more payloads

spyboy-productions · Mar 20, 2024 · ef682fc · ef682fc
1 parent b7e3ce1
commit ef682fc
Show file tree

Hide file tree

Showing 2 changed files with 118 additions and 9 deletions.
diff --git a/WebSecProbe/main.py b/WebSecProbe/main.py
@@ -1,5 +1,3 @@
-# websecprobe/websecprobe/cli.py
-
 import argparse
 import requests
 import json
@@ -27,8 +25,20 @@ def send_request(self, payload):
         full_url = f"{self.url}/{payload}"
         response = requests.get(full_url)  # Remove verify=False to enable SSL certificate verification
         status_code = response.status_code
+        colored_code = self.color_status_code(status_code)  # Added this line to colorize status codes
         content_length = len(response.content)
-        self.results.append([full_url, status_code, content_length])
+        self.results.append([full_url, colored_code, content_length])
+
+    def color_status_code(self, code):
+        if code >= 200 and code < 300:
+            return f'\033[32m{code}\033[0m'  # Green
+        elif code >= 300 and code < 400:
+            return f'\033[33m{code}\033[0m'  # Yellow
+        elif code >= 400 and code < 500:
+            return f'\033[31m{code}\033[0m'  # Red
+        else:
+            return f'\033[35m{code}\033[0m'  # Magenta
+
 
     def run(self):
         # Validate the URL
@@ -65,7 +75,7 @@ def run(self):
             f"-H X-Host: {self.path}127.0.0.1",
             f"{self.path}..;/",
             f" {self.path};/",
-            f"{self.path}/path",  #new payloads from here
+            f"{self.path}/path",
             f"{self.path}%2Fpath",
             f"{self.path}%252Fpath",
             f"{self.path}/path;parameter",
@@ -74,7 +84,106 @@ def run(self):
             f"{self.path}%u002Fpath",
             f"{self.path}%252E",
             f"{self.path}%00{self.path}",
-            f"{self.path}/path%2Ehtml"
+            f"{self.path}/path%2Ehtml",
+            # New payloads
+            f"{self.path}/?",
+            f"{self.path}//",
+            f"{self.path}??",
+            f"{self.path}??/",
+            f"{self.path}..;",
+            f"{self.path}%23",
+            f"{self.path}%26",
+            f"{self.path}/~",
+            f"{self.path}/%7E",
+            f"{self.path}/%C0%AF",
+            f"{self.path}/%C0%AE",
+            f"{self.path}/%252E%252E/",
+            f"{self.path}/%252F",
+            f"{self.path}/%255C",
+            f"{self.path}%3f",
+            f"{self.path}%3F",
+            f"{self.path}/%252e/",
+            f"{self.path}/%252e%252e/",
+            f"{self.path}/%252f",
+            f"{self.path}/%2e/",
+            f"{self.path}/%2e%2e/",
+            f"{self.path}/%2f",
+            f"{self.path}/%09",
+            f"{self.path}/%09/",
+            f"{self.path}/%0A",
+            f"{self.path}/%0A/",
+            f"{self.path}/%0D",
+            f"{self.path}/%0D/",
+            f"{self.path}/%0C",
+            f"{self.path}/%0C/",
+            f"{self.path}/.json",
+            f"{self.path}/.json/",
+            f"{self.path}/.xml",
+            f"{self.path}/.xml/",
+            f"{self.path}/.html",
+            f"{self.path}/.html/",
+            f"{self.path}/.php",
+            f"{self.path}/.php/",
+            f"{self.path}/.asp",
+            f"{self.path}/.asp/",
+            f"{self.path}/.aspx",
+            f"{self.path}/.aspx/",
+            f"{self.path}/.cgi",
+            f"{self.path}/.cgi/",
+            f"{self.path}/.jsp",
+            f"{self.path}/.jsp/",
+            f"{self.path}/.exe",
+            f"{self.path}/.exe/",
+            f"{self.path}/.dll",
+            f"{self.path}/.dll/",
+            f"{self.path}/.bat",
+            f"{self.path}/.bat/",
+            f"{self.path}/.bin",
+            f"{self.path}/.bin/",
+            f"{self.path}/.phtml",
+            f"{self.path}/.phtml/",
+            f"{self.path}/.htaccess",
+            f"{self.path}/.htaccess/",
+            f"{self.path}/.htpasswd",
+            f"{self.path}/.htpasswd/",
+            f"{self.path}/web.config",
+            f"{self.path}/web.config/",
+            f"{self.path}/robots.txt",
+            f"{self.path}/robots.txt/",
+            f"{self.path}/admin",
+            f"{self.path}/admin/",
+            f"{self.path}/administrator",
+            f"{self.path}/administrator/",
+            f"{self.path}/login",
+            f"{self.path}/login/",
+            f"{self.path}/wp-admin",
+            f"{self.path}/wp-admin/",
+            f"{self.path}/wp-login",
+            f"{self.path}/wp-login/",
+            f"{self.path}/config",
+            f"{self.path}/config/",
+            f"{self.path}/.git",
+            f"{self.path}/.git/",
+            f"{self.path}/.svn",
+            f"{self.path}/.svn/",
+            f"{self.path}/.hg",
+            f"{self.path}/.hg/",
+            f"{self.path}/.bzr",
+            f"{self.path}/.bzr/",
+            f"{self.path}/test",
+            f"{self.path}/test/",
+            f"{self.path}/demo",
+            f"{self.path}/demo/",
+            f"{self.path}/backup",
+            f"{self.path}/backup/",
+            f"{self.path}/tmp",
+            f"{self.path}/tmp/",
+            f"{self.path}/temp",
+            f"{self.path}/temp/",
+            f"{self.path}/.env",
+            f"{self.path}/.env/",
+            f"{self.path}/.DS_Store",
+            f"{self.path}/.DS_Store/",
         ]
 
         for payload in payloads:
@@ -121,7 +230,7 @@ def main():
     blog = 'https://spyboy.blog/'
     github = 'https://github.com/spyboy-productions/WebSecProbe'
 
-    VERSION = '0.0.11'
+    VERSION = '0.0.12'
 
     R = '\033[31m'  # red
     G = '\033[32m'  # green
@@ -162,4 +271,4 @@ def main():
     probe.run()
 
 if __name__ == "__main__":
-    main()
+    main()
diff --git a/setup.py b/setup.py
@@ -7,8 +7,8 @@
 with codecs.open(os.path.join(here, "README.md"), encoding="utf-8") as fh:
     long_description = "\n" + fh.read()
 
-VERSION = '0.0.11'
-DESCRIPTION = 'Web Security Assessment Tool'
+VERSION = '0.0.12'
+DESCRIPTION = 'Bypass 403'
 
 # Setting up
 setup(