PRINT
PRINT
SEND MAIL
SEND MAIL
Automatic SQL InjectionAutoSQLiCommand LineCyberwarDork ScanningInjection toolMacNEW TOOLSsql injectionSQLiTORWebsites Vulnerable

AutoSQLi – An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap

Want create site? Find Free WordPress Themes and plugins.

An Automatic SQL Injection Tool Which Takes Advantage Of ~DorkNet~ Googler, Ddgr, WhatWaf And Sqlmap.

Features

  • Save System – there is a complete save system, which can resume even when your pc crashed. – technology is cool
  • Dorking – from the command line ( one dork ): YES – from a file: NO – from an interactive wizard: YES
  • Waffing – Thanks to Ekultek, WhatWaf now has a JSON output function. – So it’s mostly finished 🙂 – UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
  • Sqlmapping – I’ll look if there is some sort of sqlmap API, because I don’t wanna use execute this time (: – Sqlmap is cool
  • REPORTING: YES
  • Rest API: NOPE

TODO:

  • Log handling (logging with different levels, cleanly)
  • Translate output (option to translate the save, which is in pickle format, to a json/csv save)
  • Spellcheck (correct wrongly spelled words and conjugational errors. I’m on Neovim right now and there is no auto-spelling check)

The Plan
This plan is a bit outdated, but it will follow this idea

  1. AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
  2. To find vulnerable websites, the users firstly provide a dork DOrking, which is passed to findDorks.py, which returns a list of URLs corresponding to it.
  3. Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT’s –smart and –batch function ) to verify if the application is protected by a Waf, or if one of it’s parameters is vulnerable.
  4. Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
  5. Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !

Tor
Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.

Did you find apk for android? You can find new Free Android Games and apps.
Tags: