SQLi Scanner

[chioara3]

Salut, am gasit un SQLi Scanner si am decis sa il impart cu voi.

Poate cuiva ii va fii de folos .

Ce este SQLi Scanner? - SQLi Scanner este un scanner care cauta site-uri vulnerabile la injectia sql.

Puteti seta ce site-uri sa caute(de vanzare, cumparare, etc) si cate sa caute. Voi alegeti .

Download : https://rapidshare.com/#!download|537p2|365928145|SEKURITY.WS Scanner.exe|25|0|0

Virus Total : https://www.virustotal.com/file/64d80ece19df83a2d7d9548e90044d0a49937d5568eb5f7d6cd7436071ff4add/analysis/

//Edit : Dorks :

inurl:mypage.php?id=
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()

Cum se foloseste?

Intrati in CMD, click dreapta pe SEKURITY.WS Scanner si il bagati in cmd.

Pe urma, salvati dorks-urile de mai sus intr-un format .txt si le bagati dupa ce ati bagat SEKURITY.WS Scanner in cmd.

La amount of pages to search per dork voi alegeti. Enter pe urma.

La domain dati enter.

La keyword iar enter.

La scan timeout de preferat 5000.

Pe urma el va cauta siteurile vulnerabile la SQLi si le va salva pe desktop intr-un format .txt.

Sper ca am fost de folos.

Daca va place +1 rep.

Salut, chioara3.

//Edit : Imi cer scuze ca v-am indus in eroare si ca nu am bagat dorks-urile, cum se foloseste programul si am creeat neplaceri.

Edited July 20, 2012 by chioara3

[afumat]

nu imi merge..

[chioara3]

nu imi merge..

Ti se pare... mie imi merge bine

[raze]

nici mie nu mi-a mers. in fisierul .txt de pe desktop in care ar trebui sa fie afisate siteurile vulnerabile la SQLi, nu imi apar.

[Kay97]

nici mie nu mi-a mers. in fisierul .txt de pe desktop in care ar trebui sa fie afisate siteurile vulnerabile la SQLi, nu imi apar.

la sfarsit ,cand termina de scanat,se deschide automat fisierul .txt cu siteurile vulnerabile

[rohaxx0r]

Havij cred ca face acelasi lucru dupa cate stiu eu...

[SticKyWoX]

Havij cred ca face acelasi lucru dupa cate stiu eu...

Havij nu e scanner, e exploiter.

Programul asta scaneaza dupa site-uri vulnerabile la SQLi, pe cand Havijul le exploateaza.

[dark87]

Anubis - Analysis Report

http://www.threatexpert.com/report.aspx?md5=774ead380dd082f1301fa3e2243e85ee

Eu l-as rula intr-o masina virtuala

Edited October 12, 2012 by dark87

[Benz]

One simple thing i don't get it: De ce nu-mi da nici un rezultat ? Mi se deschide .txt-ul de care vorbesti (la sfarsit) si e GOL...

[Z.D.O]

Chiorule, e ceva de capu` la scanerul asta? ca sa nu ma obosesc sa-l iau degeaba.

[wdq]

i`am dat un scan acum sa vad ce poate a ajuns pe la

[76/165]Dork: inurl:shop.php?do=part&id=

si a ramas asa de vreo 10 minute

[duksss]

acum il testez si eu revin cu un rezultat

[Shin]

News?

[lutulik]

Un echivalent pe linux nu stiti care ar fi?

[bc-vnt]

Scan result

[danika]

nice

[Htich]

Poti sa ii faci uploadul in alta parte , site down.

Multumesc

[bo0gHy]

Foarte bun programu , mersi mullllttt

[Masterpxe]

Link ?

[xTremeSurfer]

[Python] Apollo.py - Pastebin.com have fun !