Öncelikle El-behram ve Kripton'un emeği geçmiştir. Python 2x sürümü ile tam 12 farklı kütüphane kullanıldı. İlk sürüm olduğundan kullanım kolaylığı pek iyi olmayabilir. İçindeki tüm toollar yerlidir.
[1] Ip ranger
[2] Mass SQL Resolver
[3] Mass Login Page Finder"
[4] Sql Scan List"
[5] MD5 Cracker"
[6] Simple Login Page Finder"
[1] Ip ranger
[2] Mass SQL Resolver
[3] Mass Login Page Finder"
[4] Sql Scan List"
[5] MD5 Cracker"
[6] Simple Login Page Finder"
Kod:
# -*- coding: UTF-8 -*-
import requests
import re
import urllib
from time import sleep
import os
import re
import socket
import subprocess
import sys
import datetime
import base64
import hashlib
red = "\033[91m"
green = "\033[93m"
default = "\033[0m"
def pagefind():
target = raw_input("Enter target url = ")
txt = raw_input("Enter txt folder = ")
directory = open(txt , 'r')
for i in directory:
fullurl = target.replace("\n","")+"/"+i
r = requests.get(fullurl)
if r.status_code == 200:
print "Admin page has been found"
print "-*-"* 40
print fullurl
print "_*_" * 60
else:
print "[-] couldn't found"
###############3
def crack(password,text):
password = raw_input("Enter MD5 = ")
text = raw_input("Enter text folder = ")
try:
start = datetime.datetime.now()
filesread = open(text , 'r').readlines()
if len(password) == 32 and filesread !="":
for i in filesread :
crackpass = i.replace("\n","")
cracking = hashlib.md5(crackpass).hexdigest()
if cracking == password :
print "Password has been cracked ... Well done !!"
print "------->> " + crackpass + "<<----------"
end = datetime.datetime.now()
print end - start
else:
print "Could not found ..."
else:
print "This hash is not type of md5 :( "
except IOError:
print "Problem"
sys.exit()
def listscan(): ################### liste sql
urls = raw_input("enter url folder: ")
openative = open(urls, 'r')
readlive = openative.readlines()
for i in readlive:
urltag = i + "'"
try:
r = requests.get(urltag, timeout=1)
if r.status_code == 200 and "SQL" in r.text:
print "Link can be exploitable ... [+]"
file2 =open('SQL.txt','a+')
file2.write(i.replace("\n", "") + '\n')
continue
else:
print "Couldn't connect ip error...[-]"
continue
except:
continue
def listadmin(): ################# mass admin
dork = raw_input("login pages dorks: ")
dorK = open(dork,'r').readlines()
sites = raw_input("enter sites: ")
sitE = open(sites,'r').readlines()
for site in sitE:
website = sitE.replace("\n","")
for dorks in dorK.replace("\n",""):
url = website + dorks
r = requests.get(url, timeout=5)
if r.status_code == 200:
print "found" + " " + url
files = open("loginpages.txt", 'a+')
else:
print "couldnt found"
continue
def iprange(): ######
print "IP Range Scanner"
print " "
ip = raw_input("enter 3 part of ip address = ")
maxrange=input("range = ")
int(maxrange)
for i in range(maxrange):
param = ip + "." + str(i)
response = os.system("ping -c 1 -w 1 " + param)
if response == 0:
print "[+] Founded an alive ip"
list_ip = open("ip.txt", 'a+')
list_ip.write(param + '\n')
list_ip.close()
else:
print "[-] Dead"
def sqlihunt(dork): ################3
dork= 'IP:'+dork+" php?id= "
start=0
end=200
sleep(3)
print "[info]Getting Websites From Bing ... "
while start<=end :
try:
con = urllib.urlretrieve('http://www.bing.com/search?q='+dork+"&first="+str(start))
conf = open(con[0])
readd=conf.read()
find=re.findall('<h2><a href="(.*?)"',readd)
start = start+10
#return find
except IOError:
print "[ERROR]network error "
print "[Info]reconnecting "
sleep(10)
print "[Info]retrying "
try :
for i in range(len(find)):
rez=find[i]+"'"
tst = urllib.urlretrieve(rez)
tstf = open(tst[0])
tstdd= tstf.read()
tstfind=re.findall('/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i|You have an error in your SQL syntax|Microsoft VBScript runtime error',tstdd)
if(tstfind):
print "[SLQi] : "+ rez
file2 =open('sql.txt','a+')
file2.write(rez + '\n')
file2.close()
else:
print "[No SQLi ] : " + rez
except IOError:
print "[ERROR]No result found"
############################################3
sleep(2)
while(True):
print default + "-*-*-*-*- MENU -*-*-*-*-*"
print "[1] Ip ranger "
print "[2] Mass SQL Resolver "
print "[3] Mass Login Page Finder"
print "[4] Sql Scan List"
print "[5] MD5 Cracker"
print "[6] Simple Login Page Finder"
print default + " "
funch = input("Select funch number :")
if funch == 1:
print "Ip ranger is starting.."
print "enter as ---->> ab.cde.xx"
print " "
print " "
iprange()
continue
elif funch == 2:
print "Mass sql tool is tarting ..."
dosya = open("ip.txt","r")
for satir in dosya:
sqlihunt(satir.strip())
print " ./done "
continue
elif funch ==3:
listadmin()
continue
elif funch == 4:
listscan()
continue
elif funch ==5:
crack(password,text)
continue
elif funch ==6:
pagefind()
continue