make tool more stable and powerful

README.md

@@ -1,27 +1,37 @@
-
+<div align=center>
+
 ![bibi-bird-480-text](https://github.com/user-attachments/assets/a0836bfa-6012-4502-b891-2416222bb0f2)
+</div>
 
-
-# 🔍 Overview
+#  Overview
 Bibi Bird is a tool writen in python that tests websites for SQL Injections, XSS and other vulnerabilities. My tool is still in beta but works 90% of the time.
 
 
-# 📦 Installation
+# Installation
 
     git clone https://github.com/alfredredbird/Bibi-Bird
     cd Bibi-Bird && sudo pip3 install -r requirements.txt
     python3 main.py
 
-# 📦 Manual Install
+# Manual Install
 
     download the latest release from: https://github.com/alfredredbird/Bibi-Bird/releases.
     then extract the zip or tar.gz
 
     cd Bibi-Bird && sudo pip3 install -r requirements.txt
     python3 Bibi-Bird
 
+# CLI Modes
+
+- SQL injection mode: `python3 main.py -u https://target.tld/login -i`
+- SQL injection with custom wordlist: `python3 main.py -u https://target.tld/login -i -w dict/sql-common.txt`
+- SQL error detection mode: `python3 main.py -u https://target.tld/page --sql-detect`
+- XSS URL mode: `python3 main.py -u "https://target.tld/search?" -x 1`
+- XSS form mode: `python3 main.py -u https://target.tld/login -x 2`
+- CSRF request replay mode: `python3 main.py -u https://target.tld -c tests/request.txt -r 25`
+- Save report output: `python3 main.py -u https://target.tld -i --report data/report.json`
 
-# 💻 Tested OS
+# Tested OS
 
 <table>
     <tr>
@@ -74,7 +84,7 @@ Bibi Bird is a tool writen in python that tests websites for SQL Injections, XSS
     </tr>
 </table>
 
-# 📖 Requirements
+# Requirements
 
 There Is A Lot Lol
 
@@ -84,8 +94,8 @@ There Is A Lot Lol
 - alive_progress
 - bs4
 
-# 🗣️Supported Languages
-(we need translators 😭)
+# Supported Languages
+>(we need translators)
 - [x] English
 - [ ] Italian
 - [ ] Hebrew 
@@ -97,26 +107,26 @@ There Is A Lot Lol
 - [ ] Russian
 - [ ] Portuguese
 
-# 📕 Upcoming Features
+# Upcoming Features
  (They Are Great First Issues :D)
 
  - [x] SQL Injections
- - [ ] SQL Detections
+ - [x] SQL Detections
  - [ ] DNS Scanning
  - [ ] URL Brute Forcing
- - [ ] Reports
+ - [x] Reports
  - [X] XSS Injecting
  - [ ] Site OSINT
- - [ ] Custom Wordlists
+ - [x] Custom Wordlists
  - [ ] Payload Generation
  - [X] Payload Selection
  - [X] CSRF Attacks (beta)
 
-# ⁉️ Need Help?
-Check out https://github.com/alfredredbird/Bibi-Bird/issues or the WiKi for help.
+# Need Help?
+Check out [Bibi-Bird/issues](https://github.com/alfredredbird/Bibi-Bird/issues) or the WiKi for help.
 Still Need Help? Contact Below :D
 
-# 📗 Info:
+# Info:
 
 <table>
     <tr>
@@ -133,17 +143,17 @@ Still Need Help? Contact Below :D
     </tr>
 </table>
 
-# 📘 Contact
+# Contact
 
-- Twitter: https://twitter.com/alfredredbird1
-- LinkedIn: https://www.linkedin.com/in/jeffrey-montanari-7178a1290/
+- Twitter: [alfredredbird1](https://twitter.com/alfredredbird1)
+- LinkedIn: [jeffrey montanari](https://www.linkedin.com/in/jeffrey-montanari-7178a1290)
 
-# 🛠 Other Tools
+# Other Tools
 
 Other tools in the fleet:
-- Tookie-OSINT: http://github.com/alfredredbird/tookie-osint
+- Tookie-OSINT: [Tookie-OSINT](http://github.com/alfredredbird/tookie-osint)
 
-# 🤝 Partnership
+# Partnership
 Want to partner with the Bibi-Bird project? Feel free to reach out!
 
