| 30 | print('') |
| 31 | |
| 32 | def active_scan(): |
| 33 | |
| 34 | new_url = base_url |
| 35 | |
| 36 | # Open Redirect 1 ###################################################################################### |
| 37 | try: |
| 38 | redirect_exploit = urllib.parse.quote("google.com") |
| 39 | |
| 40 | if (verbose == "y"): |
| 41 | print(COLOR2 + "[i] Trying Payload: " + str(redirect_exploit) + RESET) |
| 42 | |
| 43 | redirect_url = new_url.replace("INJECTX", redirect_exploit) |
| 44 | http_request = urllib.request.urlopen(redirect_url) |
| 45 | http_response = str(http_request.read()) |
| 46 | http_length = len(http_response) |
| 47 | http_status = http_request.getcode() |
| 48 | http_length_diff = str(http_length_base - http_length) |
| 49 | |
| 50 | if (verbose == "y"): |
| 51 | print(COLOR2 + "[i] New URL: " + redirect_url + " [" + OKRED + str(http_status) + COLOR2 + "]" + " [" + COLOR3 + str(http_length) + COLOR2 + "]" + " [" + COLOR1 + http_length_diff + COLOR2 + "]" + RESET) |
| 52 | |
| 53 | if "<title>Google</title>" in http_response: |
| 54 | print(OKRED + "[+] Open Redirect Found! " + RESET) |
| 55 | print(OKRED + "[+] Vulnerable URL: " + redirect_url + RESET) |
| 56 | print(OKGREEN + "[c] Exploit Command: curl -s -I '" + redirect_url + "' | egrep location --color=auto") |
| 57 | |
| 58 | except: |
| 59 | pass |
| 60 | |
| 61 | # Open Redirect 2 ###################################################################################### |
| 62 | try: |
| 63 | redirect_exploit = urllib.parse.quote("//google.com") |
| 64 | |
| 65 | if (verbose == "y"): |
| 66 | print(COLOR2 + "[i] Trying Payload: " + str(redirect_exploit) + RESET) |
| 67 | |
| 68 | redirect_url = new_url.replace("INJECTX", redirect_exploit) |
| 69 | http_request = urllib.request.urlopen(redirect_url) |
| 70 | http_response = str(http_request.read()) |
| 71 | http_length = len(http_response) |
| 72 | http_status = http_request.getcode() |
| 73 | http_length_diff = str(http_length_base - http_length) |
| 74 | |
| 75 | if (verbose == "y"): |
| 76 | print(COLOR2 + "[i] New URL: " + redirect_url + " [" + OKRED + str(http_status) + COLOR2 + "]" + " [" + COLOR3 + str(http_length) + COLOR2 + "]" + " [" + COLOR1 + http_length_diff + COLOR2 + "]" + RESET) |
| 77 | |
| 78 | if "<title>Google</title>" in http_response: |
| 79 | print(OKRED + "[+] Open Redirect Found! " + RESET) |
| 80 | print(OKRED + "[+] Vulnerable URL: " + redirect_url + RESET) |
| 81 | print(OKGREEN + "[c] Exploit Command: curl -s -I '" + redirect_url + "' | egrep location --color=auto") |
| 82 | |
| 83 | except: |
| 84 | pass |
| 85 | |
| 86 | # Open Redirect 3 ###################################################################################### |
| 87 | try: |
| 88 | redirect_exploit = urllib.parse.quote("https://google.com") |
| 89 | |