-
Notifications
You must be signed in to change notification settings - Fork 1
/
sqliscanner.py
71 lines (56 loc) · 3.71 KB
/
sqliscanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
import requests, json, re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
from colorama import init
from termcolor import colored
init()
class sqliScannerClass():
def __init__(self):
# SQL Error Messages
self.MySQL = ["SQL syntax.*MySQL", "Warning.*mysql_.*", "valid MySQL result", "MySqlClient\."]
self.PostgreSQL = ["PostgreSQL.*ERROR", "Warning.*\Wpg_.*", "valid PostgreSQL result", "Npgsql\."]
self.MicrosoftSQLServer = ["Driver.* SQL[\-\_\ ]*Server", "OLE DB.* SQL Server", "(\W|\A)SQL Server.*Driver", "Warning.*mssql_.*", "(\W|\A)SQL Server.*[0-9a-fA-F]{8}", "(?s)Exception.*\WSystem\.Data\.SqlClient\.", "(?s)Exception.*\WRoadhouse\.Cms\."]
self.MicrosoftAccess = ["Microsoft Access Driver", "JET Database Engine", "Access Database Engine"]
self.Oracle = ["\bORA-[0-9][0-9][0-9][0-9]", "Oracle error", "Oracle.*Driver", "Warning.*\Woci_.*", "Warning.*\Wora_.*"]
self.IBMDB2 = ["CLI Driver.*DB2", "DB2 SQL error", "\bdb2_\w+\("]
self.SQLite = ["SQLite/JDBCDriver", "SQLite.Exception", "System.Data.SQLite.SQLiteException", "Warning.*sqlite_.*", "Warning.*SQLite3::", "\[SQLITE_ERROR\]"]
self.Sybase = ["(?i)Warning.*sybase.*", "Sybase message", "Sybase.*Server message.*"]
def createSqliUrl(self,url):
try:
urlParams = url.split("?")[1]
except:
return
urlParams = urlParams.split("&")
for param in urlParams:
try:
param = param.split("=")
paramStr = str(param[0]+"="+param[1])
#Check for sqli using '
paramExploitStr = paramStr+"'"
newUrl = url.replace(paramStr,paramExploitStr)
self.checkSqli(newUrl)
#Check for sql using "
paramExploitStr = paramStr+'"'
newUrl = url.replace(paramStr,paramExploitStr)
self.checkSqli(newUrl)
except:
pass
def checkSqli(self,url):
r = requests.get(url,verify=False,timeout=10)
html = r.text
for regg in self.MySQL:
if(re.search(regg, html)): print(colored("[Vulnerable][MySql]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.PostgreSQL:
if(re.search(regg, html)): print(colored("[Vulnerable][PostgreSQL]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.MicrosoftSQLServer:
if(re.search(regg, html)): print(colored("[Vulnerable][MicrosoftSQLServer]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.MicrosoftAccess:
if(re.search(regg, html)): print(colored("[Vulnerable][MicrosoftAccess]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.Oracle:
if(re.search(regg, html)): print(colored("[Vulnerable][Oracle]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.IBMDB2:
if(re.search(regg, html)): print(colored("[Vulnerable][IBMDB2]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.SQLite:
if(re.search(regg, html)): print(colored("[Vulnerable][SQLite]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return
for regg in self.Sybase:
if(re.search(regg, html)): print(colored("[Vulnerable][Sybase]\t" , 'green' , attrs=['bold']) , colored(url , 'red' , attrs=['bold']));return