First release, version 1.0

Author: Perkins

.idea/workspace.xml

@@ -0,0 +1,24 @@
+```
+Copyright 2016 Ekultek (Thomas Perkins)
+```
+```
+Permission is hereby granted, free of charge, to any person 
+obtaining a copy of this software and associated documentation 
+files (the "Software"), to deal in the Software without restriction, 
+including without limitation the rights to use, copy, modify, merge, 
+publish, distribute, sublicense, and/or sell copies of the Software, 
+and to permit persons to whom the Software is furnished to do so, 
+subject to the following conditions:
+```
+```
+The above copyright notice and this permission notice shall be 
+included in all copies or substantial portions of the Software.
+```
+```
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES 
+OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.```

DOCS/license.md

@@ -1,2 +1,43 @@
 #PyBelt
 ####The hackers tool belt
+
+PyBelt is a open source, hackers multi-tool much like a Gerber, it can be used for multiple purposes. No it does not come with a screw driver. but it does come with a port scanner! No it does not come with a knife, but it does come with a SQLi error based scanner! No it does not come with a can opener, it does however, come with a Dork Checker!
+Why use PyBelt? Well for one, it's written in Python, everybody likes Python. For two, you have multiple tools now at your finger tips, SQLi scanning, Dork checking, and port scanning all available in a free range quick motion with simple flags. 
+
+##ScreenShots
+SQL Injection scanning made easy, just provide a URL and watch it work
+![alt text](http://imgur.com/fPqz3In)
+
+Dork checker, have some Dorks you're not sure of? Go ahead and run the Dork check with the Dork as an argument, it will pull 100 URLs and give you success rate for the Dork
+![alt text](http://imgur.com/a/gwHb4)
+
+Simple port scanning, provide a host to scan and find the open ports to forward too
+![alt text](http://imgur.com/Otr8e3o)
+
+##Usage
+
+###Installation
+You can either clone the repository 
+`git clone https://github.com/ekultek/pybelt.git`
+or download the latest release as a zip/tar ball [here](https://github.com/ekultek/pybelt.git)
+
+
+Once you have the program installed cd into the directory and run the following command:
+`pip install -r requirements.txt`
+This will install all of the programs needed libraries and should be able to be run from there.
+ 
+###Functionality
+`python pybelt.py -p 127.0.0.1` Will run a port scan on your local host
+
+`python pybelt.py -s http://example.com/php?id=2` Will run a SQLi scan on the given URL
+
+`python pybelt.py -d idea?id=55` Will run a Dork check on the given Google Dork
+
+##Misc info you probably don't care about
+
+###License
+This program is licensed under the MIT license, you can the license in the DOCS folder
+
+###Current version
+This program is currently in version 1.0, first release, this will be updated as the program grows
+

README.md

@@ -3,6 +3,7 @@
 from settings import RESERVED_PORTS
 from settings import BANNER
 from settings import RANDOM_COMMON_COLUMN
+from settings import LONG_LEGAL_DISCLAIMER
 from settings import GOOGLE_TEMP_BLOCK_ERROR_MESSAGE
 from settings import SQLI_ERROR_REGEX
 from settings import SYNTAX_REGEX

