FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

SQLMC - Check All Urls Of A Domain For SQL Injections

By: Zion3R


SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.

Features

  • Scans a domain for SQL injection vulnerabilities
  • Crawls the given URL up to a specified depth
  • Checks each link for SQL injection vulnerabilities
  • Reports vulnerabilities along with server information and depth

Installation

  1. Install the required dependencies: bash pip3 install sqlmc

Usage

Run sqlmc with the following command-line arguments:

  • -u, --url: The URL to scan (required)
  • -d, --depth: The depth to scan (required)
  • -o, --output: The output file to save the results

Example usage:

sqlmc -u http://example.com -d 2

Replace http://example.com with the URL you want to scan and 3 with the desired depth of the scan. You can also specify an output file using the -o or --output flag followed by the desired filename.

The tool will then perform the scan and display the results.

ToDo

  • Check for multiple GET params
  • Better injection checker trigger methods

Credits

License

This project is licensed under the GNU Affero General Public License v3.0.



Logsensor - A Powerful Sensor Tool To Discover Login Panels, And POST Form SQLi Scanning

By: Zion3R


A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanning

Features

  • login panel Scanning for multiple hosts
  • Proxy compatibility (http, https)
  • Login panel scanning are done in multiprocessing

so the script is super fast at scanning many urls

quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom

Β 

Installation

git clone https://github.com/Mr-Robert0/Logsensor.git
cd Logsensor && sudo chmod +x logsensor.py install.sh
pip install -r requirements.txt
./install.sh

Dependencies

Β 

Quick Tutorial

1. Multiple hosts scanning to detect login panels

  • You can increase the threads (default 30)
  • only run login detector module
python3 logsensor.py -f <subdomains-list> 
python3 logsensor.py -f <subdomains-list> -t 50
python3 logsensor.py -f <subdomains-list>  --login

2. Targeted SQLi form scanning

  • can provide only specifc url of login panel with --sqli or -s flag for run only SQLi form scanning Module
  • turn on the proxy to see the requests
  • customize user input name of login panel with actual name (default "username")
python logsensor.py -u www.example.com/login --sqli 
python logsensor.py -u www.example.com/login -s --proxy http://127.0.0.1:8080
python logsensor.py -u www.example.com/login -s --inputname email

View help

Login panel Detector Module -s, --sqli run only POST Form SQLi Scanning Module with provided Login panels Urls -n , --inputname Customize actual username input for SQLi scan (e.g. 'username' or 'email') -t , --threads Number of threads (default 30) -h, --help Show this help message and exit " dir="auto">
python logsensor.py --help

usage: logsensor.py [-h --help] [--file ] [--url ] [--proxy] [--login] [--sqli] [--threads]

optional arguments:
  -u , --url           Target URL (e.g. http://example.com/ )
  -f , --file          Select a target hosts list file (e.g. list.txt )
  --proxy              Proxy (e.g. http://127.0.0.1:8080)
  -l, --login          run only Login panel Detector Module
  -s, --sqli           run only POST Form SQLi Scanning Module with provided Login panels Urls 
  -n , --inputname     Customize actual username input for SQLi scan (e.g. 'username' or 'email')
  -t , --threads       Number of threads (default 30)
  -h, --help           Show this help message and exit

Screenshots


Development

TODO

  1. adding "POST form SQli (Time based) scanning" and check for delay
  2. Fuzzing on Url Paths So as not to miss any login panel


SQLiDetector - Helps You To Detect SQL Injection "Error Based" By Sending Multiple Requests With 14 Payloads And Checking For 152 Regex Patterns For Different Databases

By: noreply@blogger.com (Unknown)


Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-
| S|Q|L|i| |D|e|t|e|c|t|o|r|
| Coded By: Eslam Akl @eslam3kll & Khaled Nassar @knassar702
| Version: 1.0.0
| Blog: eslam3kl.medium.com
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-


Description

The main idea for the tool is scanning for Error Based SQL Injection by using different payloads like

'123
''123
`123
")123
"))123
`)123
`))123
'))123
')123"123
[]123
""123
'"123
"'123
\123

And match for 152 error regex patterns for different databases.
Source: https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml

How does it work?

It's very simple, just organize your steps as follows

  1. Use your subdomain grabber script or tools.
  2. Pass all collected subdomains to httpx or httprobe to get only live subs.
  3. Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc.
  4. Use URO tool to filter them and reduce the noise.
  5. Grep to get all the links that contain parameters only. You can use Grep or GF tool.
  6. Pass the final URLs file to the tool, and it will test them.

The final schema of URLs that you will pass to the tool must be like this one

https://aykalam.com?x=test&y=fortest
http://test.com?parameter=ayhaga

Installation and Usage

Just run the following command to install the required libraries.

~/eslam3kl/SQLiDetector# pip3 install -r requirements.txt

To run the tool itself.

# cat urls.txt
http://testphp.vulnweb.com/artists.php?artist=1

# python3 sqlidetector.py -h
usage: sqlidetector.py [-h] -f FILE [-w WORKERS] [-p PROXY] [-t TIMEOUT] [-o OUTPUT]
A simple tool to detect SQL errors
optional arguments:
  -h, --help            show this help message and exit]
  -f FILE, --file FILE  [File of the urls]
  -w WORKERS, --workers [WORKERS Number of threads]
  -p PROXY, --proxy [PROXY Proxy host]
  -t TIMEOUT, --timeout [TIMEOUT Connection timeout]
  -o OUTPUT, --output [OUTPUT [Output file]

# python3 sqlidetector.py -f urls.txt -w 50 -o output.txt -t 10

BurpBounty Module

I've created a burpbounty profile that uses the same payloads add injecting them at multiple positions like

  • Parameter name
  • Parameter value
  • Headers
  • Paths

I think it's more effective and will helpful for POST request that you can't test them using the Python script.

How does it test the parameter?

What's the difference between this tool and any other one? If we have a link like this one https://example.com?file=aykalam&username=eslam3kl so we have 2 parameters. It creates 2 possible vulnerable URLs.

  1. It will work for every payload like the following
https://example.com?file=123'&username=eslam3kl
https://example.com?file=aykalam&username=123'
  1. It will send a request for every link and check if one of the patterns is existing using regex.
  2. For any vulnerable link, it will save it at a separate file for every process.

Upcoming updates

  • Output json option.
  • Adding proxy option.
  • Adding threads to increase the speed.
  • Adding progress bar.
  • Adding more payloads.
  • Adding BurpBounty Profile.
  • Inject the payloads in the parameter name itself.

If you want to contribute, feel free to do that. You're welcome :)

Thanks to

Thanks to Mohamed El-Khayat and Orwa for the amazing paylaods and ideas. Follow them and you will learn more

https://twitter.com/Mohamed87Khayat
https://twitter.com/GodfatherOrwa

Stay in touch <3

LinkedIn | Blog | Twitter



❌