Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted as Python by lal ( 14 years ago )
#-------------------------------------------------------------------------------
# Name: Vulnerability Evaluator
# Author: Dan
# Created: 04/06/2012
#-------------------------------------------------------------------------------
import urllib, urllib2, os, string, sys, time
from urllib2 import Request, URLError, HTTPError
from urlparse import urlparse
def print_banner():
print("# Vulnerability Evaluation")
print("# Programmed by Dan")
print("#")
print("#")
print("# - FEATURES")
print("# - Check different injection methods, including: ")
print("# - Union Based")
print("# - Error Based")
print("# - Blind Based")
print("# - XPath Based")
print("#")
print("# - Check to see if you need to use string based injection.")
print("# - Check to see if the is a present WAF.")
print("# - Check to see if magic_quotes_gpc is enabled.")
print("#")
print("# - Display a short scan report.")
print("# - HTTP error request handeling.")
print("#")
print("# - Usage")
print("# -h Help command.")
print("# -m Check all of the different injection methods.")
print("# -w Check to see if there is a WAF present.")
print("# -mg Check to see if magic_quotes_gpc is enabled.")
print("# -st Check to see if you need to use string based injection.")
print("# -a Do a full scan, and provide a mini report.")
print("# -c Check connection to site, if connection fails provide error response.")
print("# -e Exit the program.")
# Some variables for later use.
url = raw_input("Enter the url we are going to be working with: ")
# If http:// isn't in url, make it appear in url.
if "http://" not in url:
url = "http://" + url
# Check if the url doesn't contain a parameter to check.
def param_check(url):
if "=" not in url:
print("[-] You didn't provide a parameter to check.")
print("[-] EG: http://site.com/index.php?id=1")
print("[-] Where id=1 is the vulnerable parameter to scan for.")
sys.exit(1)
param_check(url)
# Check conneciton to site.
def check_site(url):
print "[+] Target: " + url.split("http://")[-1]
print "[+] Checking if we have a stable connection to the target."
try:
i = 0
while i < 8:
request = urllib2.urlopen(url)
time.sleep(0.25)
i = i+1
except HTTPError, e:
print "[-] A reliable connection could not be established to the target."
print "[-] The error code was: ", e.code
print ""
sys.exit()
except URLError, e:
print "[-] A reliable connection could not be established to the target."
print "[-] Reason: ", e.reason
print ""
sys.exit()
else:
print "[+] Great! We were able to connect to the target fine."
test_request.close()
def union_based():
sock = urllib.urlopen(url)
source1 = sock.read().lower()
def command():
uinput = raw_input("Enter your command(s): ")
return uinput
command()
if "-h" in command():
print_banner()
elif "-c" in command():
check_site(url)
Revise this Paste