OP 29 December, 2023 - 08:34 AM
This tool is designed for ethical hacking purposes, specifically for detecting and exploiting SQL injection vulnerabilities in MySQL databases. It automates the process of detecting vulnerabilities, extracting data, and logging activities, which can be used for analysis and reporting.
code to follow along with:
How the Tool Works
code to follow along with:
How the Tool Works
- Vulnerability Detection:
- The tool first tests if a given URL with a query parameter is vulnerable to SQL injection.
- It uses a test string to modify the SQL query and observes the response.
- The tool first tests if a given URL with a query parameter is vulnerable to SQL injection.
- Data Extraction:
- If a vulnerability is detected, the tool then attempts to extract data from the database.
- This is achieved through SQL queries that are injected via the same vulnerable parameter.
- If a vulnerability is detected, the tool then attempts to extract data from the database.
- Logging:
- All actions, findings, and potential errors are logged.
- The log file () serves as a record of the tool’s activity and findings.Code:
sql_injection_report.log
- All actions, findings, and potential errors are logged.
- Setup:
- Ensure Python is installed on the system.
- Install required Python libraries:andCode:
requests
(BeautifulSoup).Code:bs4
- Ensure Python is installed on the system.
- Running the Tool:
- Modify theandCode:
url
variables at the bottom of the script to the target URL and vulnerable parameter.Code:param
- Run the script in a Python environment.
- Modify the
- Interpreting Results:
- Check the console for immediate outputs.
- Review thefor detailed activity logs.Code:
sql_injection_report.log
- Check the console for immediate outputs.
- Custom Queries:
- Customize or add new SQL queries in thefunction for different types of data extraction.Code:
extract_data
- Customize or add new SQL queries in the