lib/core/__init__.py

@@ -0,0 +1,97 @@
+http://www.bible-history.com/subcat.php?id=2
+http://www.vancouversupermoto.com/page.php?id=2
+http://www.putridflowers.com/music.php?id=2
+http://www.a-k-a.net/prod_detail.php?id=2
+http://www.vacationet.com/resort.php?id=2
+http://www.gov.ai/ministry.php?id=2
+http://www.dipintoguitars.com/product.php?id=2
+http://www.redseahotels.com/index.php?id=2
+http://www.jamestrussart.com/models_detail.php?id=2
+https://convivea.com/download.php?id=2
+http://www.scrivenerpublishing.com/journals.php?id=2
+http://www.ukipme.com/engineoftheyear/results.php?id=2
+http://www.mvvainc.com/project.php?id=2
+http://bmxmuseum.com/forums/viewforum.php?id=2
+http://bram.smartelectronix.com/plugins.php?id=2
+http://www.foxsister.com/index.php?id=2
+http://www.behavior.org/interest.php?id=2
+https://trainingcentre.unwomen.org/enrol/index.php?id=2
+http://x3t-infinity.com/Home.php?ID=2
+http://friendship-bracelets.net/tutorial.php?id=2
+http://www.rmco-inc.com/index.php?id=2
+http://www.genoma.com/product_page.php?id=2
+https://toxtown.nlm.nih.gov/text_version/locations.php?id=2
+http://traildays.us/index.php?id=2
+https://steamrep.com/group.php?id=2
+http://www.tidytowns.ie/interior.php?id=2
+http://vlab.co.in/ba_labs_all.php?id=2
+http://cleanoceanaction.org/index.php?id=2
+http://www.dancewebeurope.net/index.php?id=2
+http://www.floconsolutions.com/sub_page.php?id=2
+http://www.lakedirectory.net/page.php?id=2
+http://www.warrenk12nc.org/schools.php?id=2
+http://www.kyygames.com/games.php?id=2
+https://www.stopforumspam.com/forum/viewforum.php?id=2
+http://www.fjsoft.at/download.php?id=2
+http://www.techbridgegirls.org/index.php?id=2
+https://mahara.org/interaction/forum/view.php?id=2
+http://www.hrpub.org/journals/jour_archive.php?id=2
+https://mooc.campusvirtualsp.org/course/view.php?id=2
+http://www.vf-venieri.com/prodotto.php?id=2
+http://www.poupartsbakery.com/index.php?id=2
+http://smartmove.safetyline.wa.gov.au/course/view.php?id=2
+https://www.indiacgny.org/pages.php?id=2
+http://www.ventrilo.com/dlprod.php?id=2
+http://www.innofader.com/products.php?id=2
+https://support.steampowered.com/kb_cat.php?id=2
+http://theatre99.com/showdetail.php?id=2
+http://www.transitionyear.org/about.php?id=2
+http://ankn.uaf.edu/Resources/course/view.php?id=2
+http://dropbox.0pk.ru/viewtopic.php?id=2
+http://www.nysd.uscourts.gov/jury_handbook.php?id=2
+http://www.venusenvycomic.com/index.php?id=2
+https://primes.utm.edu/top20/page.php?id=2
+http://futuresinengineering.org/what.php?id=2
+http://immigration.go.tz/module1.php?id=2
+http://www.justiceforsergei.com/video.php?id=2
+http://www.richardsandoval.com/masa14/promo.php?id=2
+http://doyougotinsurance.com/index.php?id=2
+http://www.inquiryinaction.org/classroomactivities/activity.php?id=2
+https://peacenow.org/entry.php?id=21717
+http://zeogames.net/main/game.php?id=2
+https://boinc.berkeley.edu/dev/forum_forum.php?id=2
+http://animetamago.jp/title.php?id=2
+http://www.cathouseonthekings.com/video/webcam.php?id=2
+http://www.montbell.us/stores/disp.php?id=2
+http://blind.msstate.edu/research/projects/project.php?id=2
+http://www.etceteratheatre.com/index.php?id=2
+http://www.etceteratheatre.com/details.php?show_id=2410
+http://www.leonardo-academy.org/totara/program/details.php?id=2
+http://crosscountyar.org/page.php?id=2
+http://senseable.mit.edu/trashtrack/visualizations.php?id=2
+http://dvaction.northwestern.edu/parentdetail.php?id=2
+https://ride2recovery.com/page.php?ID=2
+http://www.uncrcpc.org/index.php?id=2
+http://www.phparchitecture.com/howto_show.php?id=2
+http://www.rumbalotte-continua.de/menuepunkte_inhalt.php?id=2
+https://www.meted.ucar.edu/training_course.php?id=2
+http://www.cps-cidpc.com/index.php?id=2
+http://flashmaths.co.uk/viewFlash.php?id=2
+http://www.davidchancellor.com/docs/photos.php?id=2:4
+http://www.angelvestgroup.com/info.php?id=2
+http://ww3.microtek.com.tw/eu/modules/tinyd0/index.php?id=2
+http://www.tony-hawks.com/books.php?id=2
+http://www.theredwood.com/indexc.php?id=2
+http://www.iga.stir.ac.uk/conf.php?id=2
+http://www.jannahplace.com/hotels.php?id=2
+https://synopse.info/forum/viewforum.php?id=2
+http://www.apsf.org/resources_video_commentary.php?id=2
+http://www.guevaragallery.com/art.php?id=2
+http://www.wingits.com/products.php?id=2
+http://pakpips.com/team.php?id=2
+https://www.odysseyofthemind.com/practice/default_cat.php?Id=2
+http://www.mobile01.com/category.php?id=2
+http://www.eidosk.com/play_game.php?id=2
+https://www.facebook.com/pika.picapollo2/photos/pb.233886353328511.-2207520000.1465757435./1138991666151304/?type=3
+http://www.gsis.gov.ph/default.php?id=2
+http://www.scigames.org/game.php?id=2.

