diff --git a/misr.py b/misr.py
index 3eddf26..69bf4fe 100644
--- a/misr.py
+++ b/misr.py
@@ -1,7 +1,7 @@
-#Ali Essam
-#https://www.facebook.com/AliElTop313
-#https://www.linkedin.com/in/dragonked2
-#https://www.github.com/dragonked2
+# Ali Essam
+# https://www.facebook.com/AliElTop313
+# https://www.linkedin.com/in/dragonked2
+# https://www.github.com/dragonked2
import asyncio
import logging
import re
@@ -15,10 +15,10 @@
from async_lru import alru_cache
from difflib import SequenceMatcher
-#De El Configuration
-PAYLOAD_FILE = 'payloads.txt'
-OUTPUT_FILE = 'vulnerable_urls.txt'
-SECRETS_FILE = 'secrets.txt'
+# De El Configuration
+PAYLOAD_FILE = "payloads.txt"
+OUTPUT_FILE = "vulnerable_urls.txt"
+SECRETS_FILE = "secrets.txt"
TIMEOUT = 30
MAX_CONNECTIONS = 100
CRAWL_DEPTH = 3
@@ -27,14 +27,15 @@
init(autoreset=True)
-logging.basicConfig(level=logging.INFO, format='%(levelname)s: %(message)s')
+logging.basicConfig(level=logging.INFO, format="%(levelname)s: %(message)s")
MATRIX_GREEN = Fore.GREEN + Style.BRIGHT
MATRIX_BLUE = Fore.BLUE + Style.BRIGHT
MATRIX_YELLOW = Fore.YELLOW + Style.BRIGHT
-#Lets Go Egypt :*
+
+# Lets Go Egypt :*
class BugBountyHunter:
def __init__(self):
self.visited_urls = set()
@@ -43,7 +44,9 @@ def __init__(self):
async def run_command(self, command):
try:
- proc = await asyncio.create_subprocess_shell(command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE)
+ proc = await asyncio.create_subprocess_shell(
+ command, stdout=asyncio.subprocess.PIPE, stderr=asyncio.subprocess.PIPE
+ )
await proc.communicate()
except asyncio.CancelledError:
logging.error("Command execution cancelled.")
@@ -55,48 +58,74 @@ async def extract_urls_from_page(self, url, session, target_domain):
try:
async with session.get(url, timeout=TIMEOUT) as response:
if response.status == 200:
- content_type = response.headers.get('Content-Type', '')
- if 'text/html' in content_type:
- soup = BeautifulSoup(await response.text(), 'html.parser')
- for link in soup.find_all('a', href=True):
- href = link.get('href')
+ content_type = response.headers.get("Content-Type", "")
+ if "text/html" in content_type:
+ soup = BeautifulSoup(await response.text(), "html.parser")
+ for link in soup.find_all("a", href=True):
+ href = link.get("href")
absolute_url = urljoin(url, href)
- if not any(self.similar(absolute_url, u) > SIMILARITY_THRESHOLD for u in self.visited_urls):
+ if not any(
+ self.similar(absolute_url, u) > SIMILARITY_THRESHOLD
+ for u in self.visited_urls
+ ):
urls.add(absolute_url)
- elif 'javascript' in content_type:
- js_content = await response.text(encoding='utf-8', errors='ignore')
- js_urls = re.findall(r'(?<=href=["\'])https?://[^\s\'"]+', js_content, re.IGNORECASE)
+ elif "javascript" in content_type:
+ js_content = await response.text(
+ encoding="utf-8", errors="ignore"
+ )
+ js_urls = re.findall(
+ r'(?<=href=["\'])https?://[^\s\'"]+',
+ js_content,
+ re.IGNORECASE,
+ )
urls.update(js_urls)
- elif 'json' in content_type:
- json_content = await response.text(encoding='utf-8', errors='ignore')
+ elif "json" in content_type:
+ json_content = await response.text(
+ encoding="utf-8", errors="ignore"
+ )
json_urls = re.findall(r'(?<="url":\s*")[^"]+', json_content)
urls.update(json_urls)
except (aiohttp.ClientError, asyncio.TimeoutError) as e:
- logging.error(f"Error extracting URLs from {url}: {e}")
+ #logging.error(f"Error extracting URLs from {url}: {e}")
+ pass
return urls
+
async def crawl_website(self, url, depth, target_domain, session, progress_bar):
- if depth <= 0 or url in self.visited_urls or not self.is_valid_url(url, target_domain):
+ if (
+ depth <= 0
+ or url in self.visited_urls
+ or not self.is_valid_url(url, target_domain)
+ ):
return set()
self.visited_urls.add(url)
valid_urls = set()
try:
- for retry in range(MAX_RETRIES):
- async with session.get(url, timeout=TIMEOUT) as response:
- if response.status == 200:
- content_type = response.headers.get('Content-Type', '')
- if 'text/html' in content_type:
- urls = await self.extract_urls_from_page(url, session, target_domain)
- valid_urls.update(u for u in urls if self.is_valid_url(u, target_domain))
- tasks = [self.crawl_website(u, depth - 1, target_domain, session, progress_bar) for u in valid_urls]
- nested_results = await asyncio.gather(*tasks)
- for result in nested_results:
- valid_urls.update(result)
- break #law el response ba2a 200 hnkmel sho5l
- else:
- logging.warning(f"Failed attempt {retry + 1}/{MAX_RETRIES} to crawl {url}. Retrying...")
