Automatic SQL injection with Charles and sqlmap api
Switch branches/tags
Nothing to show
Clone or download
Latest commit 4dfce46 Sep 22, 2017

README.md

SQLiScanner

GitHub issues GitHub forks GitHub stars Python 3.x GitHub license

Automatic SQL injection with Charles and sqlmapapi

中文版说明文档点这里

Introduction

Automatic SQL injection with Charles and sqlmapapi

Dependencies

  • Django
  • PostgreSQL
  • Celery
  • sqlmap
  • redis

Supported platforms

  • Linux
  • osx

Screenshots

Installation

Preferably, you can download SQLiScanner by cloning the Git repository:

git clone https://github.com/0xbug/SQLiScanner.git --depth 1

You can download sqlmap by cloning the Git repository:

git clone https://github.com/sqlmapproject/sqlmap.git --depth 1

SQLiScanner works with Python version 3.x on Linux and osx.

Create virtualenv and install requirements

cd SQLiScanner/
virtualenv --python=/usr/local/bin/python3.5 venv
source venv/bin/activate
pip install -r requirements.txt

Setting

DATABASES Setting

SQLiScanner/settings.py:85
DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.postgresql',
        'NAME': '',
        'USER': '',
        'PASSWORD': '',
        'HOST': '127.0.0.1',
        'PORT': '5432',
    }
}

SendEmail Setting

SQLiScanner/settings.py:158
# Email

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_USE_TLS = False
EMAIL_HOST = ''
EMAIL_PORT = 25
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
DEFAULT_FROM_EMAIL = ''
scanner/tasks.py:14
class SqlScanTask(object):
    def __init__(self, sqli_obj):
        self.api_url = "http://127.0.0.1:8775"
        self.mail_from = ""
        self.mail_to = [""]

Syncdb

python manage.py makemigrations scanner
python manage.py migrate

Create superuser

python manage.py createsuperuser

Run

redis-server
python sqlmapapi.py -s -p 8775
python manage.py celery worker --loglevel=info
python manage.py runserver