Skip to content
/ SQLBrute Public

Bruteforcing blind SQL injections based on a web request from an intercepting proxy (burp for instance)

Notifications You must be signed in to change notification settings

GKNSB/SQLBrute

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Python script to bruteforce data of databases in case of blind sql injections.

Parses an http(s) request and bruteforces in the given points finding one char at a time.
Will look for either a delay (in case of time-based) or some text (string indicating true statement).

Delay between requests and proxy usage hardcoded for now. Still needs much work.

usage example:
	python sqlbrute.py -i <inputfile> -s <sqlitype> [-t <textmatch>|-d <timedelay>]
Arguments:
 -i, --ifile        Input file. Defines the file containing your request.
 -s, --sqlitype     SQL injection type. Can be either "text" or "time".
 -t, --text         Should be defined if sqlitype="text". The text to look for in a true response
 -d, --delay        Should be defined if sqlitype="time". The time delay a response will have if true.

About

Bruteforcing blind SQL injections based on a web request from an intercepting proxy (burp for instance)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages