From 4d9755bf5e912e7e2b4c2dac2af000f154184aa1 Mon Sep 17 00:00:00 2001
From: jingbo-you <jingbo-you@haihangyun.com>
Date: Tue, 2 Aug 2016 14:56:15 +0800
Subject: [PATCH] happy birthday KB

---
 .gitignore          |   2 +-
 AutoSqli.py         |  78 +++++++++++++++++++++++++++++---------------
 README.md           |   2 +-
 config.py           |  18 ++++++++++
 data/injection.txt  |   6 ----
 data/targets.txt    |  20 ------------
 search/__init__.pyc | Bin 129 -> 0 bytes
 search/baidu.py     |  59 +++++++++++++++++++--------------
 search/baidu.pyc    | Bin 3362 -> 0 bytes
 9 files changed, 107 insertions(+), 78 deletions(-)
 create mode 100644 config.py
 delete mode 100755 data/injection.txt
 delete mode 100755 data/targets.txt
 delete mode 100755 search/__init__.pyc
 delete mode 100755 search/baidu.pyc

diff --git a/.gitignore b/.gitignore
index 8a4ee70..a8add09 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,4 @@
 *.pyc
 .DS_Store
 *.log
-data/
\ No newline at end of file
+data/*.*
\ No newline at end of file
diff --git a/AutoSqli.py b/AutoSqli.py
index fb233f6..058d3ad 100755
--- a/AutoSqli.py
+++ b/AutoSqli.py
@@ -1,20 +1,22 @@
 #!/usr/bin/python
 #-*-coding:utf-8-*-
+from __future__ import absolute_import, print_function
+
 import requests
 import time
 import json
 import threading
 import Queue
-from search.baidu import *
+from search import baidu
+import logging
+from config import LOG, API_URL
 
 
 class AutoSqli(object):
-
     """
     使用sqlmapapi的方法进行与sqlmapapi建立的server进行交互
 
     """
-
     def __init__(self, server='', target='',data = '',referer = '',cookie = ''):
         super(AutoSqli, self).__init__()
         self.server = server
@@ -28,17 +30,22 @@ class AutoSqli(object):
         self.referer = referer
         self.cookie = cookie
         self.start_time = time.time()
+        self.logger = logging.getLogger('app.run')
+        self.logger.info('Creating an instance of AutoSqli for {0}.'.format(self.target))
 
     def task_new(self):
-        self.taskid = json.loads(
-            requests.get(self.server + 'task/new').text)['taskid']
-        #print 'Created new task: ' + self.taskid
-        if len(self.taskid) > 0:
-            return True
-        return False
+        try:
+            self.taskid = json.loads(
+                requests.get(self.server + 'task/new').text)['taskid']
+            #print 'Created new task: ' + self.taskid
+            if len(self.taskid) > 0:
+                return True
+            return False
+        except ConnectionError:
+            self.logging.error("sqlmapapi.py is not running")
 
     def task_delete(self):
-        json_kill=requests.get(self.server + 'task/' + self.taskid + '/delete').text
+        json_kill = requests.get(self.server + 'task/' + self.taskid + '/delete').text
         # if json.loads(requests.get(self.server + 'task/' + self.taskid + '/delete').text)['success']:
         #     #print '[%s] Deleted task' % (self.taskid)
         #     return True
@@ -46,7 +53,7 @@ class AutoSqli(object):
 
     def scan_start(self):
         headers = {'Content-Type': 'application/json'}
-        print "starting to scan "+ self.target +".................."
+        self.logger.debug("Starting to scan "+ self.target +"..................")
         payload = {'url': self.target}
         url = self.server + 'scan/' + self.taskid + '/start'
         t = json.loads(
@@ -74,9 +81,10 @@ class AutoSqli(object):
             #print 'not injection\t'
             pass
         else:
-            f=open('data/injection.txt','a')
+            f = open('data/injection.txt','a')
             f.write(self.target+'\n')
-            print 'injection \t'
+            f.close()
+            self.logger.warning('injection \t')
 
     def option_set(self):
         headers = {'Content-Type': 'application/json'}
@@ -134,28 +142,46 @@ class myThread(threading.Thread):
             objects=self.q.get()
             result=objects.run()
 
