You've already forked hackingtool
mirror of
https://github.com/Z4nzu/hackingtool.git
synced 2025-11-23 21:44:50 +02:00
150 lines
6.9 KiB
Python
150 lines
6.9 KiB
Python
# coding=utf-8
|
|
from core import HackingTool
|
|
from core import HackingToolsCollection
|
|
|
|
from rich.console import Console
|
|
from rich.theme import Theme
|
|
from rich.table import Table
|
|
from rich.panel import Panel
|
|
from rich.prompt import Prompt
|
|
|
|
_theme = Theme({"purple": "#7B61FF"})
|
|
console = Console(theme=_theme)
|
|
|
|
|
|
class Sqlmap(HackingTool):
|
|
TITLE = "Sqlmap tool"
|
|
DESCRIPTION = "sqlmap is an open source penetration testing tool that " \
|
|
"automates the process of detecting and exploiting SQL injection flaws " \
|
|
"and taking over database servers. [!] python3 sqlmap.py -u [http://example.com] --batch --banner. More usage: https://github.com/sqlmapproject/sqlmap/wiki/Usage"
|
|
INSTALL_COMMANDS = ["sudo git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev"]
|
|
RUN_COMMANDS = ["cd sqlmap-dev;python3 sqlmap.py --wizard"]
|
|
PROJECT_URL = "https://github.com/sqlmapproject/sqlmap"
|
|
|
|
|
|
class NoSqlMap(HackingTool):
|
|
TITLE = "NoSqlMap"
|
|
DESCRIPTION = "NoSQLMap is an open source Python tool designed to audit and automate injection attacks. [*] Please install MongoDB."
|
|
INSTALL_COMMANDS = ["git clone https://github.com/codingo/NoSQLMap.git",
|
|
"sudo chmod -R 755 NoSQLMap;cd NoSQLMap;python setup.py install"]
|
|
RUN_COMMANDS = ["python NoSQLMap"]
|
|
PROJECT_URL = "https://github.com/codingo/NoSQLMap"
|
|
|
|
|
|
class SQLiScanner(HackingTool):
|
|
TITLE = "Damn Small SQLi Scanner"
|
|
DESCRIPTION = "DSSS is a fully functional SQL injection vulnerability scanner also supporting GET and POST parameters. Usage: python3 dsss.py -h | -u [URL]"
|
|
INSTALL_COMMANDS = ["git clone https://github.com/stamparm/DSSS.git"]
|
|
PROJECT_URL = "https://github.com/stamparm/DSSS"
|
|
|
|
def __init__(self):
|
|
super(SQLiScanner, self).__init__(runnable=False)
|
|
|
|
|
|
class Explo(HackingTool):
|
|
TITLE = "Explo"
|
|
DESCRIPTION = "Explo is a simple tool to describe web security issues in human and machine readable format. Usage: explo [--verbose|-v] testcase.yaml | explo [--verbose|-v] examples/*.yaml"
|
|
INSTALL_COMMANDS = ["git clone https://github.com/dtag-dev-sec/explo.git",
|
|
"cd explo;sudo python setup.py install"]
|
|
PROJECT_URL = "https://github.com/dtag-dev-sec/explo"
|
|
|
|
def __init__(self):
|
|
super(Explo, self).__init__(runnable=False)
|
|
|
|
|
|
class Blisqy(HackingTool):
|
|
TITLE = "Blisqy - Exploit Time-based blind-SQL injection"
|
|
DESCRIPTION = "Blisqy helps web security researchers find time-based blind SQL injections on HTTP headers and exploit them."
|
|
INSTALL_COMMANDS = ["git clone https://github.com/JohnTroony/Blisqy.git"]
|
|
PROJECT_URL = "https://github.com/JohnTroony/Blisqy"
|
|
|
|
def __init__(self):
|
|
super(Blisqy, self).__init__(runnable=False)
|
|
|
|
|
|
class Leviathan(HackingTool):
|
|
TITLE = "Leviathan - Wide Range Mass Audit Toolkit"
|
|
DESCRIPTION = "Leviathan is a mass audit toolkit with service discovery, brute force, SQL injection detection, and custom exploit capabilities. Requires API keys."
