> > > > >


SQLi Scanner Bash (sh)
[H2] Offline
Linux Enthusiast
22 - 406
#31
02-13-2013, 04:00 AM
mantep om, ane coba tapi ada kendala di NMAP nya :

muncul ginian :

Code:
ulnerability Assesment of SQLi from www.hacker-pengguna baru.org ...

NSE: failed to initialize the script engine:
/usr/local/bin/../share/nmap/nse_main.lua:753: 'sql-injection' did not match a category, filename, or directory
stack traceback:
    [C]: in function 'error'
    /usr/local/bin/../share/nmap/nse_main.lua:753: in function 'get_chosen_scripts'
    /usr/local/bin/../share/nmap/nse_main.lua:1239: in main chunk
    [C]: in ?

itu kenapa ya om.?
Code:
Username :   [ Hidemichi-Hiroyuki]

Password :   [     ********      ]
 
Website Find
Reply

wine trochanter Offline
Coder
141 - 929
#32
02-13-2013, 11:59 PM
nah sama kaya ane tuh
bingung gak tau kenapa Sad
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret

visit: http://warungiso.blogspot.com/

I was not smart or special but I was unix
 
Find
Reply

wine trochanter Offline
Coder
141 - 929
#33
02-20-2013, 12:45 PM
keren crot tp punya ane kaya gini ya? need help
maaf kgk di sensor just test
[Image: gtBwfvP.png]
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret

visit: http://warungiso.blogspot.com/

I was not smart or special but I was unix
 
Find
Reply

abdilahrf Offline
Go OpenSource ~
53 - 635
#34
02-20-2013, 02:09 PM
mantap om buat sendiri tools nya Smile Smile
-:bd :bd- bd:- hehehe kalau bisa ajarin dong bash ... bash ane mah blm ngerti om.. keliatannya mirip" python
https://abdilahrf.github.io
 
Website Find
Reply

bungispo Offline

0 - 10
#35
03-22-2013, 07:30 PM
ini untuk di backtrack aja ya om ? soal nya ane liat script nya sih kaya untuk di backtrack tapi kalo untuk di distro lain seperti ubuntu gitu apakah bisa ?
 
Find
Reply

Black Dragon Offline
Advance
16 - 103
#36
03-22-2013, 08:26 PM
(05-23-2012, 07:46 PM)koecroet Wrote: Assalamualaikum wr.wb
berawal dari tadi malem pas ane mau owned target yg menurut ane sudah tidak ada vulner, tetapi dia masih hostingan.
yasudah di scan lah domain2 yang satu server dengan domain target ane. karna rencana ane mau nge jumping.

tapiii bnyak banget domain di server itu, dan gk memungkinkan untuk mengscan satu2 dengan mengetik command nya. yaudah w buat aja bash sederhana ini, ada 2 step yaitu information gathering , lalu meng scan bug atau vulner SQLi (sql injection).

tools ini kita bisa menginput 5 victim sekaligus dalam satu kali scan pake tools ini. nanti akan di beritahu dia pake CMS apa lalu apakah domain yang kita scan itu seutuhnya (200) atau domain yang hanya akan di redirect (301) ?

oke deh langsung saja silahkan save dengan nama apaja.sh

Code:
#!/bin/bash

#this is opensource

#email : [email protected]

##################################################
#color
##################################################
lightgreen='\e[1;34m'
    lightblue='\e[1;34m'
blue='\e[0;34m'
    lightcyan='\e[1;36m'
yellow='\e[1;33m'
    red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################

    clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo " <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
    echo -ne $yellow "target 1 : "
    read website1
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightcyan "target 2 : "
    read website2
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightgreen "target 3 : "
    read website3
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightblue "target 4 : "
    read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
    read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
      
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
      
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
      
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
      
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if    nmap --script=sql-injection $website1 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if    nmap --script=sql-injection $website2 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if    nmap --script=sql-injection $website3 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if    nmap --script=sql-injection $website4 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if    nmap --script=sql-injection $website5 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
}

buat testing aja nih contoh victim: percikschool.com

sperti biasa please kalo mau edit2 jangan apus atau tinggalin nama authornya. biar anda gk dibilang plagiat

jika hasil bug sqli muncul seperti ini, maka kita harus memodif nya terlebih dahulu

Code:
/content.php?id=11'%20OR%20sqlspider&page=berita&act=showdetail
ingat setelah tulisan sqlspider tanda "&" dipindahkan ke paling belakang. lalu setelah tulisan spider di copy ke depan setelah tanda tanya. maka akan tertulis seperti ini yang benar:
Code:
/content.php?page=berita&act=showdetail&id=11

Gila nih toolz..
thanks omz.. nambah lagi ilmu ane..

ane nitip kolor ijo,, cek di lemari yak
Angry
-------------------------------------------------------
FB : https://www.facebook.com/Black.dragonics
Tw : @Dluciver
http://www.sumbar.indonesianbacktrack.org/
-------------------------------------------------------
 
Find
Reply

Mr.Hahaha Offline
LinuxtivisT
6 - 58
#37
08-12-2013, 01:14 AM
not work on kali linux kak, hmm.. di check ternyata emang folder /pentest kagak ada di kali wkwkwk
Hati Yang Gembira Adalah Obat
 
Find
Reply

T3rminate1 Offline
kebo in kali
2 - 63
#38
08-13-2013, 07:35 PM
automation script ya om? izin sedot & modifikasi sedikit, soalnya ane pake kali. dan di kali gaada direktori /pentest Big Grin
root@zombie:~# echo gua ganteng thank you Smile) > /var/log/syslog
 
Website Find
Reply

xnod_die Offline

7 - 45
#39
08-15-2013, 10:53 PM
mantap om koecroet..

klo mau jalanin di kali linux tinggal ganti aja
Code:
cd /usr/share/whatweb/   && ./whatweb

replace dengan

whatweb

klo error di nmap nya,,
tinggal ganti nmap nya pake yg nmap-6.01.tgz
tapi remove dlu nmap yg lama nya...
 
Find
Reply

mywisdom Offline
Administrator Forum
6 - 240
#40
08-17-2013, 05:10 PM
#this
is opensource

#email
: [email protected]

mantap om open source
Ringlayer Roboticist

www.ringlayer.net
www.ringlayer.com
http://www.robotshop.com/letsmakerobots/blogs/sw0rdm4n



 
Website Find
Reply






Users browsing this thread: 1 Guest(s)