检测SQL注入工具:SQLi-Hunter
http://zone.wooyun.org/content/19049from:https://github.com/zt2/sqli-hunter
封装了一个http代理跟sqlmap的api配合检测SQLi。
需要:
Ruby > 2.0.0
sqlmap
安装:
sqlmap
git clone https://github.com/sqlmapproject/sqlmap.git
gem
cd sqli-hunter
gem install bundle
bundle install
使用:
sqli-hunter git:(master) ruby sqli-hunter.rb
_____ _____ __ _ _____ _
| __| |||_|___|||_ _ ___| |_ ___ ___
|__ ||||__| |___| | | | |_| -_|_|
|_____|___|_____|_| |__|__|___|_|_|_| |___|_|
|__|
Usage: sqli-hunter.rb
Common options:
-s, --server Act as a Proxy-Server
-p, --port= Port of the Proxy-Server (default is 8888)
--api-host= Host of the sqlmapapi (default is localhost:8775)
--version Show version
SQLMap options
--random-agent Use randomly selected HTTP User-Agent header value
--threads= Max number of concurrent HTTP(s) requests (default 10)
--dbms= Force back-end DBMS to this value
--os= Force back-end DBMS operating system to this value
--tamper= Use given script(s) for tampering injection data
--level= Level of tests to perform (1-5, default 1)
--risk= Risk of tests to perform (0-3, default 1)
--batch Never ask for user input, use the default behaviour
--mobile Imitate smartphone through HTTP User-Agent header
--smart Conduct through tests only if positive heuristic(s)
开启sqlmapapi
python sqlmapapi.py -s
开启代理服务
ruby sqli-hunter.rb -s -p 8888
配置浏览器的代理
~/Code/SQLi-Hunter(master) ruby sqli-hunter.rb -s -p 8888
INFOWEBrick 1.3.1
INFOruby 2.1.3 (2014-09-19)
INFOWEBrick::HTTPProxyServer#start: pid=9533 port=8888
192.168.3.98 - - "GET http://testphp.vulnweb.com/artists.php?artist=1 HTTP/1.1" 200 5384
- -> http://testphp.vulnweb.com/artists.php?artist=1
[+] Vulnerable: e2f84b1494893827 requestFile: /tmp/c94863efe7bf03459aea27877426dada
然后开搞
python sqlmap.py -r /tmp/c94863efe7bf03459aea27877426dada
页:
[1]