iViiRuS

The Mole Sql injector script

Jun 20th, 2014
401
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python3
  2. # -*- coding: utf-8 -*-
  3. # This program is free software; you can redistribute it and/or modify
  4. # it under the terms of the GNU General Public License as published by
  5. # the Free Software Foundation; either version 3 of the License, or
  6. # (at your option) any later version.
  7. #
  8. # This program is distributed in the hope that it will be useful,
  9. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  11. # GNU General Public License for more details.
  12. #
  13. # You should have received a copy of the GNU General Public License
  14. # along with this program; if not, write to the Free Software
  15. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  16. # MA 02110-1301, USA.
  17. #
  18. # Developed by: Nasel(http://www.nasel.com.ar)
  19. #
  20. # Authors:
  21. # Matías Fontanini
  22. # Santiago Alessandri
  23. # Gastón Traberg
  24.  
  25.  
  26. from sys import exit
  27. import getopt, sys
  28. import builtins
  29. import codecs
  30. import signal
  31. import completion
  32.  
  33. import themole
  34. import commands
  35. from outputmanager import OutputManager
  36.  
  37. __version__ = '0.3'
  38.  
  39. def sigint_handler(x, y):
  40.     manager.mole.abort_query()
  41.  
  42. class Manager:
  43.     def __init__(self, opt_map):
  44.         threads = 4
  45.         if 'threads' in opt_map:
  46.             threads = int(opt_map['threads'])
  47.         self.mole = themole.TheMole(threads=threads)
  48.         self.completer = completion.CompletionManager(cmd_manager, self.mole)
  49.         if 'url' in opt_map:
  50.             try:
  51.                 vuln_param = opt_map['vuln_param'] if 'vuln_param' in opt_map else None
  52.                 cmd_manager.find('url').execute(self.mole, [opt_map['url'], vuln_param])
  53.             except commands.CommandException as ex:
  54.                 output_manager.error('Error while setting URL: {0}'.format(ex)).line_break()
  55.                 self.mole.abort_query()
  56.                 exit(1)
  57.         if 'needle' in opt_map:
  58.             cmd_manager.find('needle').execute(self.mole, [opt_map['needle']])
  59.         if 'encoding' in opt_map:
  60.             encoding = opt_map['encoding']
  61.             try:
  62.                 codecs.lookup(encoding)
  63.             except LookupError:
  64.                 output_manager.error('Encoding {0} does not exist.'.format(encoding)).line_break()
  65.                 self.mole.threader.stop()
  66.                 sys.exit(1)
  67.             self.mole.requester.encoding = encoding
  68.  
  69.     def start(self):
  70.         while True:
  71.             try:
  72.                 signal.signal(signal.SIGINT, signal.default_int_handler)
  73.                 try:
  74.                     #line = [i for i in input('#> ').strip().split(' ') if len(i) > 0]
  75.                     line = input('#> ')
  76.                 except KeyboardInterrupt:
  77.                     output_manager.line_break()
  78.                     continue
  79.  
  80.                 cmd_name = line.strip().split(' ')
  81.                 if len(cmd_name) > 0 and len(cmd_name[0]) > 0:
  82.                     cmd = cmd_manager.find(cmd_name[0])
  83.                     if cmd.requires_smart_parse():
  84.                         line = self.completer.smart_parse(line)
  85.                     else:
  86.                         line = self.completer.nice_split(line)
  87.                     signal.signal(signal.SIGINT, sigint_handler)
  88.                     cmd.execute(self.mole, line[1:] if len(line) > 1 else [])
  89.             except commands.CommandException as ex:
  90.                 output_manager.error(str(ex)).line_break()
  91.                 if ex.print_usage:
  92.                     output_manager.normal(' Usage: {0}'.format(cmd.usage(line[0]))).line_break()
  93.             except commands.CmdNotFoundException as ex:
  94.                 output_manager.error('Error: {0}'.format(ex)).line_break()
  95.             except commands.QuietCommandException:
  96.                 pass
  97.             except EOFError:
  98.                 output_manager.line_break()
  99.                 self.mole.abort_query()
  100.                 self.mole.threader.stop()
  101.                 exit(0)
  102.  
  103. def parse_options():
  104.     if '-h' in sys.argv:
  105.         help_()
  106.     options = 'u:n:p:e:t:'
  107.     try:
  108.         args, _ = getopt.getopt(sys.argv[1:], options)
  109.     except getopt.GetoptError as ex:
  110.         print('Invalid parameter({err}).'.format(err=str(ex)))
  111.         exit(1)
  112.     return args
  113.  
  114. def help_():
  115.     print(' Usage ' + sys.argv[0] + ' [PARAMS]\n')
  116.     print(' The mole v{0} - Automatic SQL Injection exploiter.'.format(__version__))
  117.     print(' Run The mole to begin an interactive session\n')
  118.     print(' Params can be:')
  119.     print('   -u URL: The url which contains a sqli vulnerability.')
  120.     print('   -n NEEDLE: The string which is printed on good queries.')
  121.     print('   -t THREADS: The amount of threads to run. Defaults to 4.')
  122.     print('   -e ENCODING: Use ENCODING to decode data retrieved from the server.')
  123.     print('   -p PARAM: Sets the GET vulnerable param(URL must be provided).')
  124.     exit(0)
  125.  
  126. info_string = \
  127. r"""                     _____ _           ___  ___      _
  128.                    |_   _| |          |  \/  |     | |
  129.                      | | | |__   ___  | .  . | ___ | | ___
  130.                      | | | '_ \ / _ \ | |\/| |/ _ \| |/ _ \
  131.                      | | | | | |  __/ | |  | | (_) | |  __/
  132.                      \_/ |_| |_|\___| \_|  |_/\___/|_|\___|
  133.  
  134. Developed by Nasel(http://www.nasel.com.ar).
  135. Published under GPLv3.
  136. Be efficient and have fun!
  137. """
  138.  
  139. if __name__ == '__main__':
  140.     options = parse_options()
  141.     option_name_mapper = {
  142.         '-u' : 'url',
  143.         '-n' : 'needle',
  144.         '-t' : 'threads',
  145.         '-p' : 'vuln_param',
  146.         '-e' : 'encoding'
  147.     }
  148.     opt_map = {}
  149.     for i in options:
  150.         opt_map[option_name_mapper[i[0]]] = i[1]
  151.  
  152.     print(info_string)
  153.  
  154.     builtins.cmd_manager = commands.CommandManager()
  155.     builtins.manager = Manager(opt_map)
  156.     builtins.output_manager = OutputManager()
  157.     try:
  158.         manager.start()
  159.     except Exception as ex:
  160.         import traceback
  161.         traceback.print_exc(file=sys.stdout)
  162.         output_manager.error('Unexpected error encountered. Please report this bug :D').line_break()
  163.         manager.mole.threader.stop()
RAW Paste Data