• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
iGuRu

iGuRu

Real-time Technology News. Opinions & Tweaks

  • / news
  • / infosec
  • / tools
  • / tweaks
  • / dummies
  • / opinions
  • / support
  • / yourpost
home / tools / sqli-hunter: Simple sqlmap api with proxy server

sqli-hunter: Simple sqlmap api with proxy server

11/10/2020 05:24 by Anastasis Vasileiadis

SQLi-Hunter is a simple HTTP server, with a sqlmap api that makes SQLi discovery a very easy task.

sql 1024x549 1 - sqli-hunter: Simple sqlmap api with proxy server

Requirements

Ruby:> 2.0.0
sqlmap

Installation

git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install bundle
bundle install

Use

SQLMAP API wrapper by ztz (github.com/zt2)

Usage: bin / sqli-hunter.rb [options]

Common options:
-h, –host = [HOST] Bind host for proxy server (default is localhost)
-p, –port = Bind port for proxy server (default is 8080)
–Sqlmap-host = [HOST] Host for sqlmap api (default is localhost)
–Sqlmap-port = [PORT] Port for sqlmap api (default is 8775)
–Targeted-hosts = [HOSTS] Targeted hosts split by comma (default is all)
–Version Display version

SQLMAP options
–Technique = [TECH] SQL injection techniques to use (default “BEUSTQ”)
–Threads = [THREADS] Max number of competing HTTP (s) requests (default 5)
–Dbms = [DBMS] Force back-end DBMS to this value
–Os = [OS] Force back-end DBMS operating system to this value
–Tamper = [TAMPER] Use given script (s) for tampering injection data
–Level = [LEVEL] Level of tests to perform (1-5, default 1)
–Risk = [RISK] Risk of tests to perform (0-3, default 1)
–Mobile Imitate smartphone via HTTP User-Agent header
–Smart Conduct through tests only if positive heuristic (s)
–Random-agent Use randomly selected HTTP User-Agent header value

Results:

➜ sqli-hunter git: (master) ruby ​​bin / sqli-hunter.rb –targeted-hosts = demo.aisec.cn –threads = 15 –random-agent –smart
[01:50:17] [INFO] [bdf9f3495bb70fbc] task created
[01:50:17] [INFO] [bdf9f3495bb70fbc] task started
[01:50:20] [INFO] [bdf9f3495bb70fbc] task finished
[01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use ‘sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6’ to exploit

You can download the program from here.

sqli-hunter: Simple sqlmap api with proxy server was last modified: October 11, 2020, 5: 24 am by Anastasis Vasileiadis

spread the news

  • Facebook
  • Twitter
  • Reddit
  • Printing
  • Email

Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News


Competition: toolstag: sqli-hunter

You May Also Like

Sigurlx: Internet mapping tool
Zmap: Simple and fast Network Scanner
reconftw: Simple and easy to use Recon script

About Us Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Previous Post: « Nmap 7.91 free Security Scanner for everyone
Next Post: c41n | Automated access point Rogue tool »

Reader Interactions

Comment Policy:

IGuRu.gr does not publish the comments immediately. Malicious comments, comments that include ads, or comments that are offensive are deleted without notice. We do not adopt the opinions expressed by our readers.
Your comments will be displayed after approval by the administrators


Leave your comment
Ακύρωση απάντησης

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *

 

 © 2021 · iGuRu.gr · ☢ · Keep It Simple Stupid Genesis theme

about  ·   get in touch  ·  rss  ·  sitemap  ·  cough

loading Cancel
Could not post post - check your email address!
Email verification failed, please try again
Your blog can not post posts via email.