+ async with session.get(url, timeout=TIMEOUT) as response:
+ if response.status == 200:
+ content_type = response.headers.get("Content-Type", "")
+ if "text/html" in content_type:
+ urls = await self.extract_urls_from_page(
+ url, session, target_domain
+ )
+ valid_urls.update(
+ u for u in urls if self.is_valid_url(u, target_domain)
+ )
+ tasks = [
+ self.crawl_website(
+ u, depth - 1, target_domain, session, progress_bar
+ )
+ for u in valid_urls
+ ]
+ nested_results = await asyncio.gather(*tasks)
+ for result in nested_results:
+ valid_urls.update(result)
+ else:
+ logging.warning(
+ f"Failed to crawl {url}. Status code: {response.status}"
+ )
except (aiohttp.ClientError, asyncio.TimeoutError) as e:
logging.error(f"Error crawling {url}: {e}")
@@ -105,17 +134,864 @@ async def crawl_website(self, url, depth, target_domain, session, progress_bar):
async def check_vulnerability(self, url, session, progress_bar):
vulnerabilities = {
- 'REGEX': ['AliElTop', '13337777', 'www-data', 'Bash:', 'root:', 'oastify.com'],
- 'AliElTop': ['SQL syntax error', 'You have an error in your SQL syntax', 'MySQL server version', 'Warning: mysql_fetch_array() expects parameter', 'Microsoft OLE DB Provider for ODBC Drivers error', 'Unclosed quotation mark before the character string', 'ORA-00921: unexpected end of SQL command', 'Microsoft SQL Native Client error', 'PostgreSQL query failed', 'SQLite3::exec(): near'], 'root:': ['Command not found', 'sh: command not found', 'Unable to fork', 'Permission denied (publickey)', 'Access denied for user', 'PHP Parse error', 'Syntax error, unexpected', 'Error: execution failed', 'Not a recognized command', 'Exited with error code'], '13337777': ["alert('XSS')", 'Cross-Origin Request Blocked', 'Refused to execute inline script', 'Uncaught SyntaxError: Unexpected token', 'Error: Access is denied', 'Unsafe JavaScript attempt to access', 'SecurityError: Blocked a frame with origin', 'XSS Filter - Bad Request'], 'Bash:': ['Failed to open stream: No such file or directory', 'Warning: include(): Failed opening', 'Unable to include', 'failed to open stream: Permission denied', 'file not found', 'File does not exist', 'No such file or directory in', 'Failed to open stream: No such file or directory', 'Warning: include(): Failed opening', 'Unable to include', 'failed to open stream: Permission denied', 'file not found', 'File does not exist', 'No such file or directory in', 'status:Success', 'auth:false', 'cast_build_revision:', 'ssdp_udn:', '>', 'id:', 'version:', 'method:', 'url:', 'time:', 'instance_metadata:', 'cloud:', 'username:', 'loginName:', 'password:', 'pre_define', 'auth_method', 'name', 'password', 'reason:', 'success', 'antiadwa:', 'clientupgrade:', 'autoCount', 'autoGet', 'cf_main_cf src=javascript:alert(1)', '?pgid=User_Show', 'api_keys:', 'aws:', 'server:', 'couchbase:', 'bucket:', 'data:', 'client_secret:', 'client_id:', '>', '>', '>', 'ok:true', 'data', 'repolink:', '>', '><', '>', 'id:', 