-
Notifications
You must be signed in to change notification settings - Fork 63
/
sqliscanner.py
81 lines (71 loc) · 3.18 KB
/
sqliscanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
import requests
import json
import re
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class sqliScannerClass():
def __init__(self):
#SQL Error Messages
self.MySQL = ["SQL syntax.*MySQL", "Warning.*mysql_.*", "valid MySQL result", "MySqlClient\."]
self.PostgreSQL = ["PostgreSQL.*ERROR", "Warning.*\Wpg_.*", "valid PostgreSQL result", "Npgsql\."]
self.MicrosoftSQLServer = ["Driver.* SQL[\-\_\ ]*Server", "OLE DB.* SQL Server", "(\W|\A)SQL Server.*Driver", "Warning.*mssql_.*", "(\W|\A)SQL Server.*[0-9a-fA-F]{8}", "(?s)Exception.*\WSystem\.Data\.SqlClient\.", "(?s)Exception.*\WRoadhouse\.Cms\."]
self.MicrosoftAccess = ["Microsoft Access Driver", "JET Database Engine", "Access Database Engine"]
self.Oracle = ["\bORA-[0-9][0-9][0-9][0-9]", "Oracle error", "Oracle.*Driver", "Warning.*\Woci_.*", "Warning.*\Wora_.*"]
self.IBMDB2 = ["CLI Driver.*DB2", "DB2 SQL error", "\bdb2_\w+\("]
self.SQLite = ["SQLite/JDBCDriver", "SQLite.Exception", "System.Data.SQLite.SQLiteException", "Warning.*sqlite_.*", "Warning.*SQLite3::", "\[SQLITE_ERROR\]"]
self.Sybase = ["(?i)Warning.*sybase.*", "Sybase message", "Sybase.*Server message.*"]
def createSqliUrl(self,url):
try:
urlParams = url.split("?")[1]
except:
return
urlParams = urlParams.split("&")
for param in urlParams:
try:
param = param.split("=")
paramStr = str(param[0]+"="+param[1])
#Check for sqli using '
paramExploitStr = paramStr+"'"
newUrl = url.replace(paramStr,paramExploitStr)
self.checkSqli(newUrl)
#Check for sql using "
paramExploitStr = paramStr+'"'
newUrl = url.replace(paramStr,paramExploitStr)
self.checkSqli(newUrl)
except:
pass
def checkSqli(self,url):
r = requests.get(url,verify=False,timeout=10)
html = r.content
for regg in self.MySQL:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.PostgreSQL:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.MicrosoftSQLServer:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.MicrosoftAccess:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.Oracle:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.IBMDB2:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.SQLite:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return
for regg in self.Sybase:
if(re.search(regg, html)):
print("Vulnerable\t"+url)
return