Skip to content
This repository was archived by the owner on Apr 17, 2021. It is now read-only.
/ AutoSQLi Public archive

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

271 stars 64 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

clouedoc/AutoSQLi

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

clouedocclouedoc
Update README.md
Apr 16, 2021
39a87f0 · Apr 16, 2021

History

80 Commits
.github/ISSUE_TEMPLATE
.github/ISSUE_TEMPLATE
May 14, 2018
WhatWaf @ 73bdbe9
WhatWaf @ 73bdbe9
May 25, 2018
autosqli
autosqli
May 25, 2018
ddgr @ b18c6fc
ddgr @ b18c6fc
Apr 28, 2018
googler @ 7691f30
googler @ 7691f30
May 10, 2018
sqlmap @ 331ccc5
sqlmap @ 331ccc5
May 18, 2018
tampers
tampers
May 24, 2018
.DS_Store
.DS_Store
May 21, 2018
.gitignore
.gitignore
May 25, 2018
.gitmodules
.gitmodules
Apr 28, 2018
README.md
README.md
Apr 16, 2021
autosqli.py
autosqli.py
May 16, 2018
install.sh
install.sh
May 21, 2018
requirements.txt
requirements.txt
May 16, 2018

Repository files navigation

AutoSQLi, the new way script-kiddies hack websites

Features

  • Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool
  • Dorking - from the command line ( one dork ): YES - from a file: NO - from an interactive wizard: YES
  • Waffing - Thanks to Ekultek, WhatWaf now has a JSON output function. - So it's mostly finished :) - UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
  • Sqlmapping - I'll look if there is some sort of sqlmap API, because I don't wanna use execute this time (: - Sqlmap is cool
  • REPORTING: YES
  • Rest API: NOPE

TODO:

  • Log handling (logging with different levels, cleanly)
  • Translate output (option to translate the save, which is in pickle format, to a json/csv save)
  • Spellcheck (correct wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check)

The Plan

This plan is a bit outdated, but it will follow this idea

  1. AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
  2. To find vulnerable websites, the users firstly provide a dork DOrking, which is passed to findDorks.py, which returns a list of URLs corresponding to it.
  3. Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.
  4. Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
  5. Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !

Tor

Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.

FAQ

Cool :)

Thanks

It looks like SQLiDumper, no ?

Yeah, I know.

Don't mess up

This project is for demonstration purposes. Nobody should ever run AutoSQLi. Really. Hacking into DB's is fun, but you know, there are guys just like you and me who don't want to get their entire work messed up. You don't to make them pull out their hairs, ya?

About

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Topics

python osint tor waf sql-injection infosec l33t automated sqlmap cyberwar dork-scanning websites-vulnerable

Resources

Readme
Activity

Stars

271 stars

Watchers

16 watching

Forks

64 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

Languages