Detect Error Based SQLI injection

SQLiDetector:-
Simple python script supported with BurpBouty 
profile that helps you to detect SQL injection
"Error based" by sending multiple requests 
with 14 payloads and checking for 152 regex 
patterns for different databases.
Description:-
The main idea for the tool is scanning for Error
Based SQL Injection by using different payloads like
'123 ''123 `123 ")123 "))123 `)123 `))123 '))123 ')123"123 []123 ""123 '"123 "'123 \123 
And match for 152 error regex patterns for different databases. 
How does it work?
  • Use your subdomain grabber script or tools.
  • Pass all collected subdomains to httpx or httprobe to get only live subs.
  • Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc.
  • Use URO tool to filter them and reduce the noise.
  • Grep to get all the links that contain parameters only. You can use Grep or GF tool.
  • Pass the final URLs file to the tool, and it will test them.
The final schema of URLs that you will pass to the tool must be like this one
  • https://aykalam.com?x=test&y=fortest
  • http://test.com?parameter=ayhaga
Installation and Usage:-
Just run the following command to install the required libraries.
  • git clone https://github.com/eslam3kl/SQLiDetector.git
  • pip3 install -r requirements.txt 
To run 
  • python3 sqlidetector.py -h

Comments

Post a Comment

Popular posts from this blog

How to decrypt message with CryptoJS AES

  Javascript code to decrypt message using crypto js : - data = " IYkyGxYaNgHpnZWgwILMalVFmLWFgTCHCZL9263NOcfSo5lBjAzOZAtF5bF++R0Bi+9c9E+p3VEr/xvj4oABtRWVJ2wlWzLbYC2rKFk5iapFhb7uZCUpO4w4Su3a5QFa2vInjYueziRoqySZd/DpstMJ8rsJ94VGizFFFZ1l0sw1ax+wfBA v5+wHs/hlnHi/ea66KBO3rgXKahvV28h+4bh5etc8RCrmiiNbfg6Oj0jQJDjdYIdW8T9YPOI9E1hih8lbfRnMWcOFJgYekfLpoy5LI525UGnlM46J1k6ekLqsn9FqvbiOOoLgqa4YqBm1i9P0ePyjkME+t+RiL8xXX+ItgOYr9G7kM64wlTJPCW8B/crmUdmGzQNC/hD/u/8wfHBS2f8u6OtQMG/+Kpk1oju8lcUZGI/4S8A6/OuktvQr2zgnbs2aADMrM37Oait/pJ3G73S7NwVT8EaK+X43c0C/fUvW2/bD/rqCNpAh9WQlz4Cj6JHwjbmwuind6aCimF1tHjXuR9FXu+g17sPT4ZkKZ6aeBG+m170XdCGn2hVM0wH1rh3VeCG2u/JFqfuGKGSoqeHeNY/icu9pEhtZDzHd7aPoaMXcWvXC9PjooBf7GM1EPacSdnon1kBobjtKSt1l15DjO5TMrJoX7VO7GotQwo+uI/u5Kop01hBXxyxyggl1/8N0ESohPJoqLDrIwvbGK5kW4B49FVPnx9CMvjZDdSsoxPAh+hx6SPe8Hj0Nx4bRs06cbtOkte/V8QSYIqjiJDleEqPrdiKlvgToZz9L29ZR/3Ln65qU1sq7q9c0SEYxIopV7TdTjFS7y76zDPFZkhzc3DjfLtJo/M1hdtt648APcZdmAIgWH6fh3eJZ0qbiPh8RStYH7I2COmnlMw4+t/B5mlhYVSgwPK2Ir736Mh+P9Bw...
Read more

libcurl (curl-impersonate) bindings for Node.js

  Description  :-   libcurl is a free and easy-to-use client-side URL transfer library, supporting DICT, FILE, FTP, FTPS, Gopher, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMTP, SMTPS, Telnet and TFTP. libcurl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies, user+password authentication (Basic, Digest, NTLM, Negotiate, Kerberos), file transfer resume, http proxy tunneling and more! Note:- This library cannot be used in a browser, it depends on native code. Installation :- npm i node-libcurl --save Or yarn add node-libcurl Further description :- https://github.com/SwapnilSoni1999/node-libcurl-impersonate
Read more

File upload bypass

  File Upload General Methodology :- Other useful extensions: PHP: .php, .php2, .php3, .php4, .php5, .php6, .php7, .phps, .phps, .pht, .phtm, .phtml, .pgif, .shtml, .htaccess, .phar, .inc ASP: .asp, .aspx, .config, .ashx, .asmx, .aspq, .axd, .cshtm, .cshtml, .rem, .soap, .vbhtm, .vbhtml, .asa, .cer, .shtml Jsp: .jsp, .jspx, .jsw, .jsv, .jspf, .wss, .do, .action Coldfusion: .cfm, .cfml, .cfc, .dbm Flash: .swf Perl: .pl, .cgi Erlang Yaws Web Server: .yaws Bypass file extensions checks :- Try adding special characters at the end. You could use Burp to bruteforce all the ascii and Unicode characters. (Note that you can also try to use the previously motioned extensions) file.php%20 file.php%0a file.php%00 file.php%0d%0a file.php/ file.php.\ file. file.php.... file.pHp5.... Magic Header Bytes :- PNG : " \x89PNG\r\n\x1a\n\0\0\0\rIHDR\0\0\x03H\0\xs0\x03[ " JPG : " \xff\xd8\xff " From File upload to other vulnerabilities :- Set filename to ../../../tmp/lol.png and try to a...
Read more