Skip to content
This repository has been archived by the owner on Apr 17, 2021. It is now read-only.

clouedoc/AutoSQLi

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
.github/ISSUE_TEMPLATE
Grammar
May 13, 2018 20:38
WhatWaf @ 73bdbe9
WIP
May 25, 2018 22:28
autosqli
WIP
May 25, 2018 22:28
ddgr @ b18c6fc
WIP: dorking :)
April 28, 2018 19:16
googler @ 7691f30
Well, the waf stage is mostly finished !
May 10, 2018 23:19
sqlmap @ 331ccc5
Updating sqlmap
May 18, 2018 22:55
tampers
Now, whatwaf will use our custom which are stored in tampers/whitelisted
May 24, 2018 19:14
.DS_Store
added the structure to easy white-list tampers
May 21, 2018 21:35
.gitignore
gitignore
May 25, 2018 22:29
.gitmodules
removing unused submodule
April 28, 2018 19:18
README.md
Update README.md
April 16, 2021 18:59
autosqli.py
removing breakpoint
May 16, 2018 23:14
install.sh
Update install.sh
May 21, 2018 09:41
requirements.txt
switching debuger to pudb
May 16, 2018 20:54
AutoSQLi, the new way script-kiddies hack websites Features TODO: The Plan Tor FAQ Cool :) It looks like SQLiDumper, no ? Don't mess up

README.md

AutoSQLi, the new way script-kiddies hack websites

Features

  • Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool
  • Dorking - from the command line ( one dork ): YES - from a file: NO - from an interactive wizard: YES
  • Waffing - Thanks to Ekultek, WhatWaf now has a JSON output function. - So it's mostly finished :) - UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
  • Sqlmapping - I'll look if there is some sort of sqlmap API, because I don't wanna use execute this time (: - Sqlmap is cool
  • REPORTING: YES
  • Rest API: NOPE

TODO:

  • Log handling (logging with different levels, cleanly)
  • Translate output (option to translate the save, which is in pickle format, to a json/csv save)
  • Spellcheck (correct wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check)

The Plan

This plan is a bit outdated, but it will follow this idea

  1. AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
  2. To find vulnerable websites, the users firstly provide a dork DOrking, which is passed to findDorks.py, which returns a list of URLs corresponding to it.
  3. Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.
  4. Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
  5. Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !

Tor

Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.

FAQ

Cool :)

Thanks

It looks like SQLiDumper, no ?

Yeah, I know.

Don't mess up

This project is for demonstration purposes. Nobody should ever run AutoSQLi. Really. Hacking into DB's is fun, but you know, there are guys just like you and me who don't want to get their entire work messed up. You don't to make them pull out their hairs, ya?

About

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Topics

python osint tor waf sql-injection infosec l33t automated sqlmap cyberwar dork-scanning websites-vulnerable

Resources

Readme
Activity

Stars

260 stars

Watchers

16 watching

Forks

65 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 4

Languages