Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sqlmapproject
GitHub Repository: sqlmapproject/sqlmap
 Path: blob/master/lib/utils/search.py
2989 views
1
#!/usr/bin/env python

2


3
"""

4
Copyright (c) 2006-2025 sqlmap developers (https://sqlmap.org)

5
See the file 'LICENSE' for copying permission

6
"""

7


8
import re

9
import socket

10


11
from lib.core.common import getSafeExString

12
from lib.core.common import popValue

13
from lib.core.common import pushValue

14
from lib.core.common import readInput

15
from lib.core.common import urlencode

16
from lib.core.convert import getBytes

17
from lib.core.convert import getUnicode

18
from lib.core.data import conf

19
from lib.core.data import kb

20
from lib.core.data import logger

21
from lib.core.decorators import stackedmethod

22
from lib.core.enums import CUSTOM_LOGGING

23
from lib.core.enums import HTTP_HEADER

24
from lib.core.enums import REDIRECTION

25
from lib.core.exception import SqlmapBaseException

26
from lib.core.exception import SqlmapConnectionException

27
from lib.core.exception import SqlmapUserQuitException

28
from lib.core.settings import BING_REGEX

29
from lib.core.settings import DUCKDUCKGO_REGEX

30
from lib.core.settings import DUMMY_SEARCH_USER_AGENT

31
from lib.core.settings import GOOGLE_CONSENT_COOKIE

32
from lib.core.settings import GOOGLE_REGEX

33
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE

34
from lib.core.settings import UNICODE_ENCODING

35
from lib.request.basic import decodePage

36
from thirdparty.six.moves import http_client as _http_client

37
from thirdparty.six.moves import urllib as _urllib

38
from thirdparty.socks import socks

39


40
def _search(dork):

41
    """

42
    This method performs the effective search on Google providing

43
    the google dork and the Google session cookie

44
    """

45


46
    if not dork:

47
        return None

48


49
    page = None

50
    data = None

51
    requestHeaders = {}

52
    responseHeaders = {}

53


54
    requestHeaders[HTTP_HEADER.USER_AGENT] = dict(conf.httpHeaders).get(HTTP_HEADER.USER_AGENT, DUMMY_SEARCH_USER_AGENT)

55
    requestHeaders[HTTP_HEADER.ACCEPT_ENCODING] = HTTP_ACCEPT_ENCODING_HEADER_VALUE

56
    requestHeaders[HTTP_HEADER.COOKIE] = GOOGLE_CONSENT_COOKIE

57


58
    try:

59
        req = _urllib.request.Request("https://www.google.com/ncr", headers=requestHeaders)

60
        conn = _urllib.request.urlopen(req)

61
    except Exception as ex:

62
        errMsg = "unable to connect to Google ('%s')" % getSafeExString(ex)

63
        raise SqlmapConnectionException(errMsg)

64


65
    gpage = conf.googlePage if conf.googlePage > 1 else 1

66
    logger.info("using search result page #%d" % gpage)

67


68
    url = "https://www.google.com/search?"                                  # NOTE: if consent fails, try to use the "http://"

69
    url += "q=%s&" % urlencode(dork, convall=True)

70
    url += "num=100&hl=en&complete=0&safe=off&filter=0&btnG=Search"

71
    url += "&start=%d" % ((gpage - 1) * 100)

72


73
    try:

74
        req = _urllib.request.Request(url, headers=requestHeaders)

75
        conn = _urllib.request.urlopen(req)

76


77
        requestMsg = "HTTP request:\nGET %s" % url

78
        requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str

79
        logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)

80


81
        page = conn.read()

82
        code = conn.code

83
        status = conn.msg

84
        responseHeaders = conn.info()

85


86
        responseMsg = "HTTP response (%s - %d):\n" % (status, code)

87


88
        if conf.verbose <= 4:

89
            responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING)

90
        elif conf.verbose > 4:

91
            responseMsg += "%s\n%s\n" % (responseHeaders, page)

92


93
        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

94
    except _urllib.error.HTTPError as ex:

95
        try:

96
            page = ex.read()

97
            responseHeaders = ex.info()

98
        except Exception as _:

99
            warnMsg = "problem occurred while trying to get "

100
            warnMsg += "an error page information (%s)" % getSafeExString(_)

101
            logger.critical(warnMsg)

102
            return None

103
    except (_urllib.error.URLError, _http_client.error, socket.error, socket.timeout, socks.ProxyError):

