sqli-hunter: Simple sqlmap api with proxy server

The SQLi- is a simple HTTP server, with a   api that makes SQLi discovery a very easy task.

Requirements

Ruby:> 2.0.0
sqlmap

Installation

git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install
bundle install

Use

SQLMAP API wrapper by ztz (github.com/zt2)

Usage: bin / sqli-hunter.rb [options]

Common options:
-h, –host = [HOST] Bind host for proxy server (default is localhost)
-p, –port = Bind port for proxy server (default is 8080)
–Sqlmap-host = [HOST] Host for sqlmap api (default is localhost)
–Sqlmap-port = [PORT] Port for sqlmap api (default is 8775)
–Targeted-hosts = [HOSTS] Targeted hosts split by comma (default is all)
–Version Display version

SQLMAP options
–Technique = [TECH] SQL injection techniques to use (default “BEUSTQ”)
–threads=[THREADS] Max of concurrent HTTP(s) requests (default 5)
–Dbms = [DBMS] Force back-end DBMS to this value
–Os = [OS] Force back-end DBMS operating system to this value
–Tamper = [TAMPER] Use given script (s) for tampering injection data
–Level = [LEVEL] Level of tests to perform (1-5, default 1)
–Risk = [RISK] Risk of tests to perform (0-3, default 1)
–Mobile Imitate smartphone via HTTP User-Agent header
–Smart Conduct through tests only if positive heuristic (s)
–Random-agent Use randomly selected HTTP User-Agent header value

Results:

➜ sqli-hunter git: (master) ruby ​​bin / sqli-hunter.rb –targeted-hosts = demo.aisec.cn –threads = 15 –random-agent –smart
[01:50:17] [INFO] [bdf9f3495bb70fbc] task created
[01:50:17] [INFO] [bdf9f3495bb70fbc] task started
[01:50:20] [INFO] [bdf9f3495bb70fbc] task finished
[01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use ‘sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6' to

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).