A simple sqlmap api wrapper and proxy server
Switch branches/tags
Nothing to show
Clone or download
zt2
zt2 bug fixed
Latest commit b5ba5d2 Jun 30, 2015
Permalink
Failed to load latest commit information.
lib bug fixed Jun 30, 2015
.gitignore Add included-host params May 29, 2015
Gemfile 1.0 release May 7, 2015
Gemfile.lock 1.0 release May 7, 2015
README.md Update README.md May 7, 2015
sqli-hunter.rb 1.0 release May 7, 2015

README.md

SQLi-Hunter

SQLi-Hunter is a simple HTTP proxy server and a sqlmap api wrapper that makes dig SQLi easily.

0x0 Requirement

  • Ruby: > 2.0.0
  • sqlmap

0x1 Installation

git clone https://github.com/sqlmapproject/sqlmap.git
git clone https://github.com/zt2/sqli-hunter.git
cd sqli-hunter
gem install bundle
bundle install

0x2 Usage

➜  sqli-hunter git:(master) ruby sqli-hunter.rb 

 _____ _____ __    _     _____         _
|   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___
|__   |  |  |  |__| |___|     | | |   |  _| -_|  _|
|_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|
         |__|

      sqlmap api wrapper by ztz (ztz@ztz.me)

Usage: sqli-hunter.rb [options]

Common options:
    -p, --port=<PORT>                Port of the Proxy-Server (default is 8888)
        --api-host=<HOST>            Host of the sqlmapapi (default is localhost:8775)
    -s, --save=<SAVE PATH>           Specify the path for request files (default is /tmp)
    -v <VERBOSE>                     Verbosity level: 0-3 (default 1)
        --version                    Show version

sqlmap options
        --technique=<TECH>           SQL injection techniques to use (default "BEUSTQ")
        --threads=<THREADS>          Max number of concurrent HTTP(s) requests (default 5)
        --dbms=<DBMS>                Force back-end DBMS to this value
        --os=<OS>                    Force back-end DBMS operating system to this value
        --tamper=<TAMPER>            Use given script(s) for tampering injection data
        --level=<LEVEL>              Level of tests to perform (1-5, default 1)
        --risk=<RISK>                Risk of tests to perform (0-3, default 1)
        --mobile                     Imitate smartphone through HTTP User-Agent header
        --smart                      Conduct through tests only if positive heuristic(s)

start sqlmap api

python sqlmapapi.py -s

start sqli-hunter proxy server

ruby sqli-hunter.rb -p 8888

configure proxy server settings in your browser

➜  sqli-hunter git:(master) ruby sqli-hunter.rb -v 2 --dbms=mysql --threads=10 

 _____ _____ __    _     _____         _
|   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___
|__   |  |  |  |__| |___|     | | |   |  _| -_|  _|
|_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|
         |__|

      sqlmap api wrapper by ztz (ztz@ztz.me)

[00:59:18] Proxy server started... listening on port 8888
[00:59:23] POST http://testphp.vulnweb.com/search.php?test=query HTTP/1.1
[00:59:23] Saving to /private/tmp/96c915d5fe6becf373e2095cfa2da458
[00:59:24] [0d8f471e77a3bd65] Create task
[00:59:24] [0d8f471e77a3bd65] Set options success
[00:59:24] [0d8f471e77a3bd65] Task running
[00:59:27] [0d8f471e77a3bd65] Fetching result
[00:59:27] [0d8f471e77a3bd65] Task vulnerable, use "sqlmap -r /private/tmp/96c915d5fe6becf373e2095cfa2da458" to exploit
[00:59:33] GET http://testphp.vulnweb.com/artists.php HTTP/1.1
[00:59:33] Saving to /private/tmp/1a5669ae3c25b5b952b2667f11d9becc
[00:59:33] [bf9b7e10f9d04559] Create task
[00:59:33] [bf9b7e10f9d04559] Set options success
[00:59:33] [bf9b7e10f9d04559] Task running
[00:59:36] [bf9b7e10f9d04559] Fetching result
[00:59:36] [bf9b7e10f9d04559] All tested parameters appear to be not injectable

use sqlmap -r /private/tmp/96c915d5fe6becf373e2095cfa2da458 to exploit