Skip to content
/ sqli-hunter Public
forked from zt2/sqli-hunter

A simple sqlmap api wrapper and proxy server

1 star 128 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ccavxx/sqli-hunter

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
lib
lib
 
 
.gitignore
.gitignore
 
 
Gemfile
Gemfile
 
 
Gemfile.lock
Gemfile.lock
 
 
README.md
README.md
 
 
sqli-hunter.rb
sqli-hunter.rb
 
 

Repository files navigation

SQLi-Hunter

===

SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily.

Requirement

Ruby > 2.0.0
sqlmap

Installation

install sqlmap

git clone https://github.com/sqlmapproject/sqlmap.git

clone this project

install gems

cd sqli-hunter
gem install bundle
bundle install

Usage

➜  sqli-hunter git:(master)  ruby sqli-hunter.rb

 _____ _____ __    _     _____         _
|   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___
|__   |  |  |  |__| |___|     | | |   |  _| -_|  _|
|_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|
         |__|

      sqlmap api wrapper by ztz ([email protected])

Usage: sqli-hunter.rb [options]

Common options:
    -s, --server                     Act as a Proxy-Server
    -p, --port=<PORT>                Port of the Proxy-Server (default is 8888)
        --api-host=<HOST>            Host of the sqlmapapi (default is localhost:8775)
        --version                    Show version

sqlmap options
        --technique=<TECH>           SQL injection techniques to use (default "BEUSTQ")
        --threads=<THREADS>          Max number of concurrent HTTP(s) requests (default 10)
        --dbms=<DBMS>                Force back-end DBMS to this value
        --os=<OS>                    Force back-end DBMS operating system to this value
        --tamper=<TAMPER>            Use given script(s) for tampering injection data
        --level=<LEVEL>              Level of tests to perform (1-5, default 1)
        --risk=<RISK>                Risk of tests to perform (0-3, default 1)
        --mobile                     Imitate smartphone through HTTP User-Agent header
        --smart                      Conduct through tests only if positive heuristic(s)

start sqlmap api

python sqlmapapi.py -s

start sqli-hunter proxy server

ruby sqli-hunter.rb -s -p 8888

configure proxy server settings in your browser

➜  sqli-hunter git:(master)  ruby sqli-hunter.rb -s --dbms=mysql

 _____ _____ __    _     _____         _
|   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___
|__   |  |  |  |__| |___|     | | |   |  _| -_|  _|
|_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|
         |__|

          sqlmap api wrapper by ztz ([email protected])

[*] Proxy server started... listening on port 8080
[-] 999058ea998684e5: all tested parameters appear to be not injectable
[-] 0389cb1c7af78d52: all tested parameters appear to be not injectable
[+] Vulnerable: 5fa7bb8ede704b4f requestFile: /tmp/0a5a71c5d6bfc1779fb4e678c869f350

start sqlmap to exploit it

python sqlmap.py -r /tmp/0a5a71c5d6bfc1779fb4e678c869f350

About

A simple sqlmap api wrapper and proxy server

Resources

Readme
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 100.0%