GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Sunlight-Rim → SQLbit

Sunlight-Rim / SQLbit

Licence: GPL-3.0 License
Just another script for automatize boolean-based blind SQL injections. (Demo)

Programming Languages

python
139335 projects - #7 most used programming language

Labels

sqlsql-injectionpentesting

Projects that are alternatives of or similar to SQLbit

Gray hat csharp code
This repository contains full code examples from the book Gray Hat C#
Stars: ✭ 301 (+903.33%)
Mutual labels:  sql-injection, pentesting
Sqlmap
Automatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+72923.33%)
Mutual labels:  sql-injection, pentesting
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-53.33%)
Mutual labels:  sql-injection, pentesting
Pentesting Bible
Learn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Stars: ✭ 8,981 (+29836.67%)
Mutual labels:  sql-injection, pentesting
Sqli Hunter
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Stars: ✭ 340 (+1033.33%)
Mutual labels:  sql-injection, pentesting
Sqlite Lab
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (+366.67%)
Mutual labels:  sql-injection, pentesting
Brutus
Botnet targeting Windows machines written entirely in Python & open source security project.
Stars: ✭ 37 (+23.33%)
Mutual labels:  pentesting
quick-recon.py
Do some quick reconnaissance on a domain-based web-application
Stars: ✭ 13 (-56.67%)
Mutual labels:  pentesting
SimpleKeylogger
Simple Keylogger with smtp to send emails on your account using python works on linux and Windows
Stars: ✭ 32 (+6.67%)
Mutual labels:  pentesting
gDorks
Vulnerable website scraper
Stars: ✭ 25 (-16.67%)
Mutual labels:  sql-injection
EvilUSB
Quick utility to craft executables for pentesting and managing reverse shells
Stars: ✭ 33 (+10%)
Mutual labels:  pentesting
CVE-2020-0688-Scanner
Quick tool for checking CVE-2020-0688 on multiple hosts with a non-intrusive method.
Stars: ✭ 38 (+26.67%)
Mutual labels:  pentesting
FacebookBug
Facebook Write-ups, PoC, and exploitation codes:
Stars: ✭ 28 (-6.67%)
Mutual labels:  pentesting
security-study-tutorial
Summary of online learning materials
Stars: ✭ 73 (+143.33%)
Mutual labels:  pentesting
avain
A Modular Framework for the Automated Vulnerability Analysis in IP-based Networks
Stars: ✭ 56 (+86.67%)
Mutual labels:  pentesting
YAPS
Yet Another PHP Shell - The most complete PHP reverse shell
Stars: ✭ 35 (+16.67%)
Mutual labels:  pentesting
awesome-list-of-secrets-in-environment-variables
🦄🔒 Awesome list of secrets in environment variables 🖥️
Stars: ✭ 538 (+1693.33%)
Mutual labels:  pentesting
Resources
No description or website provided.
Stars: ✭ 38 (+26.67%)
Mutual labels:  sql-injection
xssmap
Intelligent XSS detection tool that uses human techniques for looking for reflected cross-site scripting (XSS) vulnerabilities
Stars: ✭ 107 (+256.67%)
Mutual labels:  pentesting
server
Hashtopolis - A Hashcat wrapper for distributed hashcracking
Stars: ✭ 954 (+3080%)
Mutual labels:  pentesting
View All Similar Projects ➔

SQL Blind Injection Tool

Just another script for automatize boolean-based blind SQL injections.
Works with SQLite at least, supports using cookies.
It uses bitwise comparisons with multithreading to find cell values instead of binary search, which is more efficient.

It's able to:

  • Search cell values by columns in a table
  • Search characters count in a cells by columns in a table
  • Search rows count in a table

The search algorithm is shown below.
Knowing the name of its column ('sqlite_master' by default in sqlite, for example) and the column name of it ('name' in sqlite) you can find values ​​of every cell in every row. And the fastest algorithm for this is checking the binary values of every character in every cell, which can be perform using multiple threads. Considering this, we can send only 7 requests to get the standard 7-bit letter, and using 1000 threads, we get ~142 letters per moment (it's also worth keeping in mind requests to get the length of a cell value).

idea

The number of bits need to compare (7 by default for ASCII) and the number of threads can be specified as input data.

Installing

git clone https://github.com/Sunlight-Rim/sqlbit.git
pip3 install -r requirements.txt

Usage

It does not accept command line arguments, so you can specify data in the config file or at runtime program.

python sqlbit.py

screenshot

Note: please, use it only for your own servers or for the servers of those owners with whom you have agreed in advance.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].