SQL Injection Scanner

SQL Injection Scanner

sql logo 300x300 SQL Injection Scanner

 

Informazioni:

SQL Injection Scanner è uno scanner che cerca le vulnerabilità SQL nei siti Web.

 

SQLScan 300x150 SQL Injection Scanner

 

Il software è in Python ed è disponibile per Windows e per Linux.

Versione per Windows (64bit): Download

Versione per Windows (32bit): Download

Versione per Linux: Download

Sorgente:

import urllib
import time
import sys
from sgmllib import SGMLParser
 
class URLLister(SGMLParser):
   def reset(self):                             
      SGMLParser.reset(self)
      self.urls = []
 
   def start_a(self, attrs):                    
      href = [v for k, v in attrs if k=='href']
      if href:
         self.urls.extend(href)
 
def scan():
   try:
      time.sleep(0.4)
      test = urllib.urlopen(see)
      data = test.read()
      sys.stdout.write("Controllo => %s" % ( see.replace("'","") ))
      info = "n==>Vulnerabile in una MySQL Injection"
      time.sleep(0.7)
      if data.find("Microsoft JET Database") != -1:
         print info, ": Microsoft JET Databasen"
      elif data.find("Division by zero in") != -1:
         print info, ": Division by zeron"
      elif data.find("Warning") != -1:
         print info, ": Warning"
      elif data.find("ODBC Microsoft Access Driver") != -1:
         print info, ":ODBC Microsoft Access Drivern"
      elif data.find("Microsoft OLE DB Provider") != -1:
         print info, ":Microsoft OLE DB Providern"
      elif data.find("Error Executing Database Query") != -1:
         print info, ":Error Executing Database Queryn"
      elif data.find("Unclosed quotation mark") != -1:
         print info, ":Unclosed quotation markn"
      else:
         test.close()
         print "<= Non Vulnerabilen"
   except KeyboardInterrupt:
      print "<= Scansione terminatan" 
      exit()
      test.close()
try:
   print """
 
    _____  ____  _         _____                 
   / ____|/ __ | |       / ____|                
  | (___ | |  | | |      | (___   ___  __ _ _ __ 
   ___ | |  | | |       ___  / __|/ _` | '_ 
   ____) | |__| | |____   ____) | (__| (_| | | | |
  |_____/ __________| |_____/ ___|__,_|_| |_|
 
 * Created By ^4st3r1X^   
 * Digitate il link o il sito in questo formato:
 www.sito.it
 www.sito.it/index.html                                        
 
   """
   server = raw_input("Server: ")
   link = "http://%s" % (server)
   s = urllib.urlopen(link)
   parser = URLLister()
   parser.feed(s.read())
   info = s.info()
   print "n=> Inizio Scansione "
   s.close()
   parser.close()
   for url in parser.urls:
      noslash = url[:1]
      if url.find("http://") != -1:
         see = "%s'" % (url)
         try:
            scan()
         except IOError,msg:
            pass
      elif noslash == "/":
         see = "%s%s'" % (link, url)
         try:
            scan()
         except IOError,msg:
            pass
      elif url.find("mailto:") != -1:
         pass
      else:
         see = "%s/%s'" % (link, url)
         try:
            scan()
         except IOError,msg:
            pass
   print "nScansione Terminata <="
except KeyboardInterrupt:
   print "<= Scansione terminatan"
   exit()

 

 

 

 

 

 

 

 




pixel SQL Injection Scanner

Add a Comment

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *