tThis tool is designed for ethical hacking purposes, specifically for detecting and exploiting SQL injection vulnerabilities in MySQL databases. It automates the process of detecting vulnerabilities, extracting data, and logging activities, which can be used for analysis and reporting.
code to follow along with:
How the Tool Works
- Vulnerability Detection:
- The tool first tests if a given URL with a query parameter is vulnerable to SQL injection.
- It uses a test string to modify the SQL query and observes the response.
- Data Extraction:
- If a vulnerability is detected, the tool then attempts to extract data from the database.
- This is achieved through SQL queries that are injected via the same vulnerable parameter.
- Logging:
- All actions, findings, and potential errors are logged.
- The log file (
Code:
sql_injection_report.log
Usage Guide
- Setup:
- Ensure Python is installed on the system.
- Install required Python libraries: and
(BeautifulSoup).
- Running the Tool:
- Modify the and
variables at the bottom of the script to the target URL and vulnerable parameter.
- Run the script in a Python environment.
- Interpreting Results:
- Check the console for immediate outputs.
- Review the
Code:
sql_injection_report.log
- Custom Queries:
- Customize or add new SQL queries in the function for different types of data extraction.