'name:', 'avatar_urls:', '><', 'version:', 'serial_number:', '>.xrf', 'message:An internal server error occurred', '>', '>&really_del=1>YES', '>', '>', '>', 'date:', 'message:', 'trace:[', '>', 'uid:', 'pwd:', 'view:', 'user_login', 'user_pass', 'user_nicename', '>', '/>', 'alarm_model', 'actions', 'severity', 'username:', 'avatarUrl:', 'node:', '(guid|title|content|excerpt):{rendered:', 'clientId:security-admin-console', 'secret:', 'username:', 'email:', 'status:', 'result\\:false', 'success:true', '>', 'type', 'id_user', 'user_name', 'text', 'jsonrpc:', 'filename:', 'status : 400', 'zlo onerror=alert(1)', 'zlo onerror=alert(1)', 'zlo onerror=alert(1)', 'success:true', 'success:true', 'nonce:[a-f0-9]+', 'service_id', 'style=animation-name:rotation onanimationstart=alert(document.domain) x', 'guppyUsers:', 'userId:', 'type:', 'style=animation-name:rotation onanimationstart=alert(document.domain) x', 'additional_fields:[]}', 'path:(.*)/wp-content\\\\(.*),size', '>', '>.php', 'deleteUrl:', 'deleteKey:', 'results:', 'name:', 'tab:', 'TABLENAME:(?:(?:(?:(?:(?:APP_CONFIGDATA_RELATION_[PS]UB|SYS(?:(?:CONGLOMERAT|ALIAS|(?:FI|RO)L)E|(?:(?:ROUTINE)?|COL)PERM|(?:FOREIGN)?KEY|CONSTRAINT|T(?:ABLEPERM|RIGGER)|S(?:TAT(?:EMENT|ISTIC)|EQUENCE|CHEMA)|DEPEND|CHECK|VIEW|USER)|USER|ROLE)S|CONFIG_(?:TAGS_RELATION|INFO_(?:AGGR|BETA|TAG))|TENANT_CAPACITY|GROUP_CAPACITY|PERMISSIONS|SYSCOLUMNS|SYS(?:DUMMY1|TABLES)|APP_LIST)|CONFIG_INFO)|TENANT_INFO)|HIS_CONFIG_INFO)', '>', '>', 'result:true', 'k3woq^confirm(document.domain)^a2pbrnzx5a9', '>
Test
26 class=loginUserNameText', 'HTTP_X_TRIGGER_XSS:', 'traces:[', 'headers', 'request:{', 'userName:admin', 'code:200', 'uuid:', 'glpi:', 'isSnapshot:true', 'TYPE', 'ITEMS', 'COUNT', 'pbx', 'dongleStatus:0', 'macaddr', 'subTitle:Grafana (v8\\.(?:(?:1|0)\\.[0-9]|2\\.[0-2]))', 'data', 'users', 'nodes', 'id', 'success:true', 'msg:success', 'rc:(.*?)', 'msg:(.*?)', 'success:true', 'account:', 'password:', 'Consumers:', '>', 'Date Submitted', 'Entries ID', 'background:', 'footer:', 'current_currency:', 'username:', 'email:', 'display_name:', 'status:success', 'appointments:', 'unavailables:', 'First Name', 'success:1', 'id:', 'rendered:', ',', 'payment_confirmation_message:', 'page:', 'results:', 'success:true', 'isGuest:true', 'accessToken:', 'uname:', 'upassword:', 'user_name;', 'user_pwd;', 'user_id;', 'email:([a-zA-Z-_0-9@.]+),display_name:([a-zA-Z-_0-9@.]+),gravatar_url:http?:\\\\\\/\\\\\\/([a-z0-9A-Z.\\\\\\/?=&@_-]+)', 'departments:', 'name:', 'registration_no:', '>', 'message:query success', 'code:200', 'reason:OK', 'status:200', 'success:true', 'type:error,text:Unknown survey\\>', 'dest = y() - (500); // */ public class Double { public static double NaN = 0; static { try { java.io.BufferedReader reader = new java.io.BufferedReader(new java.io.InputStreamReader(java.lang.Runtime.getRuntime().exec(cat /etc/passwd).getInputStream())); String line = null; String allLines = - ; while ((line = reader.readLine()) != null) { allLines += line; } throw new RuntimeException(allLines);} catch (java.io.IOException e) {} }} /**', '>', 'Not authenticated', '((firmware|(version|ma(sk|c)|port|url|ip))|hostname):', 'Success: true', 'Success:true', 'zabbix:', 'zbx:', 'password:(.