def singlescan(url): """instance to scan single targeted domain""" if urlparse(url).query != '': if scanner.scan([url]) != []: # scanner.scan print if vulnerable # therefore exit exit(0) else: print "" # move carriage return to newline io.stdout("no SQL injection vulnerability found") option = io.stdin("do you want to crawl and continue scanning? [Y/N]", ["Y", "N"], upper=True) if option == 'N': return False # crawl and scan the links # if crawl cannot find links, do some reverse domain io.stdout("crawling {}".format(url)) urls = crawler.crawl(url) if not urls: io.stdout("found no suitable urls to test SQLi") #io.stdout("you might want to do reverse domain") return False io.stdout("found {} urls from crawling".format(len(urls))) vulnerables = scanner.scan(urls) if vulnerables == []: io.stdout("no SQL injection vulnerability found") return False return vulnerables
def test_scanner_throws_error_on_bad_integer(): tests = ("5abc", "4_", "59595a4949") for test in tests: try: scan(test) except ValueError: continue else: assert False, test + " must throw a ValueError"
def test_scanner_throws_error_on_invalid_char(): tests = ("£", "$", "@") for test in tests: try: scan(test) except ValueError: continue else: assert False, test + " must throw a ValueError"
def test_scanner_on_lists(): tests = ( ("()", [(TokenType.LEFT_BRACKET, "("), (TokenType.RIGHT_BRACKET, ")")]), ("(", [(TokenType.LEFT_BRACKET, "(")]), (")", [(TokenType.RIGHT_BRACKET, ")")]), ( "()(())", [ (TokenType.LEFT_BRACKET, "("), (TokenType.RIGHT_BRACKET, ")"), (TokenType.LEFT_BRACKET, "("), (TokenType.LEFT_BRACKET, "("), (TokenType.RIGHT_BRACKET, ")"), (TokenType.RIGHT_BRACKET, ")"), ], ), ( "(abc(123)ghi)", [ (TokenType.LEFT_BRACKET, "("), (TokenType.SYMBOL, "abc"), (TokenType.LEFT_BRACKET, "("), (TokenType.INTEGER, "123"), (TokenType.RIGHT_BRACKET, ")"), (TokenType.SYMBOL, "ghi"), (TokenType.RIGHT_BRACKET, ")"), ], ), ) for given, expected in tests: assert scan(given) == expected
def test_scanner_on_single_literals(): tests = ( ("123", (TokenType.INTEGER, "123")), ("abc", (TokenType.SYMBOL, "abc")), ("a53e", (TokenType.SYMBOL, "a53e")), ) for given, expected in tests: assert scan(given) == [expected]
def check_file(urls): with open(urls, "r") as lines: urls_list = [] for line in lines: urls_list.append(line) vuls = scanner.scan(urls_list) with open("result.txt", "a") as result: for item in vuls: result.write("{}\n".format(item))
def singlescan(URL): """instance to scan single targeted domain""" if urlparse(URL).query != '': Result = scanner.scan([URL]) if Result != []: # scanner.scan print if vulnerable # therefore exit return Result else: print "" # move carriage return to newline std.stdout("no SQL injection vulnerability found") Option = std.stdin( "do you want to crawl and continue scanning? [Y/N]", ["Y", "N"], upper=True) if Option == 'N': return False # crawl and scan the links # if crawl cannot find links, do some reverse domain std.stdout("going to crawl {}".format(URL)) URLS = crawler.crawl(URL) if not URLS: std.stdout("found no suitable urls to test SQLi") #std.stdout("you might want to do reverse domain") return False std.stdout("found {} urls from crawling".format(len(URLS))) vulnerables = scanner.scan(URLS) if vulnerables == []: std.stdout("no SQL injection vulnerability found") return False return vulnerables
def singlescan(url): """instance to scan single targeted domain""" if urlparse(url).query != '': result = scanner.scan([url]) if result != []: # scanner.scan print if vulnerable # therefore exit return result else: print "" # move carriage return to newline std.stdout("no SQL injection vulnerability found") option = std.stdin("do you want to crawl and continue scanning? [Y/N]", ["Y", "N"], upper=True) if option == 'N': return False # crawl and scan the links # if crawl cannot find links, do some reverse domain std.stdout("going to crawl {}".format(url)) urls = crawler.crawl(url) if not urls: std.stdout("found no suitable urls to test SQLi") #std.stdout("you might want to do reverse domain") return False std.stdout("found {} urls from crawling".format(len(urls))) vulnerables = scanner.scan(urls) if vulnerables == []: std.stdout("no SQL injection vulnerability found") return False return vulnerables
def massiveScan(websites): """scan multiple websites / urls""" # scan each website one by one vulnerables = [] for website in websites: io.stdout("scanning {}".format(website), end="") if scanner.scan(website): io.showsign(" vulnerable") vulnerables.append(website) continue print "" # move carriage return to newline if vulnerables: return vulnerables io.stdout("no vulnerable websites found") return False
