03 April, 2024 - 04:39 AM
(29 December, 2023 - 08:34 AM)iot1337 Wrote: Show MoreThis tool is designed for ethical hacking purposes, specifically for detecting and exploiting SQL injection vulnerabilities in MySQL databases. It automates the process of detecting vulnerabilities, extracting data, and logging activities, which can be used for analysis and reporting.
code to follow along with:
How the Tool Works
Usage Guide
- Vulnerability Detection:
- The tool first tests if a given URL with a query parameter is vulnerable to SQL injection.
- It uses a test string to modify the SQL query and observes the response.
- Data Extraction:
- If a vulnerability is detected, the tool then attempts to extract data from the database.
- This is achieved through SQL queries that are injected via the same vulnerable parameter.
- Logging:
- All actions, findings, and potential errors are logged.
- The log file (
) serves as a record of the tool’s activity and findings.Code:sql_injection_report.log
- Setup:
- Ensure Python is installed on the system.
- Install required Python libraries:
andCode:requests
(BeautifulSoup).Code:bs4
- Running the Tool:
- Modify the
andCode:url
variables at the bottom of the script to the target URL and vulnerable parameter.Code:param
- Run the script in a Python environment.
- Interpreting Results:
- Check the console for immediate outputs.
- Review the
for detailed activity logs.Code:sql_injection_report.log
- Custom Queries:
- Customize or add new SQL queries in the
function for different types of data extraction.Code:extract_data
sfgfsg