*?)', 'username:(.*?)', 'status:', 'data:', 'token:', 'clientid:', 'Chat Log', 'User IP', 'User ID', 'res_msg:Authentication Success.', 'doc_id:user_systemi', 'username:', 'password:', 'mustChangePwd:', 'roleUser:', '>', '>', 'plmnID:', 'ueId:', 'jiraGroupObjects', 'groupName', 'registered:', 'display_name:', 'value:', 'local_data_id:', 'status:', 'pagination:', 'img:', 'date:', 'title:', 'params:', 'license:', 'name:', 'errorMessage:Internal error', 'password:', 'isAdmin:', 'createAt:', 'apiVersion:', 'uuid:', 'userName:', 'status:OK', 'sessionid:', 'mode:', 'links:', 'attributes:', 'CVE-2023-25135', 'slug:', 'name:', 'ip_address', 'database_name:', 'configuration_method:', 'registered_date:', 'username:', 'email:', 'MINIO_ROOT_PASSWORD:', 'MINIO_ROOT_USER:', 'MinioEnv:', 'success:true', 'data:null', "{source_id: test'; copy (SELECT '') to program '{{cmd}}'-- - }", 'username:', 'name:', 'email:', 'role:', 'name', 'version', 'ghost', 'success:true', 'data:', 'username:', 'email:', 'roles:', 'database_name:', 'database_user:', 'original_fileName:', 'converted_fileName:', 'refresh_token', 'access_token', 'token_type', 'expires_in', 'success:200', 'message:ok', 'success:200', 'message:ok', 'is_dir:', 'path:', 'files:', 'result:ok', 'terminal:', 'user_id:', 'account_id:', 'result:ok', 'msg:登入成功', '{{string}}>', 'form_id:{{form_id}}', 'behav', 'responseHeader:', 'solr.jetty:', ');alert(document.domain);//', 'Authorized:false', 'registered_model:', 'name:', '> />', 'id:', 'question_type:', 'points_total:', 'id:', 'id:', 'quiz_materials:', 'result:', 'message:', 'password:', 'softAp:', 'link:file:', 'success:', 'access_token:', 'token_type:', 'success:true', 'token:', 'folders: {', 'connection-types: {', 'connections: {', 'memstats:', 'cmdline:', 'authResult:0', 'droplet_id:', 'hostname:', 'repositories:', 'email:', 'auth:', 'msg:login success', 'sessionId:', 'message:The username does not exist', 'authorizationNeeded: false', ':a.', ':A.', 'text:', 'code:', 'detailMsg:', 'data:true', 'sessionkey:', 'message:', 'took:', 'number :', 'number_of_nodes', 'roles', 'permissions', 'role', 'kv', 'etcdserver', 'etcdcluster', 'auth:', 'success: true', 'status :true', 'connection', 'name', 'driver', 'password', 'url', 'user', 'loginRes:success', 'activeUserName:cmuser', 'msg:ok', 'type:', 'NoAuth:true', '/licenses/NOTICE.txt', '/vpn/resources/{lang}', '/lanproxy-config/', 'theme:group-office,', '/cnf/r/cms/common.js', 'generator content=Microweber />', 'success', 'hash:', 'errors', 'product:', 'proxies:', 'protocol:', 'host:', 'user:', 'provision:', 'provisionArgs:', 'access_token:', 'token_type:', '- (?m)^\\s*- ?uses?:', 'access_token:', 'token_type:', 'refresh_token:', '0nuboard