104
        errMsg = "unable to connect to Google"

105
        raise SqlmapConnectionException(errMsg)

106


107
    page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))

108


109
    page = getUnicode(page)  # Note: if decodePage call fails (Issue #4202)

110


111
    retVal = [_urllib.parse.unquote(match.group(1) or match.group(2)) for match in re.finditer(GOOGLE_REGEX, page, re.I)]

112


113
    if not retVal and "detected unusual traffic" in page:

114
        warnMsg = "Google has detected 'unusual' traffic from "

115
        warnMsg += "used IP address disabling further searches"

116


117
        if conf.proxyList:

118
            raise SqlmapBaseException(warnMsg)

119
        else:

120
            logger.critical(warnMsg)

121


122
    if not retVal:

123
        message = "no usable links found. What do you want to do?"

124
        message += "\n[1] (re)try with DuckDuckGo (default)"

125
        message += "\n[2] (re)try with Bing"

126
        message += "\n[3] quit"

127
        choice = readInput(message, default='1')

128


129
        if choice == '3':

130
            raise SqlmapUserQuitException

131
        elif choice == '2':

132
            url = "https://www.bing.com/search?q=%s&first=%d" % (urlencode(dork, convall=True), (gpage - 1) * 10 + 1)

133
            regex = BING_REGEX

134
        else:

135
            url = "https://html.duckduckgo.com/html/"

136
            data = "q=%s&s=%d" % (urlencode(dork, convall=True), (gpage - 1) * 30)

137
            regex = DUCKDUCKGO_REGEX

138


139
        try:

140
            req = _urllib.request.Request(url, data=getBytes(data), headers=requestHeaders)

141
            conn = _urllib.request.urlopen(req)

142


143
            requestMsg = "HTTP request:\nGET %s" % url

144
            requestMsg += " %s" % _http_client.HTTPConnection._http_vsn_str

145
            logger.log(CUSTOM_LOGGING.TRAFFIC_OUT, requestMsg)

146


147
            page = conn.read()

148
            code = conn.code

149
            status = conn.msg

150
            responseHeaders = conn.info()

151
            page = decodePage(page, responseHeaders.get("Content-Encoding"), responseHeaders.get("Content-Type"))

152


153
            responseMsg = "HTTP response (%s - %d):\n" % (status, code)

154


155
            if conf.verbose <= 4:

156
                responseMsg += getUnicode(responseHeaders, UNICODE_ENCODING)

157
            elif conf.verbose > 4:

158
                responseMsg += "%s\n%s\n" % (responseHeaders, page)

159


160
            logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

161
        except _urllib.error.HTTPError as ex:

162
            try:

163
                page = ex.read()

164
                page = decodePage(page, ex.headers.get("Content-Encoding"), ex.headers.get("Content-Type"))

165
            except socket.timeout:

166
                warnMsg = "connection timed out while trying "

167
                warnMsg += "to get error page information (%d)" % ex.code

168
                logger.critical(warnMsg)

169
                return None

170
        except:

171
            errMsg = "unable to connect"

172
            raise SqlmapConnectionException(errMsg)

173


174
        page = getUnicode(page)  # Note: if decodePage call fails (Issue #4202)

175


176
        retVal = [_urllib.parse.unquote(match.group(1).replace("&amp;", "&")) for match in re.finditer(regex, page, re.I | re.S)]

177


178
        if not retVal and "issue with the Tor Exit Node you are currently using" in page:

179
            warnMsg = "DuckDuckGo has detected 'unusual' traffic from "

180
            warnMsg += "used (Tor) IP address"

181


182
            if conf.proxyList:

183
                raise SqlmapBaseException(warnMsg)

184
            else:

185
                logger.critical(warnMsg)

186


187
    return retVal

188


189
@stackedmethod

190
def search(dork):

191
    pushValue(kb.choices.redirect)

192
    kb.choices.redirect = REDIRECTION.YES

193


194
    try:

195
        return _search(dork)

196
    except SqlmapBaseException as ex:

197
        if conf.proxyList:

198
            logger.critical(getSafeExString(ex))

199


200
            warnMsg = "changing proxy"

201
            logger.warning(warnMsg)

202


203
            conf.proxy = None

204


205
            setHTTPHandlers()

206
            return search(dork)

207
        else:

208
            raise

209
    finally:

210
        kb.choices.redirect = popValue()

211


212
def setHTTPHandlers():  # Cross-referenced function

213
    raise NotImplementedError

214


215