(adsbygoogle = window.adsbygoogle || []).push({}); Hello.

Im new to python and just made my first script, and i thought i might aswell share it.

Its a script that scanns a website for vulns(for noobs) who dont know how to do it manually.

(Requires: Python 2.0 or newer, and a brain)

Usage: scannr.py <eg. https://example.com/news.php?id=> REMEMBER(Do not add ' after the url, the script does it.

Script:

    

#norwack's private vuln scannr

#made for learning purposes



import os

import urllib2

import sys



def usage():

	print "Usage: scannr.py <https://website.com/news.php?id=123>"

argc = len(sys.argv)

if argc < 1:

	usage()

else:

	link = sys.argv[1] + "'"

	for site in urllib2.urlopen(link):

		if 'error in your SQL' in site or 'mysql_fetch_' in site:

			print "\nMight be vulnerable: ", link

Peace, out.

So I upgraded it to Python 3 and generally improved it a little bit, if anyone would prefer to be able to run it on the current version of Python:

    

import sys, urllib.request



def usage():

    print("Usage: scannr.py <https://website.com/news.php?id=12>")



def main():

    errors = ['error in your SQL', 'mysql_fetch_'] # list of errors - you can add to these to increase effectiveness

    if len(sys.argv) < 1:

        usage()

        return 0

    else:

        try:

            print("Scanning", sys.argv[1] + "...")

            link = sys.argv[1] + "'"

            site = urllib.request.urlopen(link).read().decode("utf-8")

            counter = 0

            for error in errors:

                if error in site:

                    print(link, 'might be vulnerable'

                    return 0

                else:

                    if counter >= len(errors):

                        print(link, 'is not vulnerable'

                        return 1

                    else:

                        counter += 1

        except urllib.request.URLError:

            print("Unable to open URL, you may have provided an invalid format")

            return 2

        except:

            print("There has been an error scanning the website")

            return 2



if (__name__ == "__main__"):

    sys.exit(main())

For those who don't have Python: You must login or register to view this content.
Just copy the code into a file, extension .py, then run it on the python interpreter: python filename website from the command line.

You can give You must login or register to view this content. a try if you're looking for a vulnerable site to test it on.

Out of curiosity, did you really develop this script yourself?

Yes, with some help from one on a irc, and reading the python docs. :-)

if you said it is yours then who is Norwack?

My guess is that he's probably Norwack. Plus, nobody would be stupid enough to steal someone's script and claim it as their own, and then not remove the comment of the creator.

Ehh, I've seen people forget to remove before in the past...

He must be, because that script isn't anywhere else. But, like sublimity, I've seen some pretty clueless leechers...

Norwack is me, sir.
Dont believe me? go onto irc.pr0sec.net and join #lounge, then type: /msg gatekeeper and do the instructions and then: /msg gatekeeper invite <YourPassword> afterwards join #prosec and ask me there.

Or you can go ahead and ask me here: You must login or register to view this content..

PS: I Changed my "Online Nickname" and im actually saving up with vbux to change my username (multi accounts is disallowed?).

Peace.

No I believe you, I was just wondering why it had Norwack at the top. I already admitted to believing you a couple posts up^