def singleScan(url): """instance to scan single targeted domain""" if urlparse(url).query != '': io.stdout("scanning {}".format(url), end="") if scanner.scan(url): io.showsign(" vulnerable") exit(0) else: print "" # move carriage return to newline io.stdout("no SQL injection vulnerability found") option = io.stdin( "do you want to crawl and continue scanning? [Y/N]").upper() while option != 'Y' and option != 'N': option = io.stdin( "do you want to crawl and continue scanning? [Y/N]").upper( ) if option == 'N': return False # crawl and scan the links # if crawl cannot find links, do some reverse domain io.stdout("crawling {}".format(url)) websites = crawler.crawl(url) if not websites: io.stdout("found no suitable urls to test SQLi") #io.stdout("you might want to do reverse domain") return False io.stdout("found {} urls from crawling".format(len(websites))) vulnerables = massiveScan(websites) if vulnerables == []: io.stdout("no SQL injection vulnerability found") return False return vulnerables
def test_scanner_on_compound_literals(): tests = ( ( "123 abc 123", [ (TokenType.INTEGER, "123"), (TokenType.SYMBOL, "abc"), (TokenType.INTEGER, "123"), ], ), ( "abc 40 a3e2", [ (TokenType.SYMBOL, "abc"), (TokenType.INTEGER, "40"), (TokenType.SYMBOL, "a3e2"), ], ), ) for given, expected in tests: assert scan(given) == expected
args = parser.parse_args() # find random SQLi by dork if args.dork != None and args.engine != None: std.stdout("searching for websites with given dork") # get websites based on search engine if args.engine in ["bing", "google", "yahoo"]: websites = eval(args.engine).search(args.dork, args.page) else: std.stderr("invalid search engine") exit(1) std.stdout("{} websites found".format(len(websites))) vulnerables = scanner.scan(websites) if not vulnerables: if args.s: std.stdout("saved as searches.txt") std.dump(websites, "searches.txt") exit(0) std.stdout("scanning server information") vulnerableurls = [result[0] for result in vulnerables] table_data = serverinfo.check(vulnerableurls) # add db name to info for result, info in zip(vulnerables, table_data): info.insert(1, result[1]) # database name
def run(self, argsttt): self.initparser() args = parser.parse_args() args.target = argsttt.target args.output = argsttt.output # find random SQLi by dork if args.dork != None and args.engine != None: std.stdout("searching for websites with given dork") # get websites based on search engine if args.engine in ["bing", "google", "yahoo"]: websites = eval(args.engine).search(args.dork, args.page) else: std.stderr("invalid search engine") exit(1) std.stdout("{} websites found".format(len(websites))) vulnerables = scanner.scan(websites) if not vulnerables: std.stdout( "you can still scan those websites by crawling or reverse domain." ) option = std.stdin("do you want save search result? [Y/N]", ["Y", "N"], upper=True) if option == 'Y': std.stdout("saved as searches.txt") std.dump(websites, "searches.txt") exit(0) std.stdout("scanning server information") vulnerableurls = [result[0] for result in vulnerables] table_data = serverinfo.check(vulnerableurls) # add db name to info for result, info in zip(vulnerables, table_data): info.insert(1, result[1]) # database name std.fullprint(table_data) # do reverse domain of given site elif args.target != None and args.reverse: std.stdout("finding domains with same server as {}".format( args.target)) domains = reverseip.reverseip(args.target) if domains == []: std.stdout("no domain found with reversing ip") exit(0) # if there are domains std.stdout("found {} websites".format(len(domains))) # ask whether user wants to save domains std.stdout( "scanning multiple websites with crawling will take long") option = std.stdin("do you want save domains? [Y/N]", ["Y", "N"], upper=True) if option == 'Y': std.stdout("saved as domains.txt") std.dump(domains, "domains.txt") # ask whether user wants to crawl one by one or exit option = std.stdin("do you want start crawling? [Y/N]", ["Y", "N"], upper=True) if option == 'N': exit(0) vulnerables = [] for domain in domains: vulnerables_temp = self.singlescan(domain) if vulnerables_temp: vulnerables += vulnerables_temp std.stdout("finished scanning all reverse domains") if vulnerables == []: std.stdout("no vulnerables webistes from reverse domains") exit(0) std.stdout("scanning server information") vulnerableurls = [result[0] for result in vulnerables] table_data = serverinfo.check(vulnerableurls) # add db name to info for result, info in zip(vulnerables, table_data): info.insert(1, result[1]) # database name std.fullprint(table_data) # scan SQLi of given site elif args.target: vulnerables = self.singlescan(args.target) if not vulnerables: exit(0) # show domain information of target urls std.stdout("getting server info of domains can take a few mins") table_data = serverinfo.check([args.target]) std.printserverinfo(table_data) print "" # give space between two table std.normalprint(vulnerables) # print help message, if no parameter is provided else: parser.print_help() # dump result into json if specified if args.output != None: #print vulnerables re = list() fo = open("Sqliv_scan.txt", "w") new_vul = {} for i in vulnerables: new_vul["url"] = i[0] new_vul["ways"] = i[1] re.append(new_vul) fo.write(str(re)) return jsonify(re)
def test_scanner_on_special_symbol_characters(): tests = ("?", "??", "is-alpha", "+", "-", "*", "/") for given in tests: assert scan(given) == [(TokenType.SYMBOL, given)]