Locked SQLReInjector

[sQuo]

SQLReInjector

A tool for automated identification of exfiltrated data

 

 

SQLReInjector.py is designed as a tool to be used in responses to SQL injection attacks. At a high level, the tool is designed to operate against two components: (1) a virtual machine built off of a forensic image of a compromised server; and (2) the web server logs extracted from that forensic image.

 

 

Basic Usage:

 

Output is stored in a sqlite database that you can then analyze.

After virtualizing the forensic image and extracting the web server logs, SQLReInjector.py can be run with the following command line options:

 

-i --inLog : The web server log containing the SQL injection requests.

-d --dbFile : A sqlite database file the script will use to store its OUTPUT.

-w --website : The URL to the virtualized forensic image.

-l --logFormat : The LogFormat string from the web server's configuration file.

 

Advanced Usage:

 

SQLReInjector can take the following command line arguments:

 

-j --havijParser Pass to have SQLReInjector reconstruct the database table as exfiltrated by Havij.

-c --compareToGood : Pass to have SQL ReInjector compare the results of SQL injection requests against a known good.

-k --knownGood : The local HTML copy of a known good version of the attacked site to use for diffs.

-e --cookie : If the webapp requires a session cookie, you can pass one to SQL ReInjector.

The -c and -k flags have to be passed together. The -k flag should point to a local HTML copy of the website that hasn't been affected by an attack.

 

 

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

[skyblu]

Re: SQLReInjector

 

Muy buena aplicación hermano

Edited October 8, 2012 by skyblu

[kestrel]

Re: SQLReInjector

 

thanks hum

[d3koder]

Re: SQLReInjector

 

buena maquina amigo!