Welcome, guest! Login / Register - Why register?
Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)

Paste

Pasted as Python by lal ( 14 years ago )
#-------------------------------------------------------------------------------
# Name:        Vulnerability Evaluator
# Author:      Dan
# Created:     04/06/2012
#-------------------------------------------------------------------------------

import urllib, urllib2, os, string, sys, time
from urllib2 import Request, URLError,  HTTPError
from urlparse import urlparse

def print_banner():
    print("# Vulnerability Evaluation")
    print("# Programmed by Dan")
    print("#")
    print("#")
    print("# - FEATURES")
    print("# - Check different injection methods, including: ")
    print("# - Union Based")
    print("# - Error Based")
    print("# - Blind Based")
    print("# - XPath Based")
    print("#")
    print("# - Check to see if you need to use string based injection.")
    print("# - Check to see if the is a present WAF.")
    print("# - Check to see if magic_quotes_gpc is enabled.")
    print("#")
    print("# - Display a short scan report.")
    print("# - HTTP error request handeling.")
    print("#")
    print("# - Usage")
    print("# -h  Help command.")
    print("# -m  Check all of the different injection methods.")
    print("# -w  Check to see if there is a WAF present.")
    print("# -mg Check to see if magic_quotes_gpc is enabled.")
    print("# -st Check to see if you need to use string based injection.")
    print("# -a  Do a full scan, and provide a mini report.")
    print("# -c  Check connection to site, if connection fails provide error response.")
    print("# -e  Exit the program.")

# Some variables for later use.
url = raw_input("Enter the url we are going to be working with: ")


# If http:// isn't in url, make it appear in url.
if "http://" not in url:
    url = "http://" + url

# Check if the url doesn't contain a parameter to check.
def param_check(url):
    if "=" not in url:
        print("[-] You didn't provide a parameter to check.")
        print("[-] EG: http://site.com/index.php?id=1")
        print("[-] Where id=1 is the vulnerable parameter to scan for.")
        sys.exit(1)

param_check(url)

# Check conneciton to site.
def check_site(url):
 print "[+] Target: " + url.split("http://")[-1]
 print "[+] Checking if we have a stable connection to the target."
 try:
            i = 0
            while i < 8:
                request = urllib2.urlopen(url)
            time.sleep(0.25)
            i = i+1
 except HTTPError,  e:
  print "[-] A reliable connection could not be established to the target."
  print "[-] The error code was: ",  e.code
  print ""
  sys.exit()
 except URLError,  e:
  print "[-] A reliable connection could not be established to the target."
  print "[-] Reason: ",  e.reason
  print ""
  sys.exit()
 else:
  print "[+] Great! We were able to connect to the target fine."
        test_request.close()


def union_based():
    sock = urllib.urlopen(url)
    source1 = sock.read().lower()



def command():
    uinput = raw_input("Enter your command(s): ")
    return uinput

command()

if "-h" in command():
    print_banner()
elif "-c" in command():
    check_site(url)

 

Revise this Paste

Your Name: Code Language: