> > > > >


SQLi Scanner Bash (sh)
koecroet Offline
<<-- yang punya naga
44 - 808
#1
05-23-2012, 07:46 PM
Assalamualaikum wr.wb
berawal dari tadi malem pas ane mau owned target yg menurut ane sudah tidak ada vulner, tetapi dia masih hostingan.
yasudah di scan lah domain2 yang satu server dengan domain target ane. karna rencana ane mau nge jumping.

tapiii bnyak banget domain di server itu, dan gk memungkinkan untuk mengscan satu2 dengan mengetik command nya. yaudah w buat aja bash sederhana ini, ada 2 step yaitu information gathering , lalu meng scan bug atau vulner SQLi (sql injection).

tools ini kita bisa menginput 5 victim sekaligus dalam satu kali scan pake tools ini. nanti akan di beritahu dia pake CMS apa lalu apakah domain yang kita scan itu seutuhnya (200) atau domain yang hanya akan di redirect (301) ?

oke deh langsung saja silahkan save dengan nama apaja.sh

Code:
#!/bin/bash

#this is opensource

#email : [email protected]

##################################################
#color
##################################################
lightgreen='\e[1;34m'
    lightblue='\e[1;34m'
blue='\e[0;34m'
    lightcyan='\e[1;36m'
yellow='\e[1;33m'
    red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################

    clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
    echo -ne $yellow "target 1 : "
    read website1
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightcyan "target 2 : "
    read website2
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightgreen "target 3 : "
    read website3
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightblue "target 4 : "
    read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
    read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
      
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
      
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
      
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
      
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if    nmap --script=sql-injection $website1 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if    nmap --script=sql-injection $website2 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if    nmap --script=sql-injection $website3 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if    nmap --script=sql-injection $website4 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if    nmap --script=sql-injection $website5 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
}

buat testing aja nih contoh victim: percikschool.com

sperti biasa please kalo mau edit2 jangan apus atau tinggalin nama authornya. biar anda gk dibilang plagiat

jika hasil bug sqli muncul seperti ini, maka kita harus memodif nya terlebih dahulu

Code:
/content.php?id=11'%20OR%20sqlspider&page=berita&act=showdetail
ingat setelah tulisan sqlspider tanda "&" dipindahkan ke paling belakang. lalu setelah tulisan spider di copy ke depan setelah tanda tanya. maka akan tertulis seperti ini yang benar:
Code:
/content.php?page=berita&act=showdetail&id=11


################## FIX ################################# FIX ####################

berhubung ini thread ngangkat lagi hehe. ane kasih perbaikan untuk nmap versi terbarunya ya.
Code:
#!/bin/bash

#this is opensource

#email : [email protected]

##################################################
#color
##################################################
lightgreen='\e[1;34m'
    lightblue='\e[1;34m'
blue='\e[0;34m'
    lightcyan='\e[1;36m'
yellow='\e[1;33m'
    red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################

    clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
    echo -ne $yellow "target 1 : "
    read website1
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightcyan "target 2 : "
    read website2
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightgreen "target 3 : "
    read website3
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightblue "target 4 : "
    read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
    read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
      
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
      
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
      
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
      
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if    nmap --script=http-sql-injection $website1 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if    nmap --script=http-sql-injection $website2 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if    nmap --script=http-sql-injection $website3 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if    nmap --script=http-sql-injection $website4 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if    nmap --script=http-sql-injection $website5 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
}

thanks before 17-agustus-2013
[shcode=This_site_xss-ed]
(This post was last modified: 08-17-2013, 09:03 PM by koecroet.)  
Website Find
Reply


