http://zone.wooyun.org/content/19049
from:https://github.com/zt2/sqli-hunter
封装了一个http代理跟sqlmap的api配合检测SQLi。
需要: Ruby > 2.0.0
sqlmap
安装:
sqlmap git clone https://github.com/sqlmapproject/sqlmap.git
gem cd sqli-hunter
gem install bundle
bundle install
使用: sqli-hunter git:(master) ruby sqli-hunter.rb
_____ _____ __ _ _____ _
| __| | | |_|___| | |_ _ ___| |_ ___ ___
|__ | | | |__| |___| | | | | _| -_| _|
|_____|__ _|_____|_| |__|__|___|_|_|_| |___|_|
|__|
Usage: sqli-hunter.rb [options]
Common options:
-s, --server Act as a Proxy-Server
-p, --port=<PORT> Port of the Proxy-Server (default is 8888)
--api-host=<HOST> Host of the sqlmapapi (default is localhost:8775)
--version Show version
SQLMap options
--random-agent Use randomly selected HTTP User-Agent header value
--threads=<THREADS> Max number of concurrent HTTP(s) requests (default 10)
--dbms=<DBMS> Force back-end DBMS to this value
--os=<OS> Force back-end DBMS operating system to this value
--tamper=<TAMPER> Use given script(s) for tampering injection data
--level=<LEVEL> Level of tests to perform (1-5, default 1)
--risk=<RISK> Risk of tests to perform (0-3, default 1)
--batch Never ask for user input, use the default behaviour
--mobile Imitate smartphone through HTTP User-Agent header
--smart Conduct through tests only if positive heuristic(s)
开启sqlmapapi python sqlmapapi.py -s
开启代理服务 ruby sqli-hunter.rb -s -p 8888
配置浏览器的代理 ~/Code/SQLi-Hunter(master) ruby sqli-hunter.rb -s -p 8888
[2015-01-08 17:17:27] INFO WEBrick 1.3.1
[2015-01-08 17:17:27] INFO ruby 2.1.3 (2014-09-19) [x86_64-linux]
[2015-01-08 17:17:27] INFO WEBrick::HTTPProxyServer#start: pid=9533 port=8888
192.168.3.98 - - [08/Jan/2015:17:17:31 HKT] "GET http://testphp.vulnweb.com/artists.php?artist=1 HTTP/1.1" 200 5384
- -> http://testphp.vulnweb.com/artists.php?artist=1
[+] Vulnerable: e2f84b1494893827 requestFile: /tmp/c94863efe7bf03459aea27877426dada
然后开搞 python sqlmap.py -r /tmp/c94863efe7bf03459aea27877426dada
转载于:https://blog.51cto.com/webrobot/1669886
扫一扫
275
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