-
-        
-if __name__ == '__main__':
-    urls=[]
-    print 'the program starts!'
-    key='inurl:asp?id='
-    pages=3               
-    urls=geturl(key,pages)
+def main():
+    import argparse
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-n', '--num', default=4, nargs='?', type=int, dest='num', help="Thread num")
+    parser.add_argument('-p', '--page', default=3, nargs='?', type=int, dest='page', help="Search Page num")
+    parser.add_argument('-d', '--log', default=LOG["filename"], nargs='?', type=str, dest='log', help="The path of debug log")
+    args = parser.parse_args()
+    logger = logging.getLogger('app')
+    logger.setLevel(LOG["level"])
+    fh = logging.FileHandler(args.log)
+    fh.setLevel(LOG["level"])
+    formatter = logging.Formatter(LOG['format'], LOG["datefmt"])
+    fh.setFormatter(formatter)
+    sh = logging.StreamHandler()
+    sh.setLevel(LOG["level"])
+    sh.setFormatter(formatter)
+    logger.addHandler(fh)
+    logger.addHandler(sh)
+    urls = []
+    logger.info('the program starts!')
+    pages = args.page
+    key = 'inurl:asp?id='
+    urls = baidu.geturl(key, pages)
     #print urls
-    workQueue=Queue.Queue()
+    workQueue = Queue.Queue()
     for tar in urls:
-        s = AutoSqli('http://127.0.0.1:8775', tar)
+        s = AutoSqli(API_URL, tar)
         workQueue.put(s)
     threads = []
-    nloops = range(4)   #threads Num
+    nloops = range(args.num)   #threads Num
     for i in nloops:
-        t = myThread(workQueue,i)
+        t = myThread(workQueue, i)
         t.start()
         threads.append(t)
     for i in nloops:
             threads[i].join()
-    print "Exiting Main Thread"
+    logger.info("Exiting Main Thread")
+        
+if __name__ == '__main__':
+    main()
 
 
 
diff --git a/README.md b/README.md
index 1388303..770a65c 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@
 
 **Useage:**
 - 在sqlmap的目录下执行`python sqlmapapi.py -s`进行监听操作。
-- 运行AutoSqli.py
+- 运行AutoSqli.py `python AutoSqli.py` 参数可通过`-h`查看
 
