SQL Injection Search Domain

SQL Injection Search Domain
5 (100%) 1 vote

sql logo1 300x300 SQL Injection Search Domain

 

Informazioni:

SQL Injection Domain Scanner è uno scanner che cerca i siti Web vulnerabili in modo automatico.

Si appoggia su Google sfruttando le Google Dorks , bisogna solo assegnarli un numero di pagine da visitare e il software stamperà a schermo tutti i siti vulnerabili e li salverà sul file “scansione.txt”.

 

SQLDomain 300x150 SQL Injection Search Domain

 

Il software è in Python ed è disponibile per Windows e per Linux.

Versione per Windows(64bit): Download

Versione per Windows(32bit): Download

Versione per Linux: Download

 

Sorgente:

 

import urllib
import time
from urllib import FancyURLopener
from sgmllib import SGMLParser
print "* Sql injection domain searchn* By ^4st3r1X^ "
class MyOpener(FancyURLopener):
   version = "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11"
class URLLister(SGMLParser):
   def reset(self):                             
      SGMLParser.reset(self)
      self.urls = []
   def start_a(self, attrs):                   
      href = [v for k, v in attrs if k=='href']
      if href:
      self.urls.extend(href) 
 
oepn = MyOpener()
start = oepn.open("http://google.it")
aaa = start.read()
pag = input("Pagine da ricercare: ")
filee = open("scansione.txt", "a")
print "nRicerca in corso...n"
for link2 in range(pag):
   time.sleep(0.5)
   ricerca2 = "%s" % (10*link2)
   link3 =  'http://www.google.it/search?q=A+syntax+error+has+occurred+filetype:ihtml&hl=it&biw=1366&bih=585&prmd=ivns&ei=1wwHTpXRF4X4sgbVk-C6DA&start=%s&sa=N'  % (ricerca2)
   own2 = link3+ricerca2
   print "nRicerca pagina numero %d" % (link2)
   s2 = oepn.open(own2)
   parser2 = URLLister()
   parser2.feed(s2.read())
   s2.close()
   parser2.close()
   for url2 in parser2.urls:
      if url2.find(".google.it/") != -1:
         pass
      elif url2.find(".youtube.com/") != -1:
         pass
      else:
         try:
            logg = "%sn" % (url2)
            connz2 = oepn.open(url2)
            data2 = connz2.read()
            if data2.find("Microsoft JET Database") != -1:
               print url2, "<= vulnerabile (Microsoft JET Database)n"
               filee.write(logg)
            elif data2.find("Division by zero in") != -1:               
               print url2, "<= vulnerabile (Division by zero)n"
               filee.write(logg)
            elif data2.find("Warning") != -1:
               print url2, "<= vulnerabile (Warning)n"
               filee.write(logg)
            elif data2.find("ODBC Microsoft Access Driver") != -1:
               print url2, "<= vulnerabile (ODBC Microsoft Access Driver)n"
               filee.write(logg)
            elif data2.find("Microsoft OLE DB Provider") != -1:
               print url2, "<= vulnerabile (Microsoft OLE DB Provider)n"
               filee.write(logg)
            elif data2.find("Error Executing Database Query") != -1:
               print url2, "<= vulnerabile (Error Executing Database Query)n"
               filee.write(logg)
            elif data2.find("Unclosed quotation mark") != -1:
               print url2, "<= vulnerabile (Error Executing Database Query)n"
               filee.write(logg)
            elif data2.find("A syntax error has occurred") != -1:
               print url2, "<= vulnerabile (A syntax error has occurred)n"
               filee.write(logg)
            elif data2.find("SQL Error: ") != -1:
               print url2, "<= vulnerabile (SQL Error)n"
               filee.write(logg)
            connz2.close()
         except KeyboardInterrupt:
            print "nScansione terminata"
            filee.close()
            exit()
         except:
            pass  
 
print "nScansione terminata"
filee.close()

 

 

 

 

 

 




pixel SQL Injection Search Domain
7 Comments

Add a Comment

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *