Locked Sqlifuzzer v0.6 - Command Line SQL Injection Web Scanner

[sQuo]

This is the hidden content, please

• Sign In
• or
• Sign Up

 

sqlifuzzer is a command line scanner that seeks to identify SQL injection vulnerabilities. It parses Burp logs to create a list of fuzzable requests... then fuzzes them.

What is sqlifuzzer?

 

It's a wrapper for curl written in bash. It's also a tool that can be used to remotely identify SQL (and XPath) injection vulnerabilities. It does this by sending a range of injection payloads and examining the responses for signs of 'injectability'. If a parameter appears to be vulnerable, sqlifuzzer sends exploit payloads to extract data.

Like almost all web app scanners, sqlifuzzer includes OR 1=1 payloads; this means that there is a significant risk of data destruction, Denial of Service, and/or other undesirable implications for any host (or intermediary device) scanned using sqlifuzzer. sqlifuzzer is beta; don't use it in an environment that matters to you or anyone else. Do not use sqlifuzzer to scan hosts without the owner's permission.

 

Features :

 

Payloads/tests for numeric, string, error and time-based SQL injection

Support for MSSQL, MYSQL and Oracle DBMS's

Automated testing of 'tricky' parameters like POST URL query and mulipart form parameters

A range of filter evasion options:

case variation, nesting, double URL encoding, comments for spaces, 'like' for 'equals' operator, intermediary characters, null and CRLF prefixes, HTTP method swapping (GETs become POSTs / POSTs become GETs)

ORDER BY and UNION SELECT tests on vulnerable parameters to:

enumerate select query column numbers

identify data-type string columns in select queries

extract database schema and configuration information

Conditional tests to extract DBMS info when data extraction via UNION SELECT fails (i.e. no string type columns)

Time delay based tests to extract DBMS info when data extraction via conditional methods fails (i.e. fully blind scenarios)

Boolean response-based XPath injection testing and data extraction

Support for automated detection and testing of parameters in POST URIs and multipart forms

Scan 'state' maintenance:

Halt a scan at any time - scan progress is saved and you can easily resume a scan from the URL where you stopped

Specify a specific request number to resume a scan from

Optional exclusion of a customizable list of parameters from scanning scope

Tracking of parameters scanned and avoidance of re-scanning scanned parameters

HTML format output with:

links/buttons to send Proof of Concept SQL injection requests

links to response difference files and to extracted data

 

Download :

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Changelog V-0.6 : Fixed a bug preventing time based exploitation from being triggered