GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → zt2 → Sqli Hunter

zt2 / Sqli Hunter

SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

pentestingdetectionexploitationsql-injectionvulnerability-scanner

Projects that are alternatives of or similar to Sqli Hunter

Sqlmap
Automatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+6343.24%)
Mutual labels:  pentesting, detection, exploitation, sql-injection, vulnerability-scanner
Fuxploider
File upload vulnerability scanner and exploitation tool.
Stars: ✭ 1,997 (+487.35%)
Mutual labels:  pentesting, detection, exploitation, vulnerability-scanner
Commix
Automated All-in-One OS Command Injection Exploitation Tool.
Stars: ✭ 3,016 (+787.06%)
Mutual labels:  pentesting, detection, exploitation, vulnerability-scanner
Poc T
渗透测试插件化并发框架 / Open-sourced remote vulnerability PoC/EXP framework
Stars: ✭ 1,722 (+406.47%)
Mutual labels:  pentesting, exploitation, vulnerability-scanner
Arissploit
Arissploit Framework is a simple framework designed to master penetration testing tools. Arissploit Framework offers simple structure, basic CLI, and useful features for learning and developing penetration testing tools.
Stars: ✭ 114 (-66.47%)
Mutual labels:  pentesting, exploitation, vulnerability-scanner
Shuriken
Cross-Site Scripting (XSS) command line tool for testing lists of XSS payloads on web apps.
Stars: ✭ 114 (-66.47%)
Mutual labels:  pentesting, detection, exploitation
Sifter
Sifter aims to be a fully loaded Op Centre for Pentesters
Stars: ✭ 403 (+18.53%)
Mutual labels:  pentesting, exploitation, vulnerability-scanner
Sqlite Lab
This code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
Stars: ✭ 140 (-58.82%)
Mutual labels:  pentesting, sql-injection
Mida Multitool
Bash script purposed for system enumeration, vulnerability identification and privilege escalation.
Stars: ✭ 144 (-57.65%)
Mutual labels:  pentesting, exploitation
Xerror
fully automated pentesting tool
Stars: ✭ 173 (-49.12%)
Mutual labels:  pentesting, exploitation
Shellab
Linux and Windows shellcode enrichment utility
Stars: ✭ 225 (-33.82%)
Mutual labels:  pentesting, exploitation
Fdsploit
File Inclusion & Directory Traversal fuzzing, enumeration & exploitation tool.
Stars: ✭ 199 (-41.47%)
Mutual labels:  pentesting, exploitation
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-95.88%)
Mutual labels:  sql-injection, pentesting
Raccoon
A high performance offensive security tool for reconnaissance and vulnerability scanning
Stars: ✭ 2,312 (+580%)
Mutual labels:  pentesting, vulnerability-scanner
sub404
A python tool to check subdomain takeover vulnerability
Stars: ✭ 205 (-39.71%)
Mutual labels:  pentesting, vulnerability-scanner
SQLbit
Just another script for automatize boolean-based blind SQL injections. (Demo)
Stars: ✭ 30 (-91.18%)
Mutual labels:  sql-injection, pentesting
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+765.29%)
Mutual labels:  detection, sql-injection
Gray hat csharp code
This repository contains full code examples from the book Gray Hat C#
Stars: ✭ 301 (-11.47%)
Mutual labels:  pentesting, sql-injection
Vailyn
A phased, evasive Path Traversal + LFI scanning & exploitation tool in Python
Stars: ✭ 103 (-69.71%)
Mutual labels:  pentesting, exploitation
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 1,392 (+309.41%)
Mutual labels:  pentesting, exploitation
View All Similar Projects ➔

SQLi-Hunter

SQLi-Hunter is a simple HTTP/HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

0x0 Installation

Using Docker

  • Build the Docker image:
docker build -t sqli-hunter https://github.com/zt2/sqli-hunter.git
  • Run the Docker image:
docker run -ti -p 8080:8080 -p 8081:8081 -v /tmp:/tmp --rm sqli-hunter --host=0.0.0.0

The volume argument allows SQLi-Hunter to persist output files to be accessed on the host system. The port mapping argument will enable SQLi-Hunter to start a proxy server and a reverse SSL proxy server to be accessed on the host system.

  • Install CA (cert/sqli-hunter.pem) on the device you want to test
  • Setup proxy (port 8080) in the browser and you are ready to go.

From source

  • Build from the latest release of the source code:
git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install bundler
bundler install
  • Start SQLMAP API server manually.
python sqlmapapi.py -s
  • Run SQLi-Hunter
ruby bin/sqli-hunter.rb
  • Configure proxy server settings in your browser

0x1 Usage


  _____ _____ __    _     _____         _
  |   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___
  |__   |  |  |  |__| |___|     | | |   |  _| -_|  _|
  |_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|
  |__|

      SQLMAP API wrapper by ztz (github.com/zt2)

  Usage: bin/sqli-hunter.rb [options]

Common options:
    -h, --host=[HOST]                Bind host for proxy server (default is localhost)
    -p, --port=<PORT>                Bind port for proxy server (default is 8080)
        --sqlmap-host=[HOST]         Host for sqlmap api (default is localhost)
        --sqlmap-port=[PORT]         Port for sqlmap api (default is 8775)
        --targeted-hosts=[HOSTS]     Targeted hosts split by comma (default is all)
        --version                    Display version

SQLMAP options
        --technique=[TECH]           SQL injection techniques to use (default "BEUSTQ")
        --threads=[THREADS]          Max number of concurrent HTTP(s) requests (default 5)
        --dbms=[DBMS]                Force back-end DBMS to this value
        --os=[OS]                    Force back-end DBMS operating system to this value
        --tamper=[TAMPER]            Use given script(s) for tampering injection data
        --level=[LEVEL]              Level of tests to perform (1-5, default 1)
        --risk=[RISK]                Risk of tests to perform (0-3, default 1)
        --mobile                     Imitate smartphone through HTTP User-Agent header
        --smart                      Conduct through tests only if positive heuristic(s)
        --random-agent               Use randomly selected HTTP User-Agent header value

Output:

➜  sqli-hunter git:(master) ruby bin/sqli-hunter.rb --targeted-hosts=demo.aisec.cn --threads=15 --random-agent --smart
  [01:50:17] [INFO] [bdf9f3495bb70fbc] task created
  [01:50:17] [INFO] [bdf9f3495bb70fbc] task started
  [01:50:20] [INFO] [bdf9f3495bb70fbc] task finished
  [01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use 'sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6' to exploit
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].