   partners:

data/EmailSelectors.txt

@@ -1,74 +1,54 @@
 email
 Email
-emial
 EMAIL
 mail
 Mail
 emailAddress
 EmailAddress
 email_address
-Email_Address
-eMail
-E-mail
-E-Mail
-e_mail
-EmailID
 emailID
-Email_Id
-email_Id
+EmailID
 userEmail
-UserEmail
 user_email
-User_email
 username
 Username
 user
 User
-users
-Users
-userName
-UserName
-uName
-uname
-User_Name
-user_name
-mailID
-MailID
-mail_id
-Mail_id
-contactEmail
-ContactEmail
-contact_email
-Contact_Email
-registerEmail
-RegisterEmail
-register_email
-Register_email
-loginEmail
-LoginEmail
-login_email
-Login_email
-accountEmail
-AccountEmail
+login
+Login
+loginId
+LoginId
+login_id
+account
+accountName
+account_name
+identifier
+userIdentifier
+member
+memberId
+customer
+customerId
+client
+employee
+staff
+admin
+adminEmail
+admin_email
+adminUser
+administrator
+owner
+operator
+superuser
+root
 //*[@type="email"]
-//*[@type="Email"]
-//*[@type="emial"]
-//*[@type="EMAIL"]
-//*[@type="mail"]
-//*[@type="EmailAddress"]
-//*[@type="email_address"]
-//*[@type="eMail"]
-//*[@type="E-Mail"]
-//*[@type="e_mail"]
-//*[@type="EmailID"]
-//*[@type="userEmail"]
-//*[@type="username"]
-//*[@type="user"]
-//*[@type="users"]
-//*[@type="userName"]
-//*[@type="uName"]
-//*[@type="mailID"]
-//*[@type="contactEmail"]
-//*[@type="registerEmail"]
-//*[@type="loginEmail"]
-//*[@type="accountEmail"]
+//*[@autocomplete="email"]
+//*[@name="email"]
+//*[@name="username"]
+//*[@name="login"]
+//*[@name="identifier"]
+//*[@name="admin"]
+//*[@id="email"]
+//*[@id="username"]
+//*[@id="login"]
+//*[@id="identifier"]
+//*[@id="admin"]

data/InputSelectors.txt

@@ -1 +1,18 @@
-input
+input
+email
+username
+login
+password
+token
+csrf
+authToken
+session
+sessionId
+securityQuestion
+securityAnswer
+role
+userRole
+accountType
+isAdmin
+is_admin
+admin

data/PassSelectors.txt

@@ -2,81 +2,41 @@ password
 Password
 pass
 Pass
-pswd
-PSWD
-//*[@type="password"]
-//*[@type="Password"]
-//*[@type="pass"]
-//*[@type="Pass"]
-//*[@type="pswd"]
-//*[@type="PSWD"]
-password
-Password
-pass
-Pass
-pswd
-PSWD
 passwd
 Passwd
-pword
-Pword
 pwd
 PWD
-pass_word
-Pass_word
-passwrd
-Passwrd
-password1
-Password1
-password_1
-Password_1
-psswd
-Psswd
-passField
-PassField
-pwdField
-PwdField
-passwordField
-PasswordField
+pword
+passcode
+secret
+secretKey
 loginPassword
-LoginPassword
 userPassword
-UserPassword
-userPwd
-UserPwd
+adminPassword
+rootPassword
+ownerPassword
+accountPassword
+newPassword
+confirmPassword
+passwordRepeat
+password_confirmation
+pin
+securityCode
+accessCode
+auth
 authentication
-Authentication
+credential
+credentialValue
 //*[@type="password"]
-//*[@type="Password"]
-//*[@type="pass"]
-//*[@type="Pass"]
-//*[@type="pswd"]
-//*[@type="PSWD"]
-//*[@type="passwd"]
-//*[@type="Passwd"]
-//*[@type="pword"]
-//*[@type="Pword"]
-//*[@type="pwd"]
-//*[@type="PWD"]
-//*[@type="pass_word"]
-//*[@type="Pass_word"]
-//*[@type="password1"]
-//*[@type="Password1"]
-//*[@type="password_1"]
-//*[@type="Password_1"]
-//*[@type="psswd"]
-//*[@type="Psswd"]
-//*[@type="passField"]
-//*[@type="PassField"]
-//*[@type="pwdField"]
-//*[@type="PwdField"]
-//*[@type="passwordField"]
-//*[@type="PasswordField"]
-//*[@type="loginPassword"]
-//*[@type="LoginPassword"]
-//*[@type="userPassword"]
-//*[@type="UserPassword"]
-//*[@type="userPwd"]
-//*[@type="UserPwd"]
-//*[@type="authentication"]
-//*[@type="Authentication"]
+//*[@autocomplete="current-password"]
+//*[@autocomplete="new-password"]
+//*[@name="password"]
+//*[@name="pass"]
+//*[@name="pwd"]
+//*[@name="secret"]
+//*[@name="securityCode"]
+//*[@id="password"]
+//*[@id="pass"]
+//*[@id="pwd"]
+//*[@id="secret"]
+//*[@id="securityCode"]

data/values.txt

@@ -1,6 +1,27 @@
-password
-passwordRepeat
 email
 Email
+username
+Username
+login
+identifier
+password
+passwordRepeat
+password_confirmation
 securityQuestion
 securityAnswer
+token
+csrf
+apiKey
+sessionId
+role
+userRole
+accountType
+accountStatus
+status
+state
+isAdmin
+is_admin
+admin
+administrator
+permissions
+scope