Messages In This Thread
SQLi Scanner Bash (sh) - by koecroet - 05-23-2012, 07:46 PM
RE: SQLi Scanner Bash (sh) - by ekawithoutyou - 05-23-2012, 07:49 PM
RE: SQLi Scanner Bash (sh) - by iKONspirasi - 05-23-2012, 07:51 PM
RE: SQLi Scanner Bash (sh) - by fake666 - 05-23-2012, 07:53 PM
RE: SQLi Scanner Bash (sh) - by childiez - 05-23-2012, 08:29 PM
RE: SQLi Scanner Bash (sh) - by ekawithoutyou - 05-23-2012, 08:48 PM
RE: SQLi Scanner Bash (sh) - by iyan squid - 05-23-2012, 08:55 PM
RE: SQLi Scanner Bash (sh) - by permana - 05-23-2012, 09:30 PM
RE: SQLi Scanner Bash (sh) - by zasad - 05-23-2012, 10:37 PM
RE: SQLi Scanner Bash (sh) - by koecroet - 05-23-2012, 10:41 PM
RE: SQLi Scanner Bash (sh) - by koecroet - 05-24-2012, 12:29 AM
RE: SQLi Scanner Bash (sh) - by Veronochi - 05-24-2012, 12:39 AM
RE: SQLi Scanner Bash (sh) - by koecroet - 05-24-2012, 12:59 AM
RE: SQLi Scanner Bash (sh) - by Mr.Hahaha - 05-24-2012, 12:53 AM
RE: SQLi Scanner Bash (sh) - by Veronochi - 05-24-2012, 01:03 AM
RE: SQLi Scanner Bash (sh) - by Al - Ayyubi - 05-24-2012, 10:29 AM
RE: SQLi Scanner Bash (sh) - by gnome_selpa - 05-24-2012, 12:22 PM
RE: SQLi Scanner Bash (sh) - by NoseTrave - 05-28-2012, 11:39 AM
RE: SQLi Scanner Bash (sh) - by ArReS - 05-28-2012, 03:02 PM
RE: SQLi Scanner Bash (sh) - by phiA - 07-22-2012, 07:08 AM
RE: SQLi Scanner Bash (sh) - by justlearn - 07-25-2012, 10:43 PM
RE: SQLi Scanner Bash (sh) - by bee1k - 07-25-2012, 11:01 PM
RE: SQLi Scanner Bash (sh) - by czeroo_cool - 11-16-2012, 04:07 PM
RE: SQLi Scanner Bash (sh) - by Clound_Carbelius - 11-16-2012, 07:53 PM
RE: SQLi Scanner Bash (sh) - by japz_krist - 12-10-2012, 12:13 PM
RE: SQLi Scanner Bash (sh) - by blAnk_pag3 - 12-11-2012, 12:37 AM
RE: SQLi Scanner Bash (sh) - by iKONspirasi - 12-11-2012, 07:21 AM
RE: SQLi Scanner Bash (sh) - by blAnk_pag3 - 12-12-2012, 10:53 PM
RE: SQLi Scanner Bash (sh) - by koecroet - 12-13-2012, 01:00 AM
RE: SQLi Scanner Bash (sh) - by errorconnection - 12-12-2012, 11:12 PM
RE: SQLi Scanner Bash (sh) - by [H2] - 02-13-2013, 04:00 AM
RE: SQLi Scanner Bash (sh) - by wine trochanter - 02-13-2013, 11:59 PM
RE: SQLi Scanner Bash (sh) - by wine trochanter - 02-20-2013, 12:45 PM
RE: SQLi Scanner Bash (sh) - by abdilahrf - 02-20-2013, 02:09 PM
RE: SQLi Scanner Bash (sh) - by bungispo - 03-22-2013, 07:30 PM
RE: SQLi Scanner Bash (sh) - by Black Dragon - 03-22-2013, 08:26 PM
RE: SQLi Scanner Bash (sh) - by Mr.Hahaha - 08-12-2013, 01:14 AM
RE: SQLi Scanner Bash (sh) - by T3rminate1 - 08-13-2013, 07:35 PM
RE: SQLi Scanner Bash (sh) - by xnod_die - 08-15-2013, 10:53 PM
RE: SQLi Scanner Bash (sh) - by mywisdom - 08-17-2013, 05:10 PM
RE: SQLi Scanner Bash (sh) - by burncoD3 - 08-17-2013, 07:53 PM
RE: SQLi Scanner Bash (sh) - by koecroet - 08-17-2013, 09:02 PM




Users browsing this thread: 1 Guest(s)