-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathsqlinjector
More file actions
122 lines (106 loc) · 3.54 KB
/
sqlinjector
File metadata and controls
122 lines (106 loc) · 3.54 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
#!/bin/bash
# Author = "Abhijit Maity"
# Last Update Date = "08-Aug-2016"
echo "Enter preferred choice :"
echo "1. Scan for list of URLs"
echo "2. Scan for list of request files (recommended for POST methods)"
read choice
if [ "$choice" == "1" -o "$choice" == "2" ]
then
if [ "$choice" == "1" ]
then
echo "Enter file with list of URLs"
read list
c=`wc -l $list | cut -d " " -f1`
else
echo "Enter path with request files. Make sure they are normal '.txt' file or 'cat' readable file !!!"
read path
c=`ls $path | wc -l`
fi
if [ "$c" != "0" ]
then
date=`date +%d"-"%m"-"%Y`
mkdir -p "$date"
mkdir -p "$date"/output_details
pwd=`pwd`
echo "File / URL@Parameter@Type@Title@Payload" > "$date"/output_details/output
for (( i=1 ; i <= $c ; i++ ))
do
if [ "$choice" == "1" ]
then
file=`sed -n ''$i'p' $list`
else
file=`ls $path | sed -n ''$i'p'`
fi
echo
echo "Checking File / URL: \"$file\" ..."
time=`date`
echo "$time: Checking File / URL: \"$file\" ..." >> "$date"/sqlinjector.log
if [ "$choice" == "1" ]
then
sqlmap -u "$file" --dbs --batch --output-dir=$pwd/"$date"/$i --timeout 1000000 --random-agent --no-cast --text-only --threads 9 --level 3 > "$date"/$i.log
else
sqlmap -r "$path/$file" --dbs --batch --output-dir=$pwd/"$date"/$i --timeout 1000000 --random-agent --no-cast --text-only --threads 9 --level 3 > "$date"/$i.log
fi
found=`cat "$date"/$i.log | grep "sqlmap identified the following injection points" | wc -l`
if [ "$found" != "0" ]
then
paramc=`cat "$date"/$i.log | grep "Parameter:" -n | wc -l`
for (( j=1 ; j <= $paramc ; j++ ))
do
line=`cat "$date"/$i.log | grep "Parameter:" -n | sed -n ''$j'p' | cut -d ":" -f1`
val1=`cat "$date"/$i.log | sed -n ''$line'p' | cut -d ":" -f2`
line=`expr "$line" + "1"`
val2=`cat "$date"/$i.log | sed -n ''$line'p' | cut -d ":" -f2`
line=`expr "$line" + "1"`
val3=`cat "$date"/$i.log | sed -n ''$line'p' | cut -d ":" -f2`
line=`expr "$line" + "1"`
val4=`cat "$date"/$i.log | sed -n ''$line'p' | cut -d ":" -f2`
echo $file@$val1@$val2@$val3@$val4 >> "$date"/output_details/output
echo "Vulnerable Parameter Details:"
echo "Parameter: $val1"
echo "Type: $val2"
echo "Title: $val3"
echo "Payload: $val4"
time=`date`
echo "$time: Vulnerable Parameter Details:" >> "$date"/sqlinjector.log
echo "$time: Parameter: $val1" >> "$date"/sqlinjector.log
echo "$time: Type: $val2" >> "$date"/sqlinjector.log
echo "$time: Title: $val3" >> "$date"/sqlinjector.log
echo "$time: Payload: $val4" >> "$date"/sqlinjector.log
done
cp "$date"/$i.log "$date"/$i/
if [ "$choice" == "2" ]
then
cp $path/$file "$date"/$i/
fi
cp -r "$date"/$i/ output_details/
else
echo "No Vulnerable Parameters Found !!!"
time=`date`
echo "$time: No Vulnerable Parameters Found !!!" >> "$date"/sqlinjector.log
fi
rm -rf "$date"/$i/
rm "$date"/$i.log
stat=`expr "$c" - "$i"`
echo
time=`date`
echo "$time: $stat Files / URLs left..." >> "$date"/sqlinjector.log
echo "$stat Files / URLs left..."
echo
done
else
echo
time=`date`
echo "$time: Sorry !! No Files / URLs were found !!!" >> "$date"/sqlinjector.log
echo "Sorry !! No Files / URLs were found !!!"
echo
fi
echo
echo "Scanning Complete!!!"
pwd=`pwd`
echo "Please check the folder : '$pwd/$date'"
echo
else
echo "Error - Wrong choice. Please provide correct input !!!"
fi