bambish / scanqli Goto Github PK

Some website generate the following error :

ERROR: Unknow error : GetHTML(): <class 'requests.exceptions.SSLError'>
Traceback (most recent call last):
File "scanqli.py", line 141, in
function.PrintError("", error)
File "/root/ScanQLi/function.py", line 373, in PrintError
print(colored("ERROR: ", "red", attrs=["bold"]) + colored(command, attrs=["bold"]) + " : " + errormsg)
TypeError: cannot concatenate 'str' and 'exceptions.UnboundLocalError' objects

i have this error

Traceback (most recent call last):######################################################]
File "./scanqli.py", line 129, in
result = function.CheckPageListAllVulns(pageset)
File "/home/CyberTheReapeR/ScanQLi/function.py", line 341, in CheckPageListAllVulns
payload = CheckPageListVuln(pageset, vuln)
File "/home/CyberTheReapeR/ScanQLi/function.py", line 319, in CheckPageListVuln
payload = CheckPageVuln(url, vuln, pageset[url])
File "/home/CyberTheReapeR/ScanQLi/function.py", line 308, in CheckPageVuln
postresult = CheckPostVuln(url, vuln, fields, html)
File "/home/CyberTheReapeR/ScanQLi/function.py", line 272, in CheckPostVuln
page = PostData(url, payloadeddata)
File "/home/CyberTheReapeR/ScanQLi/function.py", line 104, in PostData
r = requests.post(url, data=data, cookies=cookies)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 116, in post
return request('post', url, data=data, json=json, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python2.7/dist-packages/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python2.7/dist-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPSConnectionPool(host='xxx.xxx.com', port=443): Max retries exceeded with url: / (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fe0aa3bf610>: Failed to establish a new connection: [Errno 110] Connection timed out',))

Hello,

I think ScanQLi should work with websites that use self signed certificate or expired certificate (developpement servers for example).

In case of expired certificate we got this error :
ERROR: Connection Error : HTTPSConnectionPool(host='www.xxxxxxxxxxx.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

Can we get a command line switch to ignore certificate verification ?

When testing to an IP address which is hosting an HTTPS/port 443 service, there should be an option to ignore an SSL certificate mismatch. Thanks!

Pen Test > ./scanqli.py -u https://x.x.x.x/login.php?example=1 -v -o /root/scan_x.x.x.x
[2] 19135
bash: -v: command not found
Pen Test >    ____                   ____    __    _ 
  / __/ ____ ___ _  ___  / __ \  / /   (_)
 _\ \  / __// _ `/ / _ \/ /_/ / / /__ / / 
/___/  \__/ \_,_/ /_//_/\___\_\/____//_/ 

https://github.com/bambish
https://twitter.com/bambishee

URL = https://x.x.x.x/login.php?example=1
ERROR: Connection Error : HTTPSConnectionPool(host='x.x.x.x', port=443): Max retries exceeded with url: /login.php?example=1 (Caused by SSLError(CertificateError("hostname 'x.x.x.x' doesn't match either of '*.targetdomain.com', 'targetdomain.com'",),))

tested on bwapp zero vuln :D lol remove it

To integrate scanqli into the Fedora Security Lab it's required that the scanqli is available as RPM package.

This is the tracking issue for that effort.

python scanqli.py -u 'http://perdu.com/' -r

/ / ____ ___ _ ___ / __ \ / / (_)
\ \ / __// _ `/ / _ / // / / / / /
// _/ _,/ ////____/__///

https://github.com/bambish
https://twitter.com/bambishee

Base URL = http://perdu.com/
1 URLs founds

Traceback (most recent call last):
File "scanqli.py", line 142, in
resultlen = numpy.shape(result)[0] * numpy.shape(result)[1]
IndexError: tuple index out of range

i tryed small sites to see how it is scanning but it is extreme slow with getting urls 25 mbps download speed and 25 ms ping i do have

Traceback (most recent call last):
File "scanqli.py", line 101, in
function.cookies = json.loads(options.cookies)
File "C:\Python27\lib\json_init_.py", line 339, in loads
return _default_decoder.decode(s)
File "C:\Python27\lib\json\decoder.py", line 364, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "C:\Python27\lib\json\decoder.py", line 380, in raw_decode
obj, end = self.scan_once(s, idx)
ValueError: Expecting property name: line 1 column 2 (char 1)

Congratulations for your program it is a light sqli scanner that works pretty good, but it has some issues:

• Depending on the order it detects or not, example, vulnerable parameter id:

python scanqli.py -q -u "http://example.com/details.php?id=12&caca=222" -> Doesn't detect
python scanqli.py -q -u "http://example.com/details.php?caca=222&id=12" -> Detects

• Another issue is regarding the -U / --urllist -> it just doesn't detect

• One recommendation is to add more detections on the config.py, for example, I skipped one vulnerable parameter because the MySQL Error was supplied argument is not a valid MySQL result resource and that's not included

Thank you very much!

Your tools seems to not understand urls with "?" character...

python scanqli.py -u 'http://xxx.xxx.xxx' -r

/ / ____ ___ _ ___ / __ \ / / (_)
\ \ / __// _ `/ / _ / // / / / / /
// _/ _,/ ////____/__///

https://github.com/bambish
https://twitter.com/bambishee

Base URL = http://xxx.xxx.xxx/
HTTPConnectionPool(host='spip.php', port=80): Max retries exceeded with url: /?rubrique24 (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7fb26ce441d0>: Failed to establish a new connection: [Errno -2] Name or service not known',))

Hello,

When using recursive option (-r), I got some exceptions :

File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 390, in prepare_url
raise InvalidURL("Invalid URL %r: No host supplied" % url)
requests.exceptions.InvalidURL: Invalid URL u'https://#ecran-10': No host supplied

File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 390, in prepare_url
raise InvalidURL("Invalid URL %r: No host supplied" % url)
requests.exceptions.InvalidURL: Invalid URL u'https://#footer': No host supplied

Such URLs should just be ignored, it should not crash your software.

Example :
python scanqli.py -u 'https://github.com' -r

/ / ____ ___ _ ___ / __ \ / / (_)
\ \ / __// _ `/ / _ / // / / / / /
// _/ _,/ ////____/__///

https://github.com/bambish
https://twitter.com/bambishee

Base URL = https://github.com
Traceback (most recent call last):
File "scanqli.py", line 118, in
pageset = function.GetAllPages(baseurl)
File "/root/ScanQLi/function.py", line 176, in GetAllPages
html = GetHTML(link)
File "/root/ScanQLi/function.py", line 79, in GetHTML
r = requests.get(url, cookies=cookies)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 519, in request
prep = self.prepare_request(req)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 462, in prepare_request
hooks=merge_hooks(request.hooks, self.hooks),
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 313, in prepare
self.prepare_url(url, params)
File "/usr/local/lib/python2.7/dist-packages/requests/models.py", line 390, in prepare_url
raise InvalidURL("Invalid URL %r: No host supplied" % url)
requests.exceptions.InvalidURL: Invalid URL u'https://#start-of-content': No host supplied