Whitewidow - SQL Vulnerability Scanner

Wednesday, April 27, 2016


Whitewidow is an open source automated SQL vulnerability scanner, that is capable of running through a file list, or can scrape Google for potential vulnerable websites. It allows automatic file formatting, random user agents, IP addresses, server information, multiple SQL injection syntax, and a fun environment. This program was created for learning purposes, and is intended to teach users what vulnerability looks like.

Usage
ruby whitewidow.rb -h Will print the help page
ruby whitewidow.rb -e Will print the examples page
ruby whitewidow.rb -f <path/to/file> Will run Whitewidow through a file, you will not need to provide whitewidow the full path to the file, just provide it the paths within the whitewidow directory itself. Also you will not need a beginning slash, example:
- whitewidow.rb -f tmp/sites.txt #<= CORRECT
- whitewidow.rb -f /home/users/me/whitewidow-1.0.6/tmp/sites.txt #<= INCORRECT
ruby whitewidow.rb -d Will run whitewidow in default mode and scrape Google using the search queries in the lib directory

Dependencies
gem 'mechanize'
gem 'nokogiri', '~> 1.6.7.2'
gem 'rest-client'
gem 'colored'
To install all gem dependencies, follow the following template:
cd whitewidow
bundle install
This should install all gems needed, and will allow you to run the program without trouble.

Misc
Current Version 1.0.6.1
Future updates:
  • Custom user agent
  • Webcrawler to search specified site for vulnerabilities
  • Will be moving all .rb extension files into lib/core directory
  • Advanced searching, meaning multiple pages of Google, along with multiple parameter checking.
  • Ability to detect database type.
  • Using multiple search engines, such as DuckDuckGo, Google, Bing, Yahoo. This will prevent one search engine from taking the multiple searches as a threat and will give further anomity to the program. I will also be adding IP anomity with a built in proxy feature. This feature will ALWAYS be on, and will have a flag (--no-proxy) so That you can decide to not use a proxy.




Subscribe via e-mail for updates!