Skip to content

Commit

Permalink
more payloads
Browse files Browse the repository at this point in the history
  • Loading branch information
thisisshubhamkumar committed Mar 20, 2024
1 parent b7e3ce1 commit ef682fc
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 9 deletions.
123 changes: 116 additions & 7 deletions WebSecProbe/main.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
# websecprobe/websecprobe/cli.py

import argparse
import requests
import json
Expand Down Expand Up @@ -27,8 +25,20 @@ def send_request(self, payload):
full_url = f"{self.url}/{payload}"
response = requests.get(full_url) # Remove verify=False to enable SSL certificate verification
status_code = response.status_code
colored_code = self.color_status_code(status_code) # Added this line to colorize status codes
content_length = len(response.content)
self.results.append([full_url, status_code, content_length])
self.results.append([full_url, colored_code, content_length])

def color_status_code(self, code):
if code >= 200 and code < 300:
return f'\033[32m{code}\033[0m' # Green
elif code >= 300 and code < 400:
return f'\033[33m{code}\033[0m' # Yellow
elif code >= 400 and code < 500:
return f'\033[31m{code}\033[0m' # Red
else:
return f'\033[35m{code}\033[0m' # Magenta


def run(self):
# Validate the URL
Expand Down Expand Up @@ -65,7 +75,7 @@ def run(self):
f"-H X-Host: {self.path}127.0.0.1",
f"{self.path}..;/",
f" {self.path};/",
f"{self.path}/path", #new payloads from here
f"{self.path}/path",
f"{self.path}%2Fpath",
f"{self.path}%252Fpath",
f"{self.path}/path;parameter",
Expand All @@ -74,7 +84,106 @@ def run(self):
f"{self.path}%u002Fpath",
f"{self.path}%252E",
f"{self.path}%00{self.path}",
f"{self.path}/path%2Ehtml"
f"{self.path}/path%2Ehtml",
# New payloads
f"{self.path}/?",
f"{self.path}//",
f"{self.path}??",
f"{self.path}??/",
f"{self.path}..;",
f"{self.path}%23",
f"{self.path}%26",
f"{self.path}/~",
f"{self.path}/%7E",
f"{self.path}/%C0%AF",
f"{self.path}/%C0%AE",
f"{self.path}/%252E%252E/",
f"{self.path}/%252F",
f"{self.path}/%255C",
f"{self.path}%3f",
f"{self.path}%3F",
f"{self.path}/%252e/",
f"{self.path}/%252e%252e/",
f"{self.path}/%252f",
f"{self.path}/%2e/",
f"{self.path}/%2e%2e/",
f"{self.path}/%2f",
f"{self.path}/%09",
f"{self.path}/%09/",
f"{self.path}/%0A",
f"{self.path}/%0A/",
f"{self.path}/%0D",
f"{self.path}/%0D/",
f"{self.path}/%0C",
f"{self.path}/%0C/",
f"{self.path}/.json",
f"{self.path}/.json/",
f"{self.path}/.xml",
f"{self.path}/.xml/",
f"{self.path}/.html",
f"{self.path}/.html/",
f"{self.path}/.php",
f"{self.path}/.php/",
f"{self.path}/.asp",
f"{self.path}/.asp/",
f"{self.path}/.aspx",
f"{self.path}/.aspx/",
f"{self.path}/.cgi",
f"{self.path}/.cgi/",
f"{self.path}/.jsp",
f"{self.path}/.jsp/",
f"{self.path}/.exe",
f"{self.path}/.exe/",
f"{self.path}/.dll",
f"{self.path}/.dll/",
f"{self.path}/.bat",
f"{self.path}/.bat/",
f"{self.path}/.bin",
f"{self.path}/.bin/",
f"{self.path}/.phtml",
f"{self.path}/.phtml/",
f"{self.path}/.htaccess",
f"{self.path}/.htaccess/",
f"{self.path}/.htpasswd",
f"{self.path}/.htpasswd/",
f"{self.path}/web.config",
f"{self.path}/web.config/",
f"{self.path}/robots.txt",
f"{self.path}/robots.txt/",
f"{self.path}/admin",
f"{self.path}/admin/",
f"{self.path}/administrator",
f"{self.path}/administrator/",
f"{self.path}/login",
f"{self.path}/login/",
f"{self.path}/wp-admin",
f"{self.path}/wp-admin/",
f"{self.path}/wp-login",
f"{self.path}/wp-login/",
f"{self.path}/config",
f"{self.path}/config/",
f"{self.path}/.git",
f"{self.path}/.git/",
f"{self.path}/.svn",
f"{self.path}/.svn/",
f"{self.path}/.hg",
f"{self.path}/.hg/",
f"{self.path}/.bzr",
f"{self.path}/.bzr/",
f"{self.path}/test",
f"{self.path}/test/",
f"{self.path}/demo",
f"{self.path}/demo/",
f"{self.path}/backup",
f"{self.path}/backup/",
f"{self.path}/tmp",
f"{self.path}/tmp/",
f"{self.path}/temp",
f"{self.path}/temp/",
f"{self.path}/.env",
f"{self.path}/.env/",
f"{self.path}/.DS_Store",
f"{self.path}/.DS_Store/",
]

for payload in payloads:
Expand Down Expand Up @@ -121,7 +230,7 @@ def main():
blog = 'https://spyboy.blog/'
github = 'https://github.com/spyboy-productions/WebSecProbe'

VERSION = '0.0.11'
VERSION = '0.0.12'

R = '\033[31m' # red
G = '\033[32m' # green
Expand Down Expand Up @@ -162,4 +271,4 @@ def main():
probe.run()

if __name__ == "__main__":
main()
main()
4 changes: 2 additions & 2 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,8 +7,8 @@
with codecs.open(os.path.join(here, "README.md"), encoding="utf-8") as fh:
long_description = "\n" + fh.read()

VERSION = '0.0.11'
DESCRIPTION = 'Web Security Assessment Tool'
VERSION = '0.0.12'
DESCRIPTION = 'Bypass 403'

# Setting up
setup(
Expand Down

0 comments on commit ef682fc

Please sign in to comment.