python SQL Injection Scaner 转摘至http://www.doczj.com/doc/4ee2826caaea998fcc220e89.html/pythonfocus?checked=true
#!/usr/bin/python
#-*-coding=utf-8-*-
#Author:@xfk
#blog:@http://www.doczj.com/doc/4ee2826caaea998fcc220e89.html/kaiyongdeng
#Date:@2012-05-07
#Example site:@http://www.doczj.com/doc/4ee2826caaea998fcc220e89.html/pagina.php?cod=1
#将要扫描的网站写入当前目录文件中。python xxx.py xxx.txt
import urllib
import os
import sys
if http://www.doczj.com/doc/4ee2826caaea998fcc220e89.html == "nt":
os.system("cls")
else:
os.system("clear")
def usage():
print """
=================SQL INJECTION=====================
Usage:python %s %s
""" %(sys.argv[0],sys.argv[1])
def scanner(url):
try:
page = urllib.urlopen(url).read()
except:
print "[-]Error!!!\n"
return(0)
# 如果一个网站存在SQL注入的话就,当你使用基本的尝试方法去测试时页面会出现如下报错。
sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in", "[Microsoft][ODBC SQL Server Driver][SQL Server]",
"Warning:ociexecute",
"Warning: pq_query[function.pg-query]:")
i=0
page = str(page.lower())
while isql = str(sqls[i]).lower()
if page.find(sql[i]) == -1:
check=0
else:
check=1
i+=1
if check == 0:
print "[-]"+url+" "
else:
print "[+]"+url+" "
def main(args):
if len(args)!=1:
usage()
print "\t[-]Mode to use: %s \n" % sys.argv[0]
print "\t[-]Example: %s Site.txt\n" % sys.argv[0]
# print sys.argv[0],sys.argv[1],len(args)
sys.exit(0)
usage()
try: