sqli-hunter: Simple sqlmap api with proxy server


SQLi-Hunter is a simple HTTP server, with a sqlmap api that makes SQLi discovery a very easy task.

Requirements

Ruby:> 2.0.0
sqlmap

Installation

git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install bundle
bundle install

Use

SQLMAP API wrapper by ztz (github.com/zt2)

Usage: bin / sqli-hunter.rb [options]

Common options:
-h, –host = [HOST] Bind host for proxy server (default is localhost)
-p, –port = Bind port for proxy server (default is 8080)
–Sqlmap-host = [HOST] Host for sqlmap api (default is localhost)
–Sqlmap-port = [PORT] Port for sqlmap api (default is 8775)
–Targeted-hosts = [HOSTS] Targeted hosts split by comma (default is all)
–Version Display version

SQLMAP options
–Technique = [TECH] SQL injection techniques to use (default “BEUSTQ”)
–Threads = [THREADS] Max number of competing HTTP (s) requests (default 5)
–Dbms = [DBMS] Force back-end DBMS to this value
–Os = [OS] Force back-end DBMS operating system to this value
–Tamper = [TAMPER] Use given script (s) for tampering injection data
–Level = [LEVEL] Level of tests to perform (1-5, default 1)
–Risk = [RISK] Risk of tests to perform (0-3, default 1)
–Mobile Imitate smartphone via HTTP User-Agent header
–Smart Conduct through tests only if positive heuristic (s)
–Random-agent Use randomly selected HTTP User-Agent header value

Results:

➜ sqli-hunter git: (master) ruby ​​bin / sqli-hunter.rb –targeted-hosts = demo.aisec.cn –threads = 15 –random-agent –smart
[01:50:17] [INFO] [bdf9f3495bb70fbc] task created
[01:50:17] [INFO] [bdf9f3495bb70fbc] task started
[01:50:20] [INFO] [bdf9f3495bb70fbc] task finished
[01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use ‘sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6’ to exploit

You can download the program from here.

Registration in iGuRu.gr via Email

Enter your email to subscribe to the email notification service for new posts.


Read them Technology News from all over the world, with the validity of iGuRu.gr

Follow us on Google News iGuRu.gr at Google news