segunda-feira, 1 de junho de 2015

Send Attack Web Forms - Tool

Hey guys, all beauty?
Lately I've been using many scripts to test some parameters in POST and GET, this demand grew a bit, i decided to craft this tool, it is available on Github in GPL license.

Basically it does POST with some basic parameters, and change the HEADER, COOKIES and NUMBER OF SUBMISSIONS.

[EDIT] Consult attributes of a form in an HTML page and set the POST or GET request method [/EDIT]

Tool:
https://github.com/danilovazb/SAWEF

SAWEF - Send Attack Web Forms

Danilo Vaz - UNK
danilovazb@gmail.com
http://unk-br.blogspot.com
https://twitter.com/unknownantisec
  • REQUERIMENTS
 ----------------------------------------------------------
threading
time
argparse
requests
json
BeautifulSoap
permission          Reading & Writing
User                root privilege, or is in the sudoers group
Operating system    LINUX
Python              2.7
 ----------------------------------------------------------
  • INSTALL
git clone http://github.com/danilovazb/SAWEF

sudo apt-get install python-bs4 python-requests
  • HELP
usage: tool [-h] --url http://url.com/
            [--user_agent '{"User-agent": "Mozilla/5.0 Windows; U; Windows NT 5.1; hu-HU; rv:1.7.8 Gecko/20050511 Firefox/1.0.4"}"]
            [--threads 10] [--data '{"data":"value","data1":"value"}']
            [--qtd 5] [--method post|get]
            [--referer '{"referer": "http://url.com"}']
            [--response status_code|headers|encoding|html|json|form]
            [--cookies '{"__utmz":"176859643.1432554849.1.1.utmcsr=direct|utmccn=direct|utmcmd=none"}']

optional arguments:
  -h, --help        show this help message and exit
  --url http://url.com/
                    URL to request
  --user_agent '{"User-agent": "Mozilla/5.0 (Windows; U; Windows NT 5.1; hu-HU; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"}"
                    For a longer list, visit:
                    http://www.useragentstring.com/pages/useragentstring.php
  --threads 10      Threads
  --data '{"data":"value","data1":"value"}'
                    Data to be transmitted by post
  --qtd 5           Quantity requests
  --method post|get
                    Method sends requests
  --referer '{"referer": "http://url.com"}'
                    Referer
  --response status_code|headers|encoding|html|json|form
                    Status return
  --cookies '{"__utmz":"176859643.1432554849.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)"}'
                    Cookies from site
  • EXAMPLE
*Send 1 SMS anonymous to POST [in BR]:
-------------
$:> python sawef.py --url "https://smsgenial.com.br/forms_teste/enviar.php" --data '{"celular":"(11) XXXX-XXXXX","mensagem":"Teste","Testar":"Enviar"}' --threads 10 --qtd 1 --user_agent '{"User-agent":"Mozilla/5.0 Windows; U; Windows NT 5.1; hu-HU; rv:1.7.8) Gecko/20050511 Firefox/1.0.4"}'

*List Form attributes:
-------------
$:> python sawef.py --url "https://smsgenial.com.br/ --method post --response form
OUTPUT:

--------------------------------
NOME_FORM[None]
URL[http://paineldeenvios.com/painel/app/login/login.php]
METHOD[post]

email:Digite Seu Login        (text)
passwd:Senha        (password)
Entrar:Entrar        (submit)

--------------------------------
NOME_FORM[form1]
URL[/forms_teste/criaruser.php]
METHOD[post]

action:criarconta        (hidden)
nome:        (text)
celular:        (text)
email:        (text)
Testar:Criar        (submit)
Testar:Enviar        (hidden)

--------------------------------
NOME_FORM[None]
URL[/forms_teste/enviar.php]
METHOD[post]

celular:        (text)
Testar:Enviar        (submit)
  • SCREENSHOT Screenshot
Postado por às
Marcadores: , , , , , , ,

2 comentários:

  1. UnderFuD1 de junho de 2015 às 21:31

    ai amigo aguardo novos poste seu obrigado e vlw

    ResponderExcluir
    Respostas
    1. Danilo Vaz10 de junho de 2015 às 13:29

      E ai mano, vlw....vc pode ver algumas postagens no meu antigo blog http://unknownsec.wordpress.com

      Excluir

Assinar: Postar comentários (Atom)