GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → KINGSABRI → sqlmap-tamper-api

KINGSABRI / sqlmap-tamper-api

Licence: other
SQLMap tamper api to accept tamper scripts from all languages

Programming Languages

javascript
184084 projects - #8 most used programming language
python
139335 projects - #7 most used programming language
ruby
36898 projects - #4 most used programming language
PHP
23972 projects - #3 most used programming language
perl
6916 projects
crystal
512 projects

Labels

sqlmapsqlmap-apitamper-api

Projects that are alternatives of or similar to sqlmap-tamper-api

Sqlmap
Automatic SQL injection and database takeover tool
Stars: ✭ 21,907 (+43714%)
Mutual labels:  sqlmap
sqlmap-wiki-zhcn
可能是最完整的 sqlmap 中文文档。
Stars: ✭ 51 (+2%)
Mutual labels:  sqlmap
sqlmapapi
sqlmapapi批量注入检测
Stars: ✭ 22 (-56%)
Mutual labels:  sqlmap
LBFH
About All in one tool for Information Gathering, Vulnerability Scanning and Crawling. A must have tool for all penetration testers
Stars: ✭ 46 (-8%)
Mutual labels:  sqlmap

SQLmap Tamper-API

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts.

This API solves SQLmap limitation of accepting only python to write tamper scripts.

How it works

taper-api.py script sends the payload and kwargs in a JSON format ( {"payload": "", "kwargs": {"headers": {}}} ) to the foreign tamper script's STDIN as an argument.

From there the foreign script parses the JSON and process it then sends it as a JSON format again to STDOUT where tamper-api.py reads and parses then sends it to SQLmap.

    ,-------(returns objects)---------,
    |                                 |
[ sqlmap ] --(sends objects)--> [tamper-api] --(sends json)--> [your-script]
                                      ^                             |
                                      |________(returns json)_______|

Example

#!/usr/bin/env ruby
#
# Author:       KING SABRI | @KINGSABRI
# Description:  Base64 encoding all characters in a given payload
# Requirements: None
#
require 'json'
require 'base64'

@json    = JSON.parse(ARGV[0])
@payload = @json["payload"]
@kwargs  = @json["kwargs"]

@json["payload"] = Base64.urlsafe_encode64(@payload)

print @json.to_json

Don't Forget:

  • Copy tamper-api.py script into sqlmap/tamper directory.
  • Check tamper-scripts/[YOUR_LANGUAGE] for practical examples.

Usage

sqlmap -v3 -u http://example.com/pages.php?page=1 --tamper tamper-api base64encode.rb

Contribution

  1. Fork
  2. Clone : https://github.com/[USERNAME]/sqlmap-multi-language-tamper.git
  3. Create a new branch: git checkout -b YourBranch
  4. Commit changes: git add * && git commit 'description'
  5. Create Pull Request(PR)

Or, open an issue for new requests and bugs reporting!

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].