Programming

SQLi Scanner 2 : Having Fun With Loops and Files

Welcome back! In the previous chapter, we wrote a program to detect Error Based SQL Injection and this chapter we are going to make it better and you while learning new stuff doing that 😉 Lets begin!

requests.exceptions.MissingSchema: Invalid URL

What is this heading? You know URLs have their schema right? Like http://, https:// or ftp://. So if you try to open a url without a schema the requests module throws this error. Take a look these two inputs, one has http:// and one has not:

So to handle this exception, we have two options:

  1. Using try and except to handle this exception and print ‘Please enter a URL with http(s)://’
  2. Adding a functionality in our code which would detect if a URL has http:// or https://, if it doesn’t contain that then http:// will be added

Which options sounds good to you? I will go with the second option, I always do that.

Here’s a rule of programming which will let you do anything:

  1. Think about what you want to build
  2. Think about how your project is going to work (from programming perspective)
  3. Code! Code! Code!

So as the first says, what we want it to do? We want it to add http:// to URLs before opening them. Wait a sec..what if a URL has already http:// in it? Hmm…alright lets say we will remove http:// and https:// from URL and then add http:// to it.

Cool. Time for the second step, how we are going to remove and add all that http:// stuff? So first of all we will check if the URL contains http(s):// with a simple if statement, if it does then we will replace https:// with nothing. (Did I just said nothing? Yep I will explain that later.) After that we will add http:// by simple incantation like http:// + url.

Last step, lets code!

import requests

targets = [] #this list contains targets to be scanned

with open('targets.txt','r') as f:
    for line in f:
        url = str(line.replace('\n',''))
        targets.append(url)

for url in targets:
    if 'http://' in url:
        url = url.replace('http://', '')
    elif 'https://' in url:
        url = url.replace('https://', '')
    url = 'http://' + url

    response = requests.get(url + "'").text
    if 'error' in response and 'syntax' in response or 'MySQL' in response:
        print '[+] Vulnerable: ' + url
    else:
        print '[-] Not vulnerable: ' + url

We are already familiar with rest of the code except the URL formatting part so lets break that down:

  • We are checking if the url contains http:// by a simple if statement, if it does than the replace function gets executed. Replace is used to replace something in a string with something else. So we are replacing http:// with…with what? There’s nothing in the second pair of single quotes so it will get replaced with nothing, in other words, it will get deleted.
  • We are doing the same thing but here’s an important thing to notice and even experienced programs do make this mistake. Why are we using elif and not if? Because if the URl has http:// then we don’t need to waste time checking for https://. These mistake can consume a lot of time when you are working on larger projects.
  • After that we did url = ‘http://’ + url because now the URl has no http(s):// so we have to add it.

Output:

So now our SQLi scanner can handle both type of inputs. Great! Now we will add one more functionality to it and that would be scanning all the URLs present in a txt file. Sounds cool right? Lets start by learning how we can open a file in python:

file = open('file.txt', 'r')

The syntax is simple, open(‘filename’, ‘permission’). Filename is path of your file but what is permission? Well permission are basically of two types, read and write. With read permission you can read and use the contents of the file while with the write permission you can add and save content to a file. You can use both these permissions simultaneously as well. We are using the r permission which lets us read whatever the file contains so we will be retrieving targets from that file. w permission can be used to write and r+ can be used to get both read and write permission. There are other permissions as well but we should not better talk about them at this point.

So we learned how to open a file, now lets open a file and convert its lines to elements of a list:

targets = [] #this list contains targets to be scanned

with open('targets.txt','r') as f:
    for line in f:
        url = str(line.replace('\n',''))
        targets.append(url)

Lets breakdown the code

  • In the first line, we defined a list named targets which is a blank list. Don’t worry we will be filling it with targets soon.
  • We are using a new statement here, with. With is useful because it will always close the file we opened, no matter what exception occurs or how the nested block exists. Nested block? The part of code below a statement which starts with  4 spaces and gets executed via that statement like we do with if, else, elif, loops, functions and now did the same with the with statement.
  • In the next line where we are using a for loop, we are picking the first line for the txt file. Thats it!
  • str(line.replace(‘\n’,”)) here we are deleting the \n (new line) character and the we are converting it to a string using str() method. So why would a line have a \n? Because every time you hit enter while writing you are actually adding a \n at the end of the line and we don’t need that any more so we are deleting it.
  • The next line shows how we can add an element to a list. targets is a list and we are adding a variable named url to it using the append statement. So the loop keeps going and the lines of the file keep getting added to our list named targets unless it reaches to the end of the file.

Great. Now lets add this functionality to our SQL injection scanner and make it more cool.

import requests

targets = [] #this list contains targets to be scanned

with open('targets.txt','r') as f:
    for line in f:
        url = str(line.replace('\n',''))
        targets.append(url)

for url in targets:
    if 'http://' in url:
        url = url.replace('http://', '')
    elif 'https://' in url:
        url = url.replace('https://', '')
    url = 'http://' + url

    response = requests.get(url + "'").text
    if 'error' in response and 'syntax' in response or 'MySQL' in response:
        print '[+] Vulnerable: ' + url
    else:
        print '[-] Not vulnerable: ' + url

If have been paying attention then this code must be self explanatory to you. I removed the raw_input statement because we don’t need that anymore because we are taking input from a file. I also changed the last two print statements so we can clearly see which target is vulnerable and which is not. Here’s the output:

mass sql injection scanner python

In the next chapter we will be building a Scanner which would scan for SQL injection, XSS and LFI.

Till than practice your skills. Code something cool. Keep learning! Keep coding!

Also Read: My Programming Environment : Sublime, Red Shift, Stackoverflow

 


Subscribe Now

Subscribe for free and get latest articles delivered right into your inbox.

Thank you for subscribing.

Something went wrong.

Categories

>-----ADVERTISEMENT-----<