Python sql注入检测工具代码,pythonsql注入代码,Python sql注入
Python sql注入检测工具代码,pythonsql注入代码,Python sql注入
Python sql注入检测工具
[Python]代码
#!/usr/bin/python#-*-coding=utf-8-*-#Author:@xfk#blog:@blog.sina.com.cn/kaiyongdeng#Date:@2012-05-07#Example site:@http://www.apostilando.com/pagina.php?cod=1#将要扫描的网站写入当前目录文件中。python xxx.py xxx.txtimport urllibimport osimport sysif os.name == "nt": os.system("cls")else: os.system("clear")def usage(): print """ =================SQL INJECTION===================== Usage:python %s %s """ %(sys.argv[0],sys.argv[1])def scanner(url): try: page = urllib.urlopen(url).read() except: print "[-]Error!!!\n" return(0)# 如果一个网站存在SQL注入的话就,当你使用基本的尝试方法去测试时页面会出现如下报错。 sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in", "[Microsoft][ODBC SQL Server Driver][SQL Server]", "Warning:ociexecute", "Warning: pq_query[function.pg-query]:") i=0 page = str(page.lower()) while i<len(sqls): sql = str(sqls[i]).lower() if page.find(sql[i]) == -1: check=0 else: check=1 i+=1 if check == 0: print "[-]"+url+" <No Vulneravel>" else: print "[+]"+url+" <Vulneravel>"def main(args): if len(args)!=1: usage() print "\t[-]Mode to use: %s <File>\n" % sys.argv[0] print "\t[-]Example: %s Site.txt\n" % sys.argv[0]# print sys.argv[0],sys.argv[1],len(args) sys.exit(0) usage() try: f = open(str(sys.argv[1]),"r") urls = f.readlines()# print urls except: print "[+]Error to open the file "+sys.argv[1]+"" return(-1) f.close() i=0 while i<len(urls): if urls[i].find("http://") == -1: urls[i] = "http://" + urls[i] urls[i] = urls[i].replace("\n","")# 利用基本放法进行测试,如:and 1=1,and 1=2,’,查看是否出现sqls中的错误信息 a = scanner(urls[i]+"and 1=2") i+=1if __name__ == "__main__": main(sys.argv[1:])
相关内容
- python解决数独问题,python解决数问题,[Python]代码#
- wxpython下输出错误到控制台console,wxpythonconsole,import s
- 利用pyHook截取人人登陆密码,pyhook截取登陆密码,客户端
- python多线程ping和arpping扫描工具,pythonarpping,多线程pi
- python向mysql中插入数据时出现_mysql_exceptions.OperationalEr
- BeautifulSoup中文乱码问题解决,beautifulsoup乱码,Beautiful
- Python采集百度地图数据,python采集地图,百度利用其强大
- python将HSL转换为RGB色彩,pythonhslrgb色彩,将色彩由 HSL 表
- python从无序数组中线性时间找出第K大的数字,python从无
- 使用python脚本获得网站的google pr值和alexa排名,pythonp
评论关闭