iViiRuS

The Mole sql al qassam edition

Jun 21st, 2014
340
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python3
  2. # -*- coding: utf-8 -*-
  3. # Sheikh
  4. # The mole v3
  5.  
  6.  
  7. from sys import exit
  8. import getopt, sys
  9. import builtins
  10. import codecs
  11. import signal
  12. import completion
  13.  
  14. import themole
  15. import commands
  16. from outputmanager import OutputManager
  17.  
  18. __version__ = '0.3'
  19.  
  20. def sigint_handler(x, y):
  21.     manager.mole.abort_query()
  22.  
  23. class Manager:
  24.     def __init__(self, opt_map):
  25.         threads = 4
  26.         if 'threads' in opt_map:
  27.             threads = int(opt_map['threads'])
  28.         self.mole = themole.TheMole(threads=threads)
  29.         self.completer = completion.CompletionManager(cmd_manager, self.mole)
  30.         if 'url' in opt_map:
  31.             try:
  32.                 vuln_param = opt_map['vuln_param'] if 'vuln_param' in opt_map else None
  33.                 cmd_manager.find('url').execute(self.mole, [opt_map['url'], vuln_param])
  34.             except commands.CommandException as ex:
  35.                 output_manager.error('Error while setting URL: {0}'.format(ex)).line_break()
  36.                 self.mole.abort_query()
  37.                 exit(1)
  38.         if 'needle' in opt_map:
  39.             cmd_manager.find('needle').execute(self.mole, [opt_map['needle']])
  40.         if 'encoding' in opt_map:
  41.             encoding = opt_map['encoding']
  42.             try:
  43.                 codecs.lookup(encoding)
  44.             except LookupError:
  45.                 output_manager.error('Encoding {0} does not exist.'.format(encoding)).line_break()
  46.                 self.mole.threader.stop()
  47.                 sys.exit(1)
  48.             self.mole.requester.encoding = encoding
  49.  
  50.     def start(self):
  51.         while True:
  52.             try:
  53.                 signal.signal(signal.SIGINT, signal.default_int_handler)
  54.                 try:
  55.                     #line = [i for i in input('#> ').strip().split(' ') if len(i) > 0]
  56.                     line = input('#> ')
  57.                 except KeyboardInterrupt:
  58.                     output_manager.line_break()
  59.                     continue
  60.  
  61.                 cmd_name = line.strip().split(' ')
  62.                 if len(cmd_name) > 0 and len(cmd_name[0]) > 0:
  63.                     cmd = cmd_manager.find(cmd_name[0])
  64.                     if cmd.requires_smart_parse():
  65.                         line = self.completer.smart_parse(line)
  66.                     else:
  67.                         line = self.completer.nice_split(line)
  68.                     signal.signal(signal.SIGINT, sigint_handler)
  69.                     cmd.execute(self.mole, line[1:] if len(line) > 1 else [])
  70.             except commands.CommandException as ex:
  71.                 output_manager.error(str(ex)).line_break()
  72.                 if ex.print_usage:
  73.                     output_manager.normal(' Usage: {0}'.format(cmd.usage(line[0]))).line_break()
  74.             except commands.CmdNotFoundException as ex:
  75.                 output_manager.error('Error: {0}'.format(ex)).line_break()
  76.             except commands.QuietCommandException:
  77.                 pass
  78.             except EOFError:
  79.                 output_manager.line_break()
  80.                 self.mole.abort_query()
  81.                 self.mole.threader.stop()
  82.                 exit(0)
  83.  
  84. def parse_options():
  85.     if '-h' in sys.argv:
  86.         help_()
  87.     options = 'u:n:p:e:t:'
  88.     try:
  89.         args, _ = getopt.getopt(sys.argv[1:], options)
  90.     except getopt.GetoptError as ex:
  91.         print('Invalid parameter({err}).'.format(err=str(ex)))
  92.         exit(1)
  93.     return args
  94.  
  95. def help_():
  96.     print(' Usage ' + sys.argv[0] + ' [PARAMS]\n')
  97.     print(' The mole v{0} - Automatic SQL Injection exploiter.'.format(__version__))
  98.     print(' Run The mole to begin an interactive session\n')
  99.     print(' Params can be:')
  100.     print('   -u URL: The url which contains a sqli vulnerability.')
  101.     print('   -n NEEDLE: The string which is printed on good queries.')
  102.     print('   -t THREADS: The amount of threads to run. Defaults to 4.')
  103.     print('   -e ENCODING: Use ENCODING to decode data retrieved from the server.')
  104.     print('   -p PARAM: Sets the GET vulnerable param(URL must be provided).')
  105.     exit(0)
  106.  
  107. info_string = \
  108. r"""  
  109.   |            
  110.  / \                                                            
  111. /   \                                              
  112. (_____)                                            
  113. |   | +___________________________________+      
  114. |   |     ____________________________    |              
  115. |   | |  |                            |   |                      
  116. |   | |  |                            |   |      
  117. |   | |  |                            | O |    
  118. |   | |  |                            | O |      
  119. |   | |  |____________________________|   |      
  120. |___|    _____________________________________                          
  121.     +--| \ [][][][][][][][][][][][][] [][][]  \
  122.           \ [][][][][][][][][][][][]  [][][]  \
  123.            \ __________________________________\
  124.              ____________________________________|
  125.  
  126. The Mole Sql Injector Al Qassam Edition.
  127.  
  128. Edited by Sheikh, Izz ad din al qassam brigades
  129. """
  130.  
  131. if __name__ == '__main__':
  132.     options = parse_options()
  133.     option_name_mapper = {
  134.         '-u' : 'url',
  135.         '-n' : 'needle',
  136.         '-t' : 'threads',
  137.         '-p' : 'vuln_param',
  138.         '-e' : 'encoding'
  139.     }
  140.     opt_map = {}
  141.     for i in options:
  142.         opt_map[option_name_mapper[i[0]]] = i[1]
  143.  
  144.     print(info_string)
  145.  
  146.     builtins.cmd_manager = commands.CommandManager()
  147.     builtins.manager = Manager(opt_map)
  148.     builtins.output_manager = OutputManager()
  149.     try:
  150.         manager.start()
  151.     except Exception as ex:
  152.         import traceback
  153.         traceback.print_exc(file=sys.stdout)
  154.         output_manager.error('Unexpected error encountered. Please report this bug :D').line_break()
  155.         manager.mole.threader.stop()
RAW Paste Data