lib/core/dork_check/scan_results/098b34e7-605f-4c37-8e3f-dbf383abfc54.txt

@@ -1,5 +1,5 @@
 import socket
-import sys
+from lib.core.settings import LOGGER
 from lib.core.settings import RESERVED_PORTS
 
 
@@ -16,8 +16,7 @@ def connect_to_host(self):
         host = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         for port in self.ports:
             try:
-                sys.stdout.write("\rAttempting to connect to port: {}  ".format(port))
-                sys.stdout.flush()
+                LOGGER.info("Attempting to connect to port: {}".format(port))
                 attempt = host.connect_ex((self.host, port))  # Connect to the host
                 if attempt:  # If connection fails
                     pass
@@ -27,6 +26,6 @@ def connect_to_host(self):
                 pass
         host.close()
         if not self.connection_made:
-            return "\nNo connections could be made."
+            LOGGER.fatal("No connections could be made.")
         else:
-            return "\nConnection made on port: {}.".format(''.join(str(self.connection_made)))
+            return "Connection made on port: {}.".format(''.join(str(self.connection_made)))

lib/core/port_scan/port_scanning.py

@@ -1,8 +1,9 @@
-import random
 import os
 import uuid
 import re
 import logging
+import random
+import base64
 from colorlog import ColoredFormatter
 
 log_level = logging.INFO
@@ -33,13 +34,14 @@
 CLONE_LINK = "https://github.com/ekultek/pybelt.git"
 
 # Basic legal disclaimer
-LEGAL_DISC = "legal disclaimer: This program is intended for learning purposes, any malicious intent is on you, it is the end users responsibility to obey all laws, regulations, and rules of your respective country or place of origin. For further information about this please see the legal information file under docs or run the --legal flag"
+LEGAL_DISC = "[!] legal disclaimer: This program is intended for learning purposes, any malicious intent is on you, it is the end users responsibility to obey all laws, regulations, and rules of your respective country or place of origin. For further information about this please see the legal information file under docs or run the --legal flag"
+LONG_LEGAL_DISCLAIMER = open("lib/core/text_files/legal.txt").read()
 
 # Random dork to use for basic sqli searches
-RANDOM_DORK = random.choice(open("{}/lib/core/text_files/dorks.txt".format(PATH)).readlines())
+# RANDOM_DORK = random.choice(open("{}/lib/core/text_files/dorks.txt".format(PATH)).readlines())
 
 # Random saying to display on the banner
-RANDOM_SAYING = random.choice(open("{}/lib/core/text_files/sayings.txt".format(PATH)).readlines())
+SAYING = "The Hackers ToolBelt.."
 
