m4ll0k / atlas Goto Github PK

I typed python3 atlas.py and I got back:

Traceback (most recent call last): File "C:\***\***\***\Atlas-master\atlas.py", line 16, in <module> from humanfriendly.tables import format_pretty_table as pretty ModuleNotFoundError: No module named 'humanfriendly'

The exact version of python that I'm using is 3.9.1
As a side question, which version of python is Atlas currently on?

-u "xxx.com?p=123&fq=1233" -D "test=testtest&test2=testabc"
What if I only want to test POST parameter test2?
What should I enter? -p "testabc'" or -p "test2=testabc'" or what?

python atlas.py
Traceback (most recent call last):
File "/home/user/atlas/atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'

got an error while running on Ubuntu 16.04 and Python 2.7.2

ppayload = param.replace(param.split('=')[1],self.payload)
IndexError: list index out of range

hi, there
I'm getting this error and I have no idea why?

raceback (most recent call last):
File "/usr/lib/python3.9/urllib/request.py", line 1346, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/lib/python3.9/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.9/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.9/http/client.py", line 950, in send
self.connect()
File "/usr/lib/python3.9/http/client.py", line 1417, in connect
super().connect()
File "/usr/lib/python3.9/http/client.py", line 921, in connect
self.sock = self._create_connection(
File "/usr/lib/python3.9/socket.py", line 822, in create_connection
for res in getaddrinfo(host, port, 0, SOCK_STREAM):
File "/usr/lib/python3.9/socket.py", line 953, in getaddrinfo
for res in _socket.getaddrinfo(host, port, family, type, proto, flags):
socket.gaierror: [Errno 1] Unknown error

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 337, in
atlas().main()
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 298, in main
);inject_payload.run()
File "/home/shinobi/Desktop/Tool/Atlas/atlas.py", line 41, in run
resp = self.send(url,self.method,self.data,injected.get('headers'))
File "/home/shinobi/Desktop/Tool/Atlas/lib/request.py", line 63, in send
resp = urllib2.urlopen(req)
File "/usr/lib/python3.9/urllib/request.py", line 214, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.9/urllib/request.py", line 517, in open
response = self._open(req, data)
File "/usr/lib/python3.9/urllib/request.py", line 534, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.9/urllib/request.py", line 494, in _call_chain
result = func(*args)
File "/usr/lib/python3.9/urllib/request.py", line 1389, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.9/urllib/request.py", line 1349, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [Errno 1] Unknown error>

Hi There,

Kindly add the option of --update.

i made a small code for you and gonna send it to you privately.

Regards,

Your tool/software has been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#Atlas

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

@m4ll0k PLZ. Update Atlas

Sqlmap still not provide full tamper suggester function (but sometimes it show what perhaps filtered and named usefull tamper)
But there is a great need to perform a post requests right . now in atlas it seems work not so fine.
Also import txt file with request from other soft is musthave . example -r command in sqlmap .

PLZ COME BACK. Cause still there is no alternatives in automated soft for that purposes.

I see @muminkoykiran is one who still intrested and pull that git. Man, maybe you can made update in fork for that functions?

python3 atlas.py
Traceback (most recent call last):
File "atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'

The author's project idea is very good.。
IP is always blocked in practice，The program is interrupted because of this。
It would be better if you can add a proxy function that sends data packets every time you request。≧◔◡◔≦

Hello.
plz add a shell (constant menu like --sqlmap-shell) for working in powershell in win os. it will be very helpfull - little hard to alias comand for atlas.py (maybe someone can help)
i made a bat file --
powershell -NoExit py 'C:\Users*\Desktop\Atlas-master\atlas.py'"

but i need again write py atlas.py -comand.. Dunnow how to make it perfect and easy for work in winpwshl
Thanks for your work!

suggest to add the function of read form a packet file just like sqlmap's -r

Could you add an option like "-r" in sqlmap?

Do you not update this tool anymore?