 **Tips:**
 * 这里要注意的是在代码里自定义搜索关键字：`key='inurl:asp?id='`
diff --git a/config.py b/config.py
new file mode 100644
index 0000000..da3ce72
--- /dev/null
+++ b/config.py
@@ -0,0 +1,18 @@
+#!/bin/env python
+# -*- coding=utf-8 -*-
+import logging
+
+API_URL = "http://127.0.0.1:8775"
+
+LEVELS = {'debug': logging.DEBUG,
+          'info': logging.INFO,
+          'warning': logging.WARNING,
+          'error': logging.ERROR,
+          'critical': logging.CRITICAL}
+
+LOG = {
+"level" : LEVELS["debug"],
+"filename" : "autosqli.log",
+"format" : '[%(asctime)s] %(levelname)-8s %(name)-12s %(message)s',
+"datefmt" : '%Y-%m-%d %H:%M:%S'
+}
diff --git a/data/injection.txt b/data/injection.txt
deleted file mode 100755
index f2d6b7c..0000000
--- a/data/injection.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-http://www.lamarche.com.tw/production_detail.php?shop_category=64&sn=248
-http://www.70jj.com/shop/index.php?shop_id=1
-http://www.cosmax.com.hk/products_detail.php?product_id=17
-http://www.etron.com/en/products/u3hc_detial.php?Product_ID=5
-http://www.fembooks.com.tw/indexstore.php?product_id=5423
-http://www.guangzhouflower.net.cn/product.php?pid=12
diff --git a/data/targets.txt b/data/targets.txt
deleted file mode 100755
index 77a81ea..0000000
--- a/data/targets.txt
+++ /dev/null
@@ -1,20 +0,0 @@
-http://www.99166.com/zjinfo.asp?id=5
-http://www.yh8z.com/Secondary/guding.asp?Id=68&Parent_ID=18&Type_Class=news&GS_Class=22
-http://www.gdkszx.com.cn/ksxx/kszc_show.asp?id=2205
-http://www.smxs.gov.cn/viewtexti.asp?id=275079&npage=6
-http://www.juancheng.gov.cn/wsbs-view.asp?id=9285
-http://rc.sz.zj.cn/company.asp?id=4291
-http://www.law-lib.com/fxj/fxj.asp?id=940
-http://www.kfws.gov.cn/Article_read.asp?id=2289
-http://www.zjghtcm.com/new_show.asp?id=1178
-http://www.medsci.cn/sci/journal.asp?id=0bc61099
-http://www.dylaw.gov.cn/zhongc/web60/classshow.asp?id=51848&classid=15
-http://club.kdnet.net/dispbbs.asp?id=11095423&boardid=1
-http://people.rednet.cn/PeopleShow.asp?ID=2410432
-http://www.dhzsxx.com/ShowNews.asp?id=1591
-http://www.chinawutong.com/co/huoyuan_01/index.asp?id=213633
-http://news.chinaxinge.com/shownews.asp?id=53866&sjm=49600b363e048e05
-http://www.gxxgty.com/news_show.asp?id=1583
-http://szb.keq0475.com/Qnews.asp?ID=49506
-http://www.cyfy.cn/kssz.asp?id=42
-http://www.szkweekly.com/List.asp?ID=54284
diff --git a/search/__init__.pyc b/search/__init__.pyc
deleted file mode 100755
index 1de5cdfe2919090576af51f2a34a76b34eb355b6..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 129
zcmZSn%**vFLq05-0SXv_v;z<qvjB+{28Lh_kcgiKkYGR~inV}Zu2wPU-yPW>Q(Tyn
zSdbZW^w+`t*B7059aEf|Sd^R*6Ca<Mmst`YuUAl6!U0rnlbfGXnv-e=GPD?o833Xr
BAD93D

diff --git a/search/baidu.py b/search/baidu.py
index fda1213..6455ea3 100755
--- a/search/baidu.py
+++ b/search/baidu.py
@@ -1,11 +1,16 @@
 #coding: utf-8
+from __future__ import unicode_literals
+
 import urllib2
 import string
 import urllib
 import re
 import random
+import logging
   
-user_agents = ['Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0', \
+__all__ = ["geturl"]
+
+USER_AGENTS = ['Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0', \
         'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0', \
         'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533+ \
         (KHTML, like Gecko) Element Browser 5.0', \
@@ -18,26 +23,31 @@ user_agents = ['Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Fire
         Chrome/28.0.1468.0 Safari/537.36', \
         'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; TheWorld)']
   
-def baidu_search(keyword,pn):
-    p= {'wd': keyword} 
-    res=urllib2.urlopen(("http://www.baidu.com/s?"+urllib.urlencode(p)+"&pn={0}&cl=3&rn=10").format(pn)) #rn为每页的显示数目 pn表示当前显示的是第pn条搜索结果
-    html=res.read()
+logger = logging.getLogger('app.baidu')
+
+def baidu_search(keyword, pn):
+    p = {'wd': keyword} 
+    res = urllib2.urlopen(("http://www.baidu.com/s?"+urllib.urlencode(p)+"&pn={0}&cl=3&rn=10").format(pn)) #rn为每页的显示数目 pn表示当前显示的是第pn条搜索结果
+    html = res.read()
     return html
-def getList(regex,text): #将获取的url去重并存入list
+
+def getList(regex, text): #将获取的url去重并存入list
     arr = []
     res = re.findall(regex, text)
     if res:
         for r in res:
             arr.append(r)
     return arr
-def getMatch(regex,text):  #匹配函数
+
+def getMatch(regex, text):  #匹配函数
     res = re.findall(regex, text)
     if res:
         return res[0]
     return ''
+
 def is_get(url):           #是否是sqlmap可识别的get型链接
-    regex=r'(\S*?)\?.*=.*'
-    res=re.match(regex,url)
+    regex = r'(\S*?)\?.*=.*'
+    res = re.match(regex,url)
     if res:
         #print res.group(1)
         return res.group(1)
@@ -46,12 +56,12 @@ def is_get(url):           #是否是sqlmap可识别的get型链接
 # def Deduplication():
 #     regex=r'\S'
 
