11 Okt 2012

SqliChecker

SqliChecker is simple python script which can perform link checking for SQLi. Script reads target file and check every link in file for vulnerability … Usage is simple:
python sqliChecker.py FILE_NAME
For now there is no threading support, but i working on it! Enjoy :)






001#!/usr/bin/python
002# This was written for educational purpose and pentest only. Use it at your own risk.
003# Author will be not responsible for any damage!
004# !!! Special greetz for my friend sinner_01 !!!
005# Toolname        : sqliChecker.py
006# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
007# Version         : 0.1
008# Greetz for rsauron and low1z, great python coders
009# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org
010#
011 
012import os, sys, subprocess, socket, urllib2, re, time
013 
014try:
015    set
016except NameError:
017    from sets import Set as set
018     
019def timer():
020    sec = time.time()
021    return sec
022 
023 
024def logo():
025    print "\n|---------------------------------------------------------------|"
026        print "| b4ltazar[@]gmail[dot]com                                      |"
027        print "|   05/2012     sqliChecker.py v.0.1                            |"
028        print "| b4ltazar.wordpress.com     &      ljuska.org                  |"
029        print "|                                                               |"
030        print "|---------------------------------------------------------------|\n"
031         
032     
033if sys.platform == 'linux' or sys.platform == 'linux2':
034  subprocess.call("clear", shell=True)
035  logo()
036else:
037  subprocess.call("cls", shell=True)
038  logo()
039 
040timeout = 10
041socket.setdefaulttimeout(timeout)
042log = "sqlivuln.txt"
043logfile = open(log, "a")
044urls = []
045vuln = []
046 
047sqlerrors = {'MySQL': 'error in your SQL syntax',
048             'MiscError': 'mysql_fetch',
049             'MiscError2': 'num_rows',
050             'Oracle': 'ORA-01756',
051             'JDBC_CFM': 'Error Executing Database Query',
052             'JDBC_CFM2': 'SQLServer JDBC Driver',
053             'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
054             'MSSQL_Uqm': 'Unclosed quotation mark',
055             'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
056             'MS-Access_JETdb': 'Microsoft JET Database',
057             'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
058             'Server Error' : 'Server Error',
059             'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
060             'Invalid Querystring' : 'Invalid Querystring',
061             'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
062             'VBScript Runtime' : 'VBScript Runtime',
063             'ADODB.Field' : 'ADODB.Field',
064             'BOF or EOF' : 'BOF or EOF',
065             'ADODB.Command' : 'ADODB.Command',
066             'JET Database' : 'JET Database',
067             'mysql_fetch_array()' : 'mysql_fetch_array()',
068             'Syntax error' : 'Syntax error',
069             'mysql_numrows()' : 'mysql_numrows()',
070             'GetArray()' : 'GetArray()',
071             'FetchRow()' : 'FetchRow()',
072             'Input string was not in a correct format' : 'Input string was not in a correct format'}
073      
074       
075 
076if len(sys.argv) != 2:
077    print "[+] Usage: python sqliChecker.py <FILE>"
078    print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
079    print "[!] Exiting, thanks for using script"
080    sys.exit(1)
081           
082checklist = sys.argv[1]
083starttimer = timer()
084 
085try:
086  check = open(checklist, "r")
087  checkline = check.readlines()
088  print "[!] You have",len(checkline),"links to check\n"
089except(IOError):
090  print "[-] Error, check your path or file name!"
091  print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
092  print "[!] Exiting, thanks for using script"
093  sys.exit(1)
094   
095for url in checkline:
096    url = url.replace("\n", "")
097    url = url.rsplit('=', 1)[0]+"="
098    url = url+"'"
099    urls.append(url)
100     
101 
102def classicINJ(url):
103    num = 1
104    for url in urls:
105        try:
106            source = urllib2.urlopen(url).read()
107            for type,eMSG in sqlerrors.items():
108                if re.search(eMSG, source):
109                    print num,"/",len(urls), "w00t!,w00t!:", url, "Error:", type, " ---> SQL Injection Found"
110                    vuln.append(url)
111                else:
112                    pass
113        except:
114            pass
115         
116        num += 1
117 
118     
119 
120if __name__ == "__main__":
121    classicINJ(url)    
122    print "\n[!] There is %s vulnerable sites to SQL Injection" % len(vuln)
123    vulnerable = list(set(vuln))
124    print "[+] Without duplicates we have %s vulnerable sites to SQL Injection" % len(vulnerable)
125    for v in vulnerable:
126        logfile.write("\n"+v)
127         
128    endtimer = timer()
129    print "\n[+] Time used for checking :", int(((endtimer-starttimer) / 60)), "minutes"
130    print "[+] Average time per link is :", int(((endtimer-starttimer) / float(len(checkline)))), "seconds"
131    print "[+] Please visit ljuska.org & b4ltazar.wordpress.com" 




 Sourche

Terimakasih telah membaca artikel SqliChecker,semoga bermanfaat!

Berlangganan FEED via email

----------welcome to blog gila----------

SqliChecker

Copyright  © Blog GILA- Blog GIla - - All Right Reserved. | Theme Edited by junotz

Berbagai Tips Dan Tutorial Gratis | Tips tutorial Gratis