SQLi Checker | BOT24

SQLi Checker


#!/usr/bin/python
# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : sqliChecker.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 0.1
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org
#

import os, sys, subprocess, socket, urllib2, re, time

try:
set
except NameError:
from sets import Set as set

def timer():
sec = time.time()
return sec


def logo():
print "|---------------------------------------------------------------|\n"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   05/2012     sqliChecker.py v.0.1                            |"
        print "| b4ltazar.wordpress.com     &      ljuska.org                  |"
        print "|                                                               |"
        print "|---------------------------------------------------------------|\n"


if sys.platform == 'linux' or sys.platform == 'linux2':
  subprocess.call("clear", shell=True)
  logo()
else:
  subprocess.call("cls", shell=True)
  logo()

timeout = 10
socket.setdefaulttimeout(timeout)
log = "sqlivuln.txt"
logfile = open(log, "a")
urls = []
vuln = []

sqlerrors = {'MySQL': 'error in your SQL syntax',
             'MiscError': 'mysql_fetch',
             'MiscError2': 'num_rows',
             'Oracle': 'ORA-01756',
             'JDBC_CFM': 'Error Executing Database Query',
             'JDBC_CFM2': 'SQLServer JDBC Driver',
             'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
             'MSSQL_Uqm': 'Unclosed quotation mark',
             'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
             'MS-Access_JETdb': 'Microsoft JET Database',
             'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
             'Server Error' : 'Server Error',
             'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
             'Invalid Querystring' : 'Invalid Querystring',
             'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
             'VBScript Runtime' : 'VBScript Runtime',
             'ADODB.Field' : 'ADODB.Field',
             'BOF or EOF' : 'BOF or EOF',
             'ADODB.Command' : 'ADODB.Command',
             'JET Database' : 'JET Database',
             'mysql_fetch_array()' : 'mysql_fetch_array()',
             'Syntax error' : 'Syntax error',
             'mysql_numrows()' : 'mysql_numrows()',
             'GetArray()' : 'GetArray()',
             'FetchRow()' : 'FetchRow()',
             'Input string was not in a correct format' : 'Input string was not in a correct format'}



if len(sys.argv) != 2:
print "[+] Usage: python sqliChecker.py <FILE>"
print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
print "[!] Exiting, thanks for using script"
sys.exit(1)

checklist = sys.argv[1]
starttimer = timer()

try:
  check = open(checklist, "r")
  checkline = check.readlines()
  print "[!] You have",len(checkline),"links to check\n"
except(IOError):
  print "[-] Error, check your path or file name!"
  print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
  print "[!] Exiting, thanks for using script"
  sys.exit(1)

for url in checkline:
url = url.replace("\n", "")
url = url.rsplit('=', 1)[0]+"="
url = url+"'"
urls.append(url)


def classicINJ(url):
num = 1
for url in urls:
try:
source = urllib2.urlopen(url).read()
for type,eMSG in sqlerrors.items():
if re.search(eMSG, source):
print num,"/",len(urls), "w00t!,w00t!:", url, "Error:", type, " ---> SQL Injection Found"
vuln.append(url)
else:
pass
except:
pass

num += 1



if __name__ == "__main__":
classicINJ(url)
print "\n[!] There is %s vulnerable sites to SQL Injection" % len(vuln)
vulnerable = list(set(vuln))
print "[+] Without duplicates we have %s vulnerable sites to SQL Injection" % len(vulnerable)
for v in vulnerable:
logfile.write("\n"+v)

endtimer = timer()
print "\n[+] Time used for checking :", int(((endtimer-starttimer) / 60)), "minutes"
print "[+] Average time per link is :", int(((endtimer-starttimer) / float(len(checkline)))), "seconds"
print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"





//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this information

Share on Google Plus

About Bradley Susser

    Blogger Comment
    Facebook Comment

0 comments :

Post a Comment