-def geturl(keyword,pages): #获取url
+def geturl(keyword, pages): #获取url
     targets = []
-    hosts=[]
+    hosts = []
     for page in range(0,int(pages)):
-        pn=(page+1)*10
-        html = baidu_search(keyword,pn)   
+        pn = (page+1)*10
+        html = baidu_search(keyword, pn)   
         content = unicode(html, 'utf-8','ignore')
         arrList = getList(u"<div class=\"f13\">(.*)</div>", content) #分割页面块
         #print arrList
@@ -61,28 +71,29 @@ def geturl(keyword,pages): #获取url
         for item in arrList:
             regex = u"data-tools='\{\"title\":\"(.*)\",\"url\":\"(.*)\"\}'"
             link = getMatch(regex,item)
-            url=link[1]                     #获取百度改写url
+            url = link[1]                     #获取百度改写url
             try: 
-                domain=urllib2.Request(url)
-                r=random.randint(0,11)
-                domain.add_header('User-agent', user_agents[r])
-                domain.add_header('connection','keep-alive')
-                response=urllib2.urlopen(domain)
-                uri=response.geturl()      #获取真实url
-                urs=is_get(uri)            #是否是传统的get型
+                domain = urllib2.Request(url)
+                r = random.randint(0, len(USER_AGENTS))
+                domain.add_header('User-agent', USER_AGENTS[r])
+                domain.add_header('connection', 'keep-alive')
+                response = urllib2.urlopen(domain)
+                uri = response.geturl()      #获取真实url
+                urs = is_get(uri)            #是否是传统的get型
                 if (uri in targets) or (urs in hosts) :
                     continue
                 else:
                     targets.append(uri)
                     hosts.append(urs)
-                    f1=open('data/targets.txt','a') #存放url链接
+                    f1 = open('data/targets.txt','a') #存放url链接
                     f1.write(uri+'\n')
                     f1.close()
             except:
                 continue
-    print "urls have been grabed already!!!"
+    logger.info("urls have been grabed already!!!")
     return targets
     
