#!/usr/bin/python #-*-coding=utf-8-*- #Author:@xfk #blog:@blog.sina.com.cn/kaiyongdeng #Date:@2012-05-07 #Example site:@http://www.apostilando.com/pagina.php?cod=1 #将要扫描的网站写入当前目录文件中。python xxx.py xxx.txt import urllib import os import sys if os.name == "nt": os.system("cls") else: os.system("clear") def usage(): print """ =================SQL INJECTION===================== Usage:python %s %s """ %(sys.argv[0],sys.argv[1]) def scanner(url): try: page = urllib.urlopen(url).read() except: print "[-]Error!!!\n" return(0) # 如果一个网站存在SQL注入的话就，当你使用基本的尝试方法去测试时页面会出现如下报错。 sqls = ("mysql_result(): supplied argument is not a valid MySQL result resource in", "[Microsoft][ODBC SQL Server Driver][SQL Server]", "Warning:ociexecute", "Warning: pq_query[function.pg-query]:") i=0 page = str(page.lower()) while i" else: print "[+]"+url+" " def main(args): if len(args)!=1: usage() print "\t[-]Mode to use: %s \n" % sys.argv[0] print "\t[-]Example: %s Site.txt\n" % sys.argv[0] # print sys.argv[0],sys.argv[1],len(args) sys.exit(0) usage() try: f = open(str(sys.argv[1]),"r") urls = f.readlines() # print urls except: print "[+]Error to open the file "+sys.argv[1]+"" return(-1) f.close() i=0 while i