#!/usr/bin/env python """ $Id$ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ import cookielib import httplib import re import socket import urllib2 from lib.core.common import getUnicode from lib.core.convert import htmlunescape from lib.core.convert import urlencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.exception import sqlmapConnectionException from lib.core.exception import sqlmapGenericException from lib.core.settings import UNICODE_ENCODING from lib.request.basic import decodePage class Google: """ This class defines methods used to perform Google dorking (command line option '-g ' """ def __init__(self, handlers): self.__matches = [] self.__cj = cookielib.LWPCookieJar() handlers.append(urllib2.HTTPCookieProcessor(self.__cj)) self.opener = urllib2.build_opener(*handlers) self.opener.addheaders = conf.httpHeaders def __parsePage(self, page): """ Parse Google dork search results page to get the list of HTTP addresses """ matches = [] regExpr = r'h3 class="?r"?> 1 else 1 logger.info("using Google result page #%d" % gpage) if not googleDork: return None url = "http://www.google.com/search?" url += "q=%s&" % urlencode(googleDork, convall=True) url += "num=100&hl=en&safe=off&filter=0&btnG=Search" url += "&start=%d" % ((gpage-1) * 100) try: conn = self.opener.open(url) requestMsg = "HTTP request:\nGET %s" % url requestMsg += " %s" % httplib.HTTPConnection._http_vsn_str logger.log(8, requestMsg) page = conn.read() code = conn.code status = conn.msg responseHeaders = conn.info() page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type")) responseMsg = "HTTP response (%s - %d):\n" % (status, code) if conf.verbose <= 4: responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING) elif conf.verbose > 4: responseMsg += "%s\n%s\n" % (responseHeaders, page) logger.log(7, responseMsg) except urllib2.HTTPError, e: try: page = e.read() except socket.timeout: warnMsg = "connection timed out while trying " warnMsg += "to get error page information (%d)" % e.code logger.critical(warnMsg) return None except (urllib2.URLError, socket.error, socket.timeout), _: errMsg = "unable to connect to Google" raise sqlmapConnectionException, errMsg self.__matches = self.__parsePage(page) if not self.__matches and "detected unusual traffic" in page: warnMsg = "Google has detected 'unusual' traffic from " warnMsg += "this computer disabling further searches" raise sqlmapGenericException, warnMsg return self.__matches