-
+if __name__ == '__main__':
+    pass
 
     
\ No newline at end of file
diff --git a/search/baidu.pyc b/search/baidu.pyc
deleted file mode 100755
index 3f168e1de68db62e9d37a2a807f0d1e18775c94a..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 3362
zcmbVOUvC@75#J^CU!o){ZX7j1dnOv2a;!U2G+D{A>?V$58;NA&XorEyKsfPM<Wa}F
z)9zA#67nSu^4^coevu$R0^}_~9@-C4pf7pLOZ%HW(rM&2Kul@(W@l$-XMQs~yV)Od
zGk^X2#)nNd{LSF|Cp7gJbUyw$3mMyePII=)NBj)i&5Y<Q+s%&XF}6F#d`y7@Vx0LC
z%%5cb6!WK<Kg0Z4)|z3v;Lowop&YY0LqKNU5RhCj1mqVDfmNK<3Kw8i@NfKf)B}*)
z@h3qTdQQbIT7`NL`SFRecAi*OyR>Q5AJwZjHZ6I4bFFL_SFHP@c^Eru#ZtL=qgb`x
z3#2%RPaT^4HOflsKT}pLmWrk4%4kw0|HraT>nW@{XQhZ%pVn5ax056kb+P|`pq)y&
z{FXKP72bdFWc!2bRu~+L)P)u6UMRXE($+f?{t9Wqef26fefZ9{1s(TJlQ5RxJI6(P
z<Ay3=>b@6xr)N$HK>b-nA6tcOuW3E1Ssz)YqFu48#x@bHsQc%QZ^qrk)4_fyHm&X2
z!+W%#_@W;}w4cbphiOg~AgK-LdXxz1IUDx+`3NB*kEKu=A+bwqc6oi>`cOy}#F2wx
z>4y5^yd}Y7&)>A}K7LAuSNDo3CL>4AV_3D<s@DHPZ-ne<H<)T|$NNDjoKo@aO1V<;
zt(te>$-r5!l%b}ga0GrS*UoSKN4xyXTi<QVxGS7BWD7j4;xpQ@Ql`b~;rR_;h{DDT
zK|oMO=p!L8Xp4F*Lw}{2fwpn9F|@mA>OFJ;XMJ<NtAh;FjCF9XL1b7b%laAijI&EP
zz?V8>tj}qL{{d#QtTWD@F*X2y3@4Iw?qC&TC%(FbPh0EcrsJHPoY?zb;P-5p?x;Iz
z33FGHXzSDB;7T*xDqoS&R;gH+09#L@>&Y+-_SZ&qoFI*8GUe;(loU}j_Jx@^h-KH)
znhcP_^9$smS$!zZPGadBqmoE-@DrUiV#<iObvL9#!Az&Fg1UFJ@!h|^{<5KtLN5s#
z-~9O1m;d<NxBqM?;mKyZk$RGx={d-n!CpG^8;sQyI>vK+h0pQlVAF;MZ0cG7Y=kmU
zCqy$tIOQF7`a8n)-H%@}s3HOx!WMw@qc>SSf_w%@lOH<;QfoYu!Z>??dg6tlLBvY{
z+7JjrLyDF-H6Ckx4FsN)F4cI0ihM~BC|oU}KM0imEl5S6Fh0ST&~p4@iUAo)joep%
zK$qs&Pu|1H43if1sO`%&WM9p=w-Z2`#1SA$EH_8pJPk>qyGR|~1jdt>^nqdqAGST+
zY+nXF3?jKO#hZln&m1U&0V@Z5<c2vt6vWhxx5y2|4Nf3#HJqH9&ql{XkpqQB?b@A{
z#vS|GmVFI}4<`_9=n@HN3K=rG*)~*5#=RsBH(7#XkUCD$dr6<^I0b4CZeIbVNYgNE
znOw#s?knJslnL5rFfvVC>a*;$!x0pqfaDq0gbcE_#?x8=*QsJ$9E?+fQk+pJ0MG<O
z=Jj#Oo43HTEE`NRBqbgN{YfJ*#ZKpVe+sI`_y9NlBpb{S8vPm8pEeS+tUpW8E)V9|
z+4l^|-kD_mIa8BzOi!^6mZ5%48R>b}&#?|(4AV?w<vd%48GOhy&kq`tk~xy3!nVNr
z3#<bgjxI6{4U2|<fe1wQaDu62-p4RYwER6k>9Xiu6LhRK!klU&1{Y{0*NgPL!NZ0i
zSYrJp)-lTP!ns8A#8{&Jc>So$IOpi`{}EdKD9`G60NsCpoofY3_w-1lSwmq{lq)@b
zu)1yze$a|=;rCt#^OheRTg}i@YAb(GD(7z(>}xBx9B^;<u4CT!w706`I8<9#8=vNN
zphJ<rnJ20I^*pj{G-wR22D7vk?e`SVj8(6NlB{XijH5_2HSTINdniP*>V?6vP-HA^
z;b>1H&y=lEcqrLDMg5Gj&|?>6wY_6u?F$iEE$QtG-||8#<7byIUoKD@nnNJH2wEur
zgGjqnXVUv23g{YeFM{FH%f}_<X37;uJ-jLmELiQwUBf04Dvb4>@9(v-m5@jeSOeeo
zjBm=Na$}ZaS2}T2-rNOZ(lul5Btrf~23i;cn_;YkvDc-lXm|;fDYNSk1jB8|N~hNk
z&AU{8T-x3U0#Hrhk`9z;s;p*5Y|}Nz-i*Q^I&_z54V_WA<^_>!up(`EOeF|N3Re#n
z5^O!G%x!T{dbyh6Ql%)Nsaxo%T1@aa_&i@gv0oU^VYI+!c-D+B@<n{-@b?;@$mDPp
zEbt4ErP*;_AZOD!k@ZT;AZoc}qigDWo~SpeqcHzhXiW^rjGsI()UUd?37}iu*zbkn
eHU-(-NMx${%Vc>LZ33p^3u-zuJw82&Hv1nnGUo#T