SQLi-Hunter is a simple HTTP server, with a sqlmap api that makes SQLi discovery a very easy task.
Requirements
Ruby:> 2.0.0
sqlmap
Installation
git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install bundle
bundle install
Use
SQLMAP API wrapper by ztz (github.com/zt2)
Usage: bin / sqli-hunter.rb [options]
Common options:
-h, –host = [HOST] Bind host for proxy server (default is localhost)
-p, –port = Bind port for proxy server (default is 8080)
–Sqlmap-host = [HOST] Host for sqlmap api (default is localhost)
–Sqlmap-port = [PORT] Port for sqlmap api (default is 8775)
–Targeted-hosts = [HOSTS] Targeted hosts split by comma (default is all)
–Version Display version
SQLMAP options
–Technique = [TECH] SQL injection techniques to use (default “BEUSTQ”)
–Threads = [THREADS] Max number of competing HTTP (s) requests (default 5)
–Dbms = [DBMS] Force back-end DBMS to this value
–Os = [OS] Force back-end DBMS operating system to this value
–Tamper = [TAMPER] Use given script (s) for tampering injection data
–Level = [LEVEL] Level of tests to perform (1-5, default 1)
–Risk = [RISK] Risk of tests to perform (0-3, default 1)
–Mobile Imitate smartphone via HTTP User-Agent header
–Smart Conduct through tests only if positive heuristic (s)
–Random-agent Use randomly selected HTTP User-Agent header value
Results:
➜ sqli-hunter git: (master) ruby bin / sqli-hunter.rb –targeted-hosts = demo.aisec.cn –threads = 15 –random-agent –smart
[01:50:17] [INFO] [bdf9f3495bb70fbc] task created
[01:50:17] [INFO] [bdf9f3495bb70fbc] task started
[01:50:20] [INFO] [bdf9f3495bb70fbc] task finished
[01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use ‘sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6’ to exploit
You can download the program from here.
Read them Technology News from all over the world, with the validity of iGuRu.gr
Follow us on Google News
Comment Policy:
IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators