[💎] (USEREFUZZ)⛓️URL(💻)⛓️ {url} ⛓️RESPONSE TIME(⏲️)⛓️ {resp_time} ⛓️PAYLOAD(🔫)⛓️ {injection_payload}'})
     99 + if output != 'NO_OUTPUT':
     100 + fileappend = open(output + ".md" , "a")
     101 + fileappend.write(f'| {resp1Time} | "{url}" | false | "{iPayload}"\n')
     102 + fileappend.flush()
     103 + fileappend.close()
    70 104   
    71 105   else:
    72 106   if verbose:
    73  - print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
    74  - print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] (↑) PAYLOAD => {ENDC}', injection_payload)
     107 + print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
     108 + print(f'{FAIL}{BOLD}[{ENDC}NV{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] (↑) Payload => {ENDC}', iPayload)
     109 + print()
    75 110   
    76 111   if output != 'NO_OUTPUT':
    77 112   fileappend = open(output + ".md" , "a")
    78  - fileappend.write(f'| {resp_time} | "{url}" | False | "{injection_payload}"\n')
     113 + fileappend.write(f'| {resp1Time} | "{url}" | false | "{iPayload}"\n')
    79 114   fileappend.flush()
    80 115   fileappend.close()
    81 116   except:
    82 117   if verbose:
    83  - print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
    84  - print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp_time)[:4]}{BOLD}{FAIL} ] (↑) PAYLOAD => {ENDC}', injection_payload)
     118 + print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] URL => {ENDC}', url)
     119 + print(f'{FAIL}{BOLD}[{ENDC}ER{ENDC}{FAIL}{BOLD}] \t[ {ENDC}{str(resp1Time)[:4]}{BOLD}{FAIL} ] (↑) Payload => {ENDC}', iPayload)
     120 + print()
    85 121   
    86 122   if output != 'NO_OUTPUT':
    87 123   fileappend = open(output + ".md" , "a")
    88  - fileappend.write(f'| {resp_time} | "{url}" | ERROR | "{injection_payload}"\n')
     124 + fileappend.write(f'| {resp1Time} | "{url}" | error | "{iPayload}"\n')
    89 125   fileappend.flush()
    90 126   fileappend.close()
    91 127   
    92  -def multi_payload(url_mp,custom_header_mp,injection_payload_mp,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp):
    93  - if os.path.exists(injection_payload_mp):
    94  - payload_file_mp = open(injection_payload_mp, 'r')
    95  - for payload_file_mp_lines in payload_file_mp.readlines():
    96  - inject_end = payload_file_mp_lines.replace('\n','')
    97  - header_injector(url_mp,custom_header_mp,inject_end,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp)
     128 + 
     129 +def multiPayload(urlMp,customHeaderMp,injectionPayloadMp,userefuzzMessageMp,httpProxyMp,outputMp,verboseMp,sleepTimeMp,alreadyVulnMp):
     130 + if os.path.exists(injectionPayloadMp):
     131 + payloadFileMp = open(injectionPayloadMp, 'r')
     132 + for payloadFileMpLines in payloadFileMp.readlines():
     133 + injectEnd = payloadFileMpLines.replace('\n','')
     134 + headerInjector(urlMp,customHeaderMp,injectEnd,userefuzzMessageMp,httpProxyMp,outputMp,verboseMp,sleepTimeMp,alreadyVulnMp)
    98 135   else:
    99  - inject_end = injection_payload_mp
    100  - header_injector(url_mp,custom_header_mp,inject_end,userefuzz_message_mp,http_proxy_mp,output_mp,telify_APITOKEN_mp,telify_CHATID_mp,is_telify_mp,verbose_mp,sleep_time_mp)
     136 + injectEnd = injectionPayloadMp
     137 + headerInjector(urlMp,customHeaderMp,injectEnd,userefuzzMessageMp,httpProxyMp,outputMp,verboseMp,sleepTimeMp,alreadyVulnMp)
    101 138   
  • ■ ■ ■ ■ ■ ■
    userefuzz/__main__.py
    1 1  #!/usr/bin/env python3
    2 2  try:
    3  - from __init__ import header_injector , multi_payload
     3 + from __init__ import headerInjector , multiPayload
    4 4  except:
    5  - from userefuzz import header_injector , multi_payload
     5 + from userefuzz import headerInjector , multiPayload
    6 6   
    7 7  import colorama
    8 8  import argparse
    skipped 7 lines
    16 16  # For Colouring on Windows based OS
    17 17  colorama.init()
    18 18   
    19  -VERSION = '2.1.0'
     19 +VERSION = '2.2.0'
     20 + 
    20 21  class bcolors:
    21 22   HEADER = '\033[95m'
    22 23   OKBLUE = '\033[94m'
    skipped 28 lines
    51 52  parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST")
    52 53  parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY")
    53 54  parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header")
    54  -parser.add_argument('-s','--sleep', type=int,help=f'��_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10)
     55 +parser.add_argument('-s','--sleep', type=int,help=f'��_How much sleep you want to use with custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10)
    55 56  parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False)
    56  -parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False)
    57 57  parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT")
    58 58  parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL')