 # Random common column names
 RANDOM_COMMON_COLUMN = random.choice(open("{}/lib/core/text_files/common_columns.txt".format(PATH)).readlines())
@@ -79,10 +81,9 @@
     ###             /      ###/\033[0m      %s
 
 \033[94m%s
-%s\033[0m
 
-\033[91m[!] %s\033[0m\n\n
-""" % (VERSION_STRING, RANDOM_SAYING.strip(), CLONE_LINK, LEGAL_DISC)
+%s\033[0m\n\n
+""" % (VERSION_STRING, SAYING.strip(), CLONE_LINK)
 
 # Path the the search results from a dork scan
 DORK_SCAN_RESULTS_PATH = r"{}\lib\core\dork_check\scan_results".format(os.getcwd())
@@ -97,10 +98,10 @@
 
 # List of reserved port numbers, these are the ports that you want to check
 RESERVED_PORTS = {
-    1, 5, 7, 18, 20, 21, 22, 23, 25, 29, 37,  42, 43, 49, 53, 69, 70,
-    79, 80, 103, 108, 109, 110, 115, 118, 119, 137, 139, 143, 150, 156,
-    161, 179, 190, 194, 197, 389, 396, 443, 444, 445, 458, 546, 547, 563,
-    569, 1080
+    1,   5,   7,   18,  20,  21,  22,  23,  25,  29,  37,  42,  43,  49,
+    53,  69,  70,  79,  80,  103, 108, 109, 110, 115, 118, 119, 137, 139,
+    143, 150, 156, 161, 179, 190, 194, 197, 389, 396, 443, 444, 445, 458,
+    546, 547, 563, 569, 1080
 }
 
 
@@ -109,3 +110,8 @@ def create_random_filename():
     >>> print(create_random_filename())
     56558c08-ee1f-40b4-b048-be4c4066f8b6 """
     return str(uuid.uuid4())
+
+
+def decode64(string):
+    """ Decode a string from base64 """
+    return base64.b64decode(string)

lib/core/settings.py

@@ -63,30 +63,30 @@ def add_union_based_injection(self):
         return union_based_injection
 
     def sqli_search(self):
+        """ Search for SQL injection in the provided URL[error based injection] """
         soup = []
         count = 0
         current_sqli_count = 0
         query = self.obtain_inject_query(self.url)
-        current_sqli_check = [self.add_blind_based_to_url(),
-                              self.add_error_based_to_url(),
-                              self.add_union_based_injection()]
+        current_sqli_check = [self.add_error_based_to_url,
+                              self.add_blind_based_to_url,
+                              self.add_union_based_injection]
 
         LOGGER.info("Starting SQLi search")
         while self.vulnerable is False:
-            for url in current_sqli_check[current_sqli_count]:
-                self.url_syntax = [re.search(SYNTAX_REGEX, url).group()]
+            for url in current_sqli_check[current_sqli_count]():
                 data = urllib2.urlopen(url).read()
                 soup = [BeautifulSoup(data, 'html.parser')]
             for html in soup:
                 count += 1
                 for regex in SQLI_ERROR_REGEX:
                     if regex.findall(str(html)):
                         self.vulnerable = True
-                        LOGGER.info("%s appears to have a SQL injection vulnerability at %s%s" % (
-                            self.url, query, self.url_syntax[count - 1]))
+                        return "%s appears to have a SQL injection vulnerability at %s" % (
+                            self.url, query)
                     else:
                         current_sqli_count += 1
                         self.url_syntax = self.url_syntax[::]
                         count = 0
         if self.vulnerable is False:
-            LOGGER.warning("%s is not vulnerable to SQL injection, error, blind, or union based" % self.url)
+            return "%s is not vulnerable to SQL injection." % self.url

lib/core/sql_scan/sqli_scan.py

@@ -0,0 +1,15 @@
+This program was written and created for learning purposes. Use of this program for malicious
+intents is extremely illegal and will not be tolerated, including, but not limited too:
+
+	* Database takeovers
+	* Phishing attacks
+	* Blackhat hacking of any kind
+	* Any malicious intents
+
+It is the end users responsibility to obey, all laws, rules, and regulations set forth by
+their state, territory, or any other place of residence. By continuing with the process of this
+program you agree that your actions are your own, and that you are liable for them.
+
+Having said that, knowledge is not illegal and nobody can tell you to quit learning. Absorb as
+much information as humanly possible and put it into play. I hope you take as much away form
+this program as I did writing it.