Giters

PH4N70MX864 / go-sqlmap

随便写了个简易版sqlmap

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

go-sqlmap

介绍

  • 请把这个项目当成学习SQL注入的小玩具,它并没有太多的实际价值
  • sqlmap:渗透测试界的神器,这是一个简单的sqlmap
  • 使用Golang重写的原因:高效、生成可执行文件直接运行、无需搭建环境等
  • 测试通过sqli-lab部分关卡
  • 目前仅支持GET请求和MySQL数据库,支持Union注入、报错注入和布尔盲注
  • 检测是否存在SQL注入的部分不准确,希望有大佬可以帮忙改进

Introduce

  • Sqlmap is a famous tool in penetration testing field, and this is a simple sqlmap
  • The reasons for using golang rewriting are: high efficiency, generating executable files to run directly, etc
  • At present, sqli-labs(https://github.com/Audi-1/sqli-labs) can be successfully injected into the first eight levels
  • Union Select Injection,Updatexml and Polygon Error Based Injection and Bool Blind Injection are currently supported

Instructions

  • Use-u http://xxx/index.php?id=1Do Injection(By default, the version and all database names are probed)
  • Use-D securitySpecify the specific database for injection to obtain all tables(such as security database)
  • Use-D security -T usersSpecify database and table names to get all field names(such as users table of security database)
  • Use-D security -T users -C id,username,passwordGet all the data of the three fields in the users table
  • Use--technique USpecifies to use union select injection(sqli-labs 1,2,3,4)
  • Use--technique ESpecifies to use error based injection(sqli-lbs 5,6)
  • Use--technique BSpecifies to use bool blind injection(sqli-labs 8)
  • Use--betaParameter to activate the polygon error function(use updatexml by default because it is more stable)

图片

  • Union Select Injection

  • Error Based Injection

  • Bool Blind Injection

Quick Start

Download

go-sqlmap.exe -u http://sqlilab-ip/Less-1/?id=1 -D security -T users -C id,username,password --technique U

API

  • import
go get github.com/EmYiQing/go-sqlmap

or

go get github.com/EmYiQing/go-sqlmap@v0.1.0
  • code
package main

import (
	sqlmap "github.com/EmYiQing/go-sqlmap/api"
	"github.com/EmYiQing/go-sqlmap/input"
)

func main() {
	opts := input.Input{
		Beta:      false,
		Url:       "http://192.168.222.129:81/Less-1/?id=1",
		Database:  "security",
		Table:     "users",
		Columns:   []string{"id", "username", "password"},
		Technique: []string{"U"},
		Param:     "id",
	}
	instance := sqlmap.NewScanner(opts)
	instance.Run()
}

About

随便写了个简易版sqlmap

License:Apache License 2.0

Languages

Language:Go 100.0%