第一段代码用户传入一个文件夹,自动扫描文件夹内特定文件是否存在某些关键字,如果存在则输出该文件的路径信息。
# coding=gbk
import sys,os,re
def spider(script_path,script_type):
final_files = []
for root, dirs, files in os.walk(script_path, topdown=False):
for fi in files:
dfile = os.path.join(root, fi)
if dfile.endswith(script_type):
final_files.append(dfile.replace("\\","/"))
print("[+] 共找到了 {} 个PHP文件".format(len(final_files)))
return final_files
def scanner(files_list,cmd):
for item in files_list:
fp = open(item, "r",encoding="utf-8")
data = fp.readlines()
for line in data:
Code_line = data.index(line) + 1
Now_code = line.strip("\n")
for unsafe in [cmd]:
flag = re.findall(unsafe, Now_code)
if len(flag) != 0:
print("函数: {} ---> 函数所在行: {} ---> 路径: {} " .\
format(flag,Code_line,item))
if __name__ == "__main__":
path = sys.argv[1]
shell = sys.argv[2]
ret = spider(path,".php")
scanner(ret,shell)
第二段代码主要用于监控MWeb页面执行过的SQL语句,在指定页面上访问网页,列出所执行的SQL语句,挖掘SQL注入必备。
# coding=gbk
import pymysql,re
#conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='mysql', charset='utf8')
#cursor = conn.cursor()
#cursor.execute("SET GLOBAL general_log='ON';")
#cursor.execute("set global general_log_file='C:\mysql.log'")
#conn.commit()
#cursor.close()
#conn.close()
try:
fp = open("C:/mysql.log","r")
sql = fp.readlines()
for item in sql:
temp = item.replace("\n","").split('\t')
if re.search("Connect",temp[1]) == None and temp[2] != "":
print("状态:{} ---> 执行语句: {}".format(temp[1],temp[2]))
open("C:/mysql.log","w")
except Exception:
open("C:/mysql.log", "w")
exit()