python sqliChecker.py FILE_NAME


# This was written for educational purpose and pentest only. Use it at your own risk.
# Author will be not responsible for any damage!
# !!! Special greetz for my friend sinner_01 !!!
# Toolname        : sqliChecker.py
# Coder           : baltazar a.k.a b4ltazar < b4ltazar@gmail.com>
# Version         : 0.1
# Greetz for rsauron and low1z, great python coders
# greetz for d3hydr8, r45c4l, qk, fx0, Soul, MikiSoft, c0ax, b0ne, tek0t and all members of ex darkc0de.com, ljuska.org

import os
import sys
import subprocess
import socket
import urllib2
import re
import time

except NameError:
    from sets import Set as set

def timer():
    sec = time.time()
    return sec

def logo():
    print "\n|---------------------------------------------------------------|"
        print "| b4ltazar[@]gmail[dot]com                                      |"
        print "|   05/2012     sqliChecker.py v.0.1                            |"
        print "| b4ltazar.wordpress.com     &      ljuska.org                  |"
        print "|                                                               |"
        print "|---------------------------------------------------------------|\n"

if sys.platform == 'linux' or sys.platform == 'linux2':
    subprocess.call("clear", shell=True)
    subprocess.call("cls", shell=True)

timeout = 10
log = "sqlivuln.txt"
logfile = open(log, "a")
urls = []
vuln = []

sqlerrors = {'MySQL': 'error in your SQL syntax',
             'MiscError': 'mysql_fetch',
             'MiscError2': 'num_rows',
             'Oracle': 'ORA-01756',
             'JDBC_CFM': 'Error Executing Database Query',
             'JDBC_CFM2': 'SQLServer JDBC Driver',
             'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
             'MSSQL_Uqm': 'Unclosed quotation mark',
             'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
             'MS-Access_JETdb': 'Microsoft JET Database',
             'Error Occurred While Processing Request': 'Error Occurred While Processing Request',
             'Server Error': 'Server Error',
             'Microsoft OLE DB Provider for ODBC Drivers error': 'Microsoft OLE DB Provider for ODBC Drivers error',
             'Invalid Querystring': 'Invalid Querystring',
             'OLE DB Provider for ODBC': 'OLE DB Provider for ODBC',
             'VBScript Runtime': 'VBScript Runtime',
             'ADODB.Field': 'ADODB.Field',
             'BOF or EOF': 'BOF or EOF',
             'ADODB.Command': 'ADODB.Command',
             'JET Database': 'JET Database',
             'mysql_fetch_array()': 'mysql_fetch_array()',
             'Syntax error': 'Syntax error',
             'mysql_numrows()': 'mysql_numrows()',
             'GetArray()': 'GetArray()',
             'FetchRow()': 'FetchRow()',
             'Input string was not in a correct format': 'Input string was not in a correct format'}

if len(sys.argv) != 2:
    print "[+] Usage: python sqliChecker.py "
    print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
    print "[!] Exiting, thanks for using script"

checklist = sys.argv[1]
starttimer = timer()

    check = open(checklist, "r")
    checkline = check.readlines()
    print "[!] You have", len(checkline), "links to check\n"
    print "[-] Error, check your path or file name!"
    print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"
    print "[!] Exiting, thanks for using script"

for url in checkline:
    url = url.replace("\n", "")
    url = url.rsplit('=', 1)[0] + "="
    url = url + "'"

def classicINJ(url):
    num = 1
    for url in urls:
            source = urllib2.urlopen(url).read()
            for type, eMSG in sqlerrors.items():
                if re.search(eMSG, source):
                    print num, "/", len(urls), "w00t!,w00t!:", url, "Error:", type, " ---> SQL Injection Found"

        num += 1

if __name__ == "__main__":
    print "\n[!] There is %s vulnerable sites to SQL Injection" % len(vuln)
    vulnerable = list(set(vuln))
    print "[+] Without duplicates we have %s vulnerable sites to SQL Injection" % len(vulnerable)
    for v in vulnerable:
        logfile.write("\n" + v)

    endtimer = timer()
    print "\n[+] Time used for checking :", int(((endtimer - starttimer) / 60)), "minutes"
    print "[+] Average time per link is :", int(((endtimer - starttimer) / float(len(checkline)))), "seconds"
    print "[+] Please visit ljuska.org & b4ltazar.wordpress.com"

Copyright : b4ltazar
Beautified with Atom

Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+
Rbcafe © 2004- | Rb Cafe 1.3 | Contatto Rbcafe | Rbcafe su Twitter | Rbcafe su Facebook | Politica sulla riservatezza