    59 59  parser.add_argument('-ch','--customheader', type=str,help=f'🔒_Custom Header for SQLI Injections (For Multiple Header seperate them with | )\t \t{bcolors.BOLD} {bcolors.OKBLUE} FOR ONE HEADER: -ch X-Auth FOR MULTIPLE HEADER: -ch "X-Auth|X-Test|Bearer|Custom_HEAD" {bcolors.ENDC}', default="NO_CUSTOM_HEADER")
    60 60  parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5)
    61  -parser.add_argument('-i','--inject', type=str,help=f"""��_Send your custom payload Or a file of payloads for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"')
     61 +parser.add_argument('-i','--inject', type=str,help=f"""��_Send your custom payload Or a file of payloads for SQL Injection => `replace sleep with $UFZ$` \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep($UFZ$)+'" -i sqli_payloads.txt{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep($UFZ$),0))XOR"')
    62 62  args = parser.parse_args()
    63 63   
    64  -# Telify
    65  -CHAT_ID = ''
    66  -API_TOKEN = ''
    67  -is_telify_main = 'TELIFY_DOWN'
    68  -if args.telify:
    69  - try:
    70  - config = configparser.ConfigParser()
    71  - config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini'))
    72  - CHAT_ID = config['TELIFY']['CHATID']
    73  - API_TOKEN = config['TELIFY']['APITOKEN']
    74  - telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
    75  - requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'})
    76  - is_telify_main = 'TELIFY_UP'
    77  - except:
    78  - print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}")
    79 64   
    80 65  if args.customheader != 'NO_CUSTOM_HEADER':
    81 66   print(f'{bcolors.BOLD}{bcolors.OKGREEN}[{bcolors.ENDC}##{bcolors.BOLD}{bcolors.OKGREEN}]{bcolors.ENDC}',' Headers which UseReFuzz using for injection',bcolors.BOLD,bcolors.OKBLUE, args.customheader.replace('|',', '),bcolors.ENDC)
    skipped 13 lines
    95 80   file.write(f"""
    96 81  # UseReFuzz HEADER SQLI INJECTION REPORT
    97 82   
    98  -## Author - Tanishq Rathore (Kun)
    99  -## Github - https://github.com/root-tanishq/userefuzz
    100  -## Twitter - https://twitter.com/root_tanishq
    101  - 
    102 83  > UseReFuzz runned on `{datetime.datetime.now()}`
    103  - 
    104  -## Legality
    105  - 
    106  -```
    107  -Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
    108  -```
    109 84   
    110 85  - Headers `{output_ch}`
    111 86   
    skipped 6 lines
    118 93   file.close()
    119 94   
    120 95  def main():
     96 + # Already vuln check
     97 + alreadyVuln = []
     98 + 
     99 + # Parsing
    121 100   if args.url != "NO_URL":
    122  - multi_payload(args.url,args.customheader,args.inject,args.message,args.proxy,args.output,API_TOKEN,CHAT_ID,is_telify_main,args.verbose,args.sleep)
     101 + multiPayload(args.url,args.customheader,args.inject,args.message,args.proxy,args.output,args.verbose,args.sleep,alreadyVuln)
    123 102   elif args.list != "NO_LIST":
    124 103   try:
    125  - urllist = filter(None , open(args.list,'r').read().split("\n"))
     104 + urlList = filter(None , open(args.list,'r').read().split("\n"))
    126 105   with mp.Pool(args.workers) as worker:
    127  - multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep)
    128  - worker.map(multi_fuzz , urllist)
     106 + multiFuzz = partial(multiPayload, customHeaderMp=args.customheader,injectionPayloadMp=args.inject,userefuzzMessageMp=args.message,httpProxyMp=args.proxy,outputMp=args.output,verboseMp=args.verbose,sleepTimeMp=args.sleep,alreadyVulnMp=alreadyVuln)
     107 + worker.map(multiFuzz , urlList)
    129 108   except KeyboardInterrupt:
    130 109   exit(0)
    131 110   except:
    skipped 3 lines
    135 114   print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}')
    136 115   elif not sys.stdin.isatty():
    137 116   try:
    138  - urlfile = []
     117 + urlFile = []
    139 118   for line in sys.stdin:
    140 119   try:
    141  - urlfile.append(line.split()[0])
     120 + urlFile.append(line.split()[0])
    142 121   except:
    143 122   pass
    144 123   with mp.Pool(args.workers) as worker:
    145  - multi_fuzz = partial(multi_payload, custom_header_mp=args.customheader,injection_payload_mp=args.inject,userefuzz_message_mp=args.message,http_proxy_mp=args.proxy,output_mp=args.output,telify_APITOKEN_mp=API_TOKEN,telify_CHATID_mp=CHAT_ID,is_telify_mp=is_telify_main,verbose_mp=args.verbose,sleep_time_mp=args.sleep)
    146  - worker.map(multi_fuzz , urlfile)
     124 + multiFuzz = partial(multiPayload, customHeaderMp=args.customheader,injectionPayloadMp=args.inject,userefuzzMessageMp=args.message,httpProxyMp=args.proxy,outputMp=args.output,verboseMp=args.verbose,sleepTimeMp=args.sleep,alreadyVulnMp=alreadyVuln)
     125 + worker.map(multiFuzz , urlFile)
    147 126   except KeyboardInterrupt:
    148 127   exit(0)
    149 128   except:
    skipped 3 lines
    153 132   
    154 133  if __name__ == '__main__':
    155 134   main()
     135 + 
Please wait...
Page is in error, reload to recover