|
|
INSTALL_COMMANDS = ["git clone https://github.com/leviathan-framework/leviathan.git",
|
|
"cd leviathan;sudo pip install -r requirements.txt"]
|
|
RUN_COMMANDS = ["cd leviathan;python leviathan.py"]
|
|
PROJECT_URL = "https://github.com/leviathan-framework/leviathan"
|
|
|
|
|
|
class SQLScan(HackingTool):
|
|
TITLE = "SQLScan"
|
|
DESCRIPTION = "SQLScan is a quick web scanner to find SQL injection points. Not for educational purposes."
|
|
INSTALL_COMMANDS = ["sudo apt install php php-bz2 php-curl php-mbstring curl",
|
|
"sudo curl https://raw.githubusercontent.com/Cvar1984/sqlscan/dev/build/main.phar --output /usr/local/bin/sqlscan",
|
|
"chmod +x /usr/local/bin/sqlscan"]
|
|
RUN_COMMANDS = ["sudo sqlscan"]
|
|
PROJECT_URL = "https://github.com/Cvar1984/sqlscan"
|
|
|
|
|
|
class SqlInjectionTools(HackingToolsCollection):
|
|
TITLE = "SQL Injection Tools"
|
|
TOOLS = [Sqlmap(), NoSqlMap(), SQLiScanner(), Explo(), Blisqy(), Leviathan(), SQLScan()]
|
|
|
|
def _get_attr(self, obj, *names, default=""):
|
|
for n in names:
|
|
if hasattr(obj, n):
|
|
return getattr(obj, n)
|
|
return default
|
|
|
|
def pretty_print(self):
|
|
table = Table(title="SQL Injection Tools", show_lines=True, expand=True)
|
|
table.add_column("Title", style="purple", no_wrap=True)
|
|
table.add_column("Description", style="purple")
|
|
table.add_column("Project URL", style="purple", no_wrap=True)
|
|
|
|
for t in self.TOOLS:
|
|
title = self._get_attr(t, "TITLE", "Title", "title", default=t.__class__.__name__)
|
|
desc = self._get_attr(t, "DESCRIPTION", "Description", "description", default="").strip().replace("\n", " ")
|
|
url = self._get_attr(t, "PROJECT_URL", "PROJECT_URL", "PROJECT", "project_url", "projectUrl", default="")
|
|
table.add_row(str(title), str(desc or "—"), str(url))
|
|
|
|
panel = Panel(table, title="[purple]Available Tools[/purple]", border_style="purple")
|
|
console.print(panel)
|
|
|
|
def show_options(self, parent=None):
|
|
console.print("\n")
|
|
panel = Panel.fit("[bold magenta]SQL Injection Tools Collection[/bold magenta]\nSelect a tool to view options or run it.", border_style="purple")
|
|
console.print(panel)
|
|
|
|
table = Table(title="[bold cyan]Available Tools[/bold cyan]", show_lines=True, expand=True)
|
|
table.add_column("Index", justify="center", style="bold yellow")
|
|
table.add_column("Tool Name", justify="left", style="bold green")
|
|
table.add_column("Description", justify="left", style="white")
|
|
|
|
for i, tool in enumerate(self.TOOLS):
|
|
title = self._get_attr(tool, "TITLE", "Title", "title", default=tool.__class__.__name__)
|
|
desc = self._get_attr(tool, "DESCRIPTION", "Description", "description", default="—")
|
|
table.add_row(str(i + 1), title, desc or "—")
|
|
|
|
table.add_row("[red]99[/red]", "[bold red]Exit[/bold red]", "Return to previous menu")
|
|
console.print(table)
|
|
|
|
try:
|
|
choice = int(Prompt.ask("[bold cyan]Select a tool to run[/bold cyan]", default="99"))
|
|
if 1 <= choice <= len(self.TOOLS):
|
|
selected = self.TOOLS[choice - 1]
|
|
if hasattr(selected, "show_options"):
|
|
selected.show_options(parent=self)
|
|
elif hasattr(selected, "run"):
|
|
selected.run()
|
|
elif hasattr(selected, "before_run"):
|
|
selected.before_run()
|
|
else:
|
|
console.print("[bold yellow]Selected tool has no runnable interface.[/bold yellow]")
|
|
elif choice == 99:
|
|
return 99
|
|
except Exception:
|
|
console.print("[bold red]Invalid choice. Try again.[/bold red]")
|
|
return self.show_options(parent=parent)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
tools = SqlInjectionTools()
|
|
tools.pretty_print()
|
|
tools.show_options()
|