-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathsqlscantarget.py
98 lines (80 loc) · 2.76 KB
/
sqlscantarget.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
# !/usr/bin/python
# coding=utf-8
import requests, glob, time, random
from urlparse import urlparse
import os, sys
from multiprocessing import Pool
import codecs
r = '\033[31m'
g = '\033[32m'
y = '\033[33m'
b = '\033[34m'
m = '\033[35m'
c = '\033[36m'
w = '\033[37m'
rr = '\033[39m'
def cls():
linux = 'clear'
windows = 'cls'
os.system([linux, windows][os.name == 'nt'])
def print_logo():
clear = "\x1b[0m"
colors = [36, 32, 34, 35, 31, 37]
x = """
SadCode Official
_____ _ _ __ _ _
/ ____| | (_) / _(_) | |
| (___ __ _| |_ | |_ _ _ __ __| | ___ _ __
\___ \ / _` | | | | _| | '_ \ / _` |/ _ \ '__|
____) | (_| | | | | | | | | | | (_| | __/ |
|_____/ \__, |_|_| |_| |_|_| |_|\__,_|\___|_|
| | Coded By VanGans
|_| Github.com/sadcode-org
"""
for N, line in enumerate(x.split("\n")):
sys.stdout.write("\x1b[1;%dm%s%s\n" % (random.choice(colors), line, clear))
time.sleep(0.05)
try:
with codecs.open('results/MyBeSqliVulnList.txt', mode='r', encoding='ascii', errors='ignore') as f:
ooo = f.read().splitlines()
except IOError:
cls()
print_logo()
print r + '---------------------------------------------------------'
print r + ' [' + y + '-' + r + '] ' + c + ' file MyBeSqliVulnList.txt Not Found! frist Run GetSqliTargets.py!!!'
sys.exit()
ooo = list((ooo))
def get_url(url):
try:
error = ["DB Error", "SQL syntax;", "mysql_fetch_assoc", "mysql_fetch_array", "mysql_num_rows",
"is_writable",
"mysql_result", "pg_exec", "mysql_result", "mysql_num_rows", "mysql_query", "pg_query",
"System Error",
"io_error", "privilege_not_granted", "getimagesize", "preg_match", "mysqli_result", 'mysqli']
if url.startswith("http://"):
url = url.replace("http://", "")
elif url.startswith("https://"):
url = url.replace("https://", "")
else:
pass
for s in error:
Checksqli = requests.get('http://' + url + "'", timeout=5)
if s in Checksqli.text.encode('utf-8'):
SQLI = url.replace("'", "")
break
with open('results/SQLI_OK.txt', 'a') as xx:
xx.write(SQLI + '\n')
print c + ' [' + y + '+' + c + '] ' + g + url + g + ' [OK]'
except:
pass
def goo():
try:
pp = Pool(65)
pp.map(get_url, ooo)
except:
pass
if __name__ == '__main__':
cls()
print_logo()
print c + ' [' + y + '+' + c + '] ' + y + ' Scanning #'
goo()