• Domain SQL Injector - Find SQL Injection on all sites hosted on server

    Hey Guys,

    Sharing a private python script - "Domain SQL Injector - Error Based SQLi Tool"

    The script has following features:
    1. Crawling : it can crawl all or requested number of pages on a website
    2. Reverse IP Look Up : it can find all sites hosted on a shared hosting server
    3. Single-Mode Attack : Crawl and find SQLi on single website and report
    4. Mass-Mode Attack : Find all sites hosted on domain, crawl one-by-one, find SQLi on each one-by-one and report
    5. Targets could be skipped while crawling if found too big or irrelevant. Though the script can not be paused but could be skipped to target next site.

    The script was developed as part of a Penetration Test assessment where Mass-Mode attack was required per clients request.

    The Banner
    Code:
    # ./Domain-SQLi-finder.py
    Attachment 252
    Script Help
    Code:
    ./Domain-SQLi-finder.py -h
    Attachment 251

    Single-Mode Attack - Targeting Single Website

    Code:
    ./Domain-SQLi-finder.py --verbose 1 --url demo.testfire.net --crawl 50 --pages 5 --output testfire-SQLi.txt
    Attachment 250
    It crawls all or requested number of pages, finds injectable links, finds injecatable parameters and tests SQLi payloads against each injectable parameter

    Attachment 249

    Mass-Mode Attack - Targeting whole domain


    Code:
    # ./Domain-SQLi-finder.py --verbose 1 --durl demo.testfire.net --crawl 50 --pages 5 --sites 4 --vulsites 2 --output testfire-SQLi.txt
    It starts with reserver IP lookup, if requested, and finds all domains hosted on shared hosting server

    Attachment 253
    Above you can see 3 domains were found hosted on single server

    Further, script would target each domain one-by-one, crawling, and testing SQLi against them

    Attachment 254
    Crawling....
    Attachment 255
    Usage:

    --verbose : Value 0 would display minimum messages required. Value 1 would display complete progress. By default, vebosity is OFF
    --output : Output file name to hold final result. If not specified, default file with name DSQLiResults.txt will be created under same directory

    Single-Mode Attack:
    --url : takes URL as input
    --crawl : Number of pages on website to crawl (default is set to 500). Chilkat library is used for crawling
    --pages : Number of vulnerable pages (injectable parameters) to find on site (default is 0 i.e. try and find all possible vulnerable pages)

    Mass-Mode Attack:
    --durl : URL of domain
    --sites : Number of sites to scan on domain. Default is 0 i.e scan all.
    --vulsites : Number of vulnerable sites to find before scanning would stop automatically. Default is 0 i.e. try to find all vulnerable sites
    --dcrawl : Number of pages on website to crawl (default is set to 500)
    --dpages : Number of vulnerable pages to find on site. Default is 0 i.e. try and find all possible vulnerable pages.

    --reverse : This option has dual role
    - If specified on command prompt with output file name, script would consider that user has done Reverse-IP lookup already i.e. a file is existing under same directory which has result of reverse-IP lookup and script just needs to read the file. This has another benefit - script doesn't have to do reverse IP lookup whenever fired. Just generate it once and if quitting script in between while targeting domain, the next time user just needs to provide it amended reverseIP Lookup file i.e. remove the already scanned target urls from list.
    - If this option is not specified on command prompt, the script would perform reverse-IP lookup itself



    Script generates few more files during scanning which could be considered as log files, e.g. crawler output file, unique links parsed output file, reverse-IP lookup output file.


    Cheers!

    PS: Part of credit goes to fb1 for not coding the concept upto my requirements else I would not have coded it myself
    This article was originally published in forum thread: Domain SQL Injector - Find SQL Injection on all sites hosted on server started by b0nd View original post
    Comments 11 Comments
    1. d4rkpyth0n's Avatar
      d4rkpyth0n -
      Aha...i was looking for exactly such script..but due to poor coding capabilty.. Now thnx to u b0nd..
    1. neo's Avatar
      neo -
      Nice one b0nd !
      I guess b0nd would on Fire with Python also now
    1. nregati's Avatar
      nregati -
      While compiling in BT5r3 i'm getting import error in the first import line..
    1. aurora's Avatar
      aurora -
      I tryed to compile the script both win7 (Python 3.3.0) and linux Bt5R3 (Python 3.1.0) But I get error message TabError: inconsistent use of tabs and spaces in indentation on ('Clear') segment line 47 How can I fix this? Thank you.
    1. fb1h2s's Avatar
      fb1h2s -
      @aurora I think u need to run it with python 2.7. Itz coz ur running it with python 3.
    1. fb1h2s's Avatar
      fb1h2s -
      @aurora I think u need to run it with python 2.7. Itz coz ur running it with python 3.
    1. Navneet Singh Sodhi's Avatar
      Navneet Singh Sodhi -
      thanks for sharing its good
    1. rajat's Avatar
      rajat -
      its good and found after a long time
    1. prince_indishell's Avatar
      prince_indishell -
      i got this error on windows D:\>python Domain-SQLi-finder.py File "Domain-SQLi-finder.py", line 47 os.system('clear') ^ TabError: inconsistent use of tabs and spaces in indentation and this on backtrack 5r2 root@bt:~/Desktop# ./Domain-SQLi-finder.py Traceback (most recent call last): File "./Domain-SQLi-finder.py", line 7, in import chilkat, sys, os, argparse, httplib, urlparse, urllib2, re, time, datetime ImportError: No module named chilkat what is solution guys ?
    1. omarb's Avatar
      omarb -
      cool stuff! im still a learner and this has been useful
    1. shin3r's Avatar
      shin3r -
      hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh MADAFAKA ReverIPconect with trojen shit realy fuck you bound :v
  • G4H Facebook

  • G4H Twitter