• Home »
  • Errors »
  • sqlscan Error: sqlscan.py:8: DeprecationWarning: the sets module is deprecated

sqlscan Error: sqlscan.py:8: DeprecationWarning: the sets module is deprecated

Backtrack Linux is full of really great tools including SQLScan which is a SQL Scanner that provides the ability to query Google for vulnerable hosts and extract MD5 hashes from the results. Unfortunately sqlscan.py was written for Python 2.3 or Python 2.4 and has not been maintained to be compatible with Python 2.6 which is the current version of Python installed on Backtrack Linux 5 R3. Backtrack 5 R3 is based off of Ubuntu 10.04 which had a release date of April, 2010 so needless to say some packages are out of date. It should be noted though that there is a lot to be said for stability in your operating system versus bleeding edge capabilities and I am sure when the time is correct the Backtrack team will be releasing a new version of Backtrack based on a newer version of Ubuntu.

sqlscan.py Errors On Backtrack 5 R3:

root@bt:/pentest/database/sqlscan# python sqlscan.py
sqlscan.py:8: DeprecationWarning: the sets module is deprecated
  import sys, urllib2, re, sets, time, socket, httplib

           d3hydr8[at]gmail[dot]com SQL Scanner v1.0
        -----------------------------------------------

  Usage: python SQLscan.py <options>

  Example: python SQLscan.py -g inurl:'.gov' 200 -s '/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*' -write sql_found.txt -v

        [options]
           -g/-google <query> <num of hosts> : Searches google for hosts
           -s/-sql <file+injection code> : Vuln. file plux sql injection
           -w/-write <file> : Writes potential SQL found to file
           -v/-verbose : Verbose Mode

root@bt:/pentest/database/sqlscan#

The first error can be noticed in just outputting the help menu by running sqlscan.py without any switches. The issue revolves around the import of “sets” which is now built into Python2.6 as set. The error text is below.

sqlscan.py Error: sqlscan.py:8: DeprecationWarning: the sets module is deprecated

The second error causes sqlscan.py to not function at all outside of printing the help menu. Below is the output of an attempt to use sqlscan.py to query Google for vulnerable SQL servers.

SQLScan Crashes On Backtrack 5 R3:

root@bt:/pentest/database/sqlscan# python sqlscan.py -g inurl:'.gov' 50 -s '/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*' -write sql_found.txt -v
sqlscan.py:8: DeprecationWarning: the sets module is deprecated
  import sys, urllib2, re, sets, time, socket, httplib

           d3hydr8[at]gmail[dot]com SQL Scanner v1.0
        -----------------------------------------------

[+] SQL_scan Loaded
[+] Verbose Mode On
[+] SQL: /index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*
[+] File: sql_found.txt
[+] Query: inurl:.gov
[+] Number: 50
[+] Querying Google...
Traceback (most recent call last):
  File "sqlscan.py", line 132, in <module>
    urls = geturls(query)
  File "sqlscan.py", line 46, in geturls
    opener = urllib2.build_opener(url)
  File "/usr/lib/python2.6/urllib2.py", line 477, in build_opener
    opener.add_handler(h)
  File "/usr/lib/python2.6/urllib2.py", line 311, in add_handler
    type(handler))
TypeError: expected BaseHandler instance, got <type 'str'>
root@bt:/pentest/database/sqlscan#

This is likely a bummer if you need to query Google for vulnerable SQL servers but you are in luck because fixing sqlscan.py on Backtrack Linux is super easy by installing Python 2.4 as a secondary Python. The details for installing Python 2.4 are available in this article. Once you have installed Python 2.4 you should make one change to the top of sqlscan.py to make sure you won’t run into future issues with sqlscan.py and you will always remember it is dependent on Python 2.4. Use the information below to modify sqlscan.py which is located in the /pentest/database/sqlscan directory.

Original First Lines Of sqlscan.py:

#!/usr/bin/python
#SQL Scanner that will collect hosts using a google query. Will add the
#injection code to each host and search for md5 in the source.

Modified First Lines Of sqlscan.py After Install Python 2.4:

#!/usr/bin/python2.4
#SQL Scanner that will collect hosts using a google query. Will add the
#injection code to each host and search for md5 in the source.

Notice the addition of 2.4 to the end of python on the first line of the sqlscan.py file. You can now run sqlscan without issue using python2.4 instead of python as noted in the instructions.


List Price: $49.95 USD
New From: $28.22 USD In Stock
Used from: $29.03 USD In Stock


List Price: $39.99 USD
New From: $21.24 USD In Stock
Used from: $21.92 USD In Stock

Share