Hi,

I tried atlas header as -H 'Cookie: abc=1234; qwe=222-211-2'+%%inject%%' --payload=blah
And seperately;
-H 'Cookie: abc=1234' -H 'Cookie=qwe=222-211-2'+%%inject%%' --payload=blah

But the response is same as this for both requests and results to all the scripts
trying with "charunicodeencode" tamper...

the script is running great Thanks , but i get weird charchters when running , its bluring my eyes :)
[←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[1;33mINFO←[0m] ←[0;33mtrying with "uppercase" tamper...←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "400"←[0m [←[1;35m08:33:20←[0m] [←[0;31mWARN←[0m] ←[1;31mreturn HTTP error code: "406"←[0m

python3 atlas.py --url https://abcp.com/;jsessionid=A33675EEFC516F7C144BBD178675E69F?next=user/anonWorkItemEdit.jsp&id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
[23:15:46] [WARN] Please set payload with "-p|--payload" options
[1]+ Done jsessionid=A33675EEFC516F7C144BBD178675E69F?next=user/anonWorkItemEdit.jsp
[1] 4042
-bash: --payload=-1234 AND 4321=4321-- AAAA: command not found

How to use this if the site using route parameter ?
eg:
https://sqli.tk/News/1

In sqlmap via *

eg:
https://sqli.tk/News/*

Traceback (most recent call last):
File "C:\upsqlmap\atlas.py", line 16, in
from humanfriendly.tables import format_pretty_table as pretty
ModuleNotFoundError: No module named 'humanfriendly'

Suggest to add argument for error code because some waf's dont return 4xx-5xx error, some return 302 for example so i want to set this argument. Thanx

[12:21:12] [INFO] fetching current database
[12:21:12] [PAYLOAD] 1 AnD ORD(MID((IFnuLL(CAsT(DatABaSe() aS cHAR),0x20)),1,1))>64
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 And ORD(MID((ifNUll(cAst(DATabAse() As chaR),0x20)),1,1))>32
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 anD ORD(MID((IFNulL(cAsT(DatabaSe() As CHar),0x20)),1,1))>1
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [INFO] retrieved:
[12:21:12] [DEBUG] performed 3 queries in 0.14 seconds
[12:21:12] [PAYLOAD] 1 AnD 9517=iF((ORD(MID((iFNULL(CAsT(dATabaSE() aS CHar),0x20)),1,1))>64),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 And 9517=If((ORD(MID((IfNULL(CAst(DataBAse() aS CHaR),0x20)),1,1))>32),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [PAYLOAD] 1 aNd 9517=iF((ORD(MID((iFNULL(CAst(dATabasE() aS cHAR),0x20)),1,1))>1),SLEEP(5),9517)
[12:21:12] [DEBUG] got HTTP error code: 403 (Forbidden)
[12:21:12] [INFO] retrieved:
[12:21:12] [DEBUG] performed 3 queries in 0.06 seconds
[12:21:12] [CRITICAL] unable to retrieve the database names

python2 atlas.py -r -u "canttellyou.com/sor.php?AnnouncementID=1&ct=undefined" -p "1 And 9517=If((ORD(MID((IfNULL(CAst(DataBAse() aS CHaR),0x20)),1,1))>32),SLEEP(5),9517)" -c "ck_okok_okoklogin=1; PHPSESSID=dudm31qshvu2qm2w2w2w2w2w"

[�[1;35m19:46:39�[0m] [�[1;33mINFO�[0m] �[0;33mtrying with "randomcase" tamper...�[0m
Traceback (most recent call last):
  File "atlas.py", line 265, in <module>
    atlas().main()
  File "atlas.py", line 221, in main
    payload__ = tamper(_payload)
  File "D:\atlas\tamper\general_randomcase.py", line 22, in general_randomcase
    m_word = word[random.randint(0,len(word))]
IndexError: string index out of range

D:\atlas>

sqlmap resumed the following injection point(s) from stored session:
---
Parameter: AnnouncementID (GET)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: AnnouncementID=1 AND 2143=2143&ct=undefined
    Vector: AND [INFERENCE]

    Type: AND/OR time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind
    Payload: AnnouncementID=1 AND SLEEP(5)&ct=undefined
    Vector: AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])
---

web server operating system: Linux CentOS 5.10
web application technology: Apache 2.2.3, PHP 5.1.6
banner:    '5.0.95-log'

can we add multiple urls in the tool

after running

python atlas.py

i ger this error

File "atlas.py", line 20 def __init__(self,url:str,method:str,data:str,kwargs:dict)->None: ^ SyntaxError: invalid syntax

any suggestions??

thanks