Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Domain SQL Injector - Find SQL Injection on all sites hosted on server Share/Save - My123World.Com!

  1. #1
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    Domain SQL Injector - Find SQL Injection on all sites hosted on server

    Hey Guys,

    Sharing a private python script - "Domain SQL Injector - Error Based SQLi Tool"

    The script has following features:
    1. Crawling : it can crawl all or requested number of pages on a website
    2. Reverse IP Look Up : it can find all sites hosted on a shared hosting server
    3. Single-Mode Attack : Crawl and find SQLi on single website and report
    4. Mass-Mode Attack : Find all sites hosted on domain, crawl one-by-one, find SQLi on each one-by-one and report
    5. Targets could be skipped while crawling if found too big or irrelevant. Though the script can not be paused but could be skipped to target next site.

    The script was developed as part of a Penetration Test assessment where Mass-Mode attack was required per clients request.

    The Banner
    Code:
    # ./Domain-SQLi-finder.py
    Name:  1.Banner.jpg
Views: 6891
Size:  13.3 KB
    Script Help
    Code:
    ./Domain-SQLi-finder.py -h
    Name:  2.Help.jpg
Views: 6579
Size:  15.9 KB

    Single-Mode Attack - Targeting Single Website

    Code:
    ./Domain-SQLi-finder.py --verbose 1 --url demo.testfire.net --crawl 50 --pages 5 --output testfire-SQLi.txt
    Name:  3.Crawl.jpg
Views: 6589
Size:  19.5 KB
    It crawls all or requested number of pages, finds injectable links, finds injecatable parameters and tests SQLi payloads against each injectable parameter

    Name:  4.SQLi-check-1.jpg
Views: 7035
Size:  19.0 KB

    Mass-Mode Attack - Targeting whole domain


    Code:
    # ./Domain-SQLi-finder.py --verbose 1 --durl demo.testfire.net --crawl 50 --pages 5 --sites 4 --vulsites 2 --output testfire-SQLi.txt
    It starts with reserver IP lookup, if requested, and finds all domains hosted on shared hosting server

    Name:  5.Domain-REverserIPLookup.jpg
Views: 6519
Size:  19.6 KB
    Above you can see 3 domains were found hosted on single server

    Further, script would target each domain one-by-one, crawling, and testing SQLi against them

    Name:  6.Domain-Continue-with-next.jpg
Views: 6372
Size:  11.7 KB
    Crawling....
    Name:  7.Domain-Continue-with-next.jpg
Views: 6431
Size:  13.3 KB
    Usage:

    --verbose : Value 0 would display minimum messages required. Value 1 would display complete progress. By default, vebosity is OFF
    --output : Output file name to hold final result. If not specified, default file with name DSQLiResults.txt will be created under same directory

    Single-Mode Attack:
    --url : takes URL as input
    --crawl : Number of pages on website to crawl (default is set to 500). Chilkat library is used for crawling
    --pages : Number of vulnerable pages (injectable parameters) to find on site (default is 0 i.e. try and find all possible vulnerable pages)

    Mass-Mode Attack:
    --durl : URL of domain
    --sites : Number of sites to scan on domain. Default is 0 i.e scan all.
    --vulsites : Number of vulnerable sites to find before scanning would stop automatically. Default is 0 i.e. try to find all vulnerable sites
    --dcrawl : Number of pages on website to crawl (default is set to 500)
    --dpages : Number of vulnerable pages to find on site. Default is 0 i.e. try and find all possible vulnerable pages.

    --reverse : This option has dual role
    - If specified on command prompt with output file name, script would consider that user has done Reverse-IP lookup already i.e. a file is existing under same directory which has result of reverse-IP lookup and script just needs to read the file. This has another benefit - script doesn't have to do reverse IP lookup whenever fired. Just generate it once and if quitting script in between while targeting domain, the next time user just needs to provide it amended reverseIP Lookup file i.e. remove the already scanned target urls from list.
    - If this option is not specified on command prompt, the script would perform reverse-IP lookup itself



    Script generates few more files during scanning which could be considered as log files, e.g. crawler output file, unique links parsed output file, reverse-IP lookup output file.


    Cheers!

    PS: Part of credit goes to fb1 for not coding the concept upto my requirements else I would not have coded it myself
    Attached Files Attached Files
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  2. #2
    This is speech less tool... Same thing i was trying to add in Fatcat... its restricted in PHP i will add soon WAF
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  3. #3
    Security Researcher fb1h2s's Avatar
    Join Date
    Jul 2010
    Location
    India
    Posts
    616
    Blog Entries
    32
    He he You made an 31337 version of that, I kind of became too lazy at that time, this on looks great, btw non members cnt see the image now also
    Hacking Is a Matter of Time Knowledge and Patience

  4. #4
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by fb1h2s View Post
    He he You made an 31337 version of that, I kind of became too lazy at that time, this on looks great, btw non members cnt see the image now also
    The issue has been fixed. Guests can view all inline images now.
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  5. #5
    Bond Brother this script gives a error on execu

    # python Domain-SQLi-finder.py
    Traceback (most recent call last):
    File "Domain-SQLi-finder.py", line 7, in <module>
    import chilkat, sys, os, argparse, httplib, urlparse, urllib2, re, time, datetime
    ImportError: No module named chilkat
    Solution :O ?

  6. #6
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by Saurav Mishra View Post
    Bond Brother this script gives a error on execu



    Solution :O ?
    Error is self explaining though - it needs "chilkat" library. Get it from here , install and either put code in module directory or add module to python PATH

    Cheers
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  7. #7
    Thank you , Didn't looked at the error carefully

  8. #8
    Awesome !! I was looking for same..

  9. #9
    Very nice script!!! Great idea!!!

  10. #10
    i can't download.. why ?
    can someone tell me?
    it shows this..
    The page you are trying to access is restricted due to a security rule.

    If you believe the security rule is affecting the normal operation of your website,
    you can disable it by adding the following lines to your .htaccess file:

    <IfModule mod_security.c>
    # Turn the filtering engine On or Off
    SecFilterEngine Off
    </IfModule>

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •