11 C
Saturday, February 10, 2024

Superior Time-based Blind SQL Injection Fuzzer For HTTP Headers

SqliSniper is a sturdy Python instrument designed to detect time-based blind SQL injections in HTTP request headers. It enhances the safety evaluation course of by quickly scanning and figuring out potential vulnerabilities utilizing multi-threaded, guaranteeing velocity and effectivity. Not like different scanners, SqliSniper is designed to eliminates false positives via and ship alerts upon detection, with the built-in Discord notification performance.

Key Options

  • Time-Based mostly Blind SQL Injection Detection: Pinpoints potential SQL injection vulnerabilities in HTTP headers.
  • Multi-Threaded Scanning: Provides quicker scanning capabilities via concurrent processing.
  • Discord Notifications: Sends alerts through Discord webhook for detected vulnerabilities.
  • False Constructive Checks: Implements response time evaluation to distinguish between true positives and false alarms.
  • Customized Payload and Headers Assist: Permits customers to outline customized payloads and headers for focused scanning.

Set up

git clone https://github.com/danialhalo/SqliSniper.git
cd SqliSniper
chmod +x sqlisniper.py
pip3 set up -r necessities.txt

It will show assist for the instrument. Listed here are all of the choices it helps.

ubuntu:~/sqlisniper$ ./sqlisniper.py -h

███████╗ ██████╗ ██╗ ██╗ ███████╗███╗ ██╗██╗██████╗ ███████╗██████╗
██╔════╝██╔═══██╗██║ ██║ ██╔════╝████╗ ██║██║██╔══██╗██╔════╝██╔══██╗
██████╗██║ ██║██║ ██║ ███████╗██╔██╗ ██║██║██████╔╝█████╗ ██████╔╝
╚════██║██║▄▄ ██║██║ ██║ ╚════██║██║╚██╗██║██║██╔═══╝ ██╔══╝ ██╔══██╗
███████║╚██ ███╔╝███████╗██║ ███████║██║ ╚████║██║██║ ███████╗██║ ██║
╚══════╝ ╚══▀▀═╝ ╚══════╝╚═╝ ╚══════╝╚═╝ ╚═══╝╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝

-: By Muhammad Danial :-

utilization: sqlisniper.py [-h] [-u URL] [-r URLS_FILE] [-p] [--proxy PROXY] [--payload PA YLOAD] [--single-payload SINGLE_PAYLOAD] [--discord DISCORD] [--headers HEADERS]
[--threads THREADS]

Detect SQL injection by sending malicious queries

-h, --help present this assist message and exit
-u URL, --url URL Single URL for the goal
-r URLS_FILE, --urls_file URLS_FILE
File containing a listing of URLs
-p, --pipeline Learn from pipeline
--proxy PROXY Proxy for intercepting requests (e.g.,
--payload PAYLOAD File containing malicious payloads (default is payloads.txt)
--single-payload SINGLE_PAYLOAD
Single payload for testing
--discord DISCORD Discord Webhook URL
--headers HEADERS File containing headers (default is headers.txt)
--threads THREADS Variety of threads

Single Url Scan

The url might be supplied with -u flag for single web site scan

./sqlisniper.py -u http://instance.com

File Enter

The -r flag permits SqliSniper to learn a file containing a number of URLs for simultaneous scanning.

./sqlisniper.py -r url.txt

piping URLs

The SqliSniper may labored with the pipeline enter with -p flag

cat url.txt | ./sqlisniper.py -p

The pipeline characteristic facilitates seamless integration with different instruments. As an illustration, you’ll be able to make the most of instruments like subfinder and httpx, after which pipe their output to SqliSniper for mass scanning.

subfinder -silent -d google.com | kind -u | httpx -silent | ./sqlisniper.py -p

Scanning with customized payloads

By default the SqliSniper use the payloads.txt file. Nonetheless --payload flag can be utilized for offering customized payloads file.

./sqlisniper.py -u http://instance.com --payload mssql_payloads.txt

Whereas utilizing the customized payloads file, be sure that you substitute the sleep time with %__TIME_OUT__%. SqliSniper dynamically adjusts the sleep time iteratively to mitigate potential false positives. The payloads file ought to appear to be this.

ubuntu:~/sqlisniper$ cat payloads.txt 

Scanning with Single Payloads

If you wish to solely check with the one payload --single-payload flag can be utilized. Ensure that to switch the sleep time with %__TIME_OUT__%

./sqlisniper.py -r url.txt --single-payload "0'XOR(if(now()=sysdate(),sleep(%__TIME_OUT__%),0))XOR'Z"

Scanning Customized Header

Headers are saved within the file headers.txt for scanning customized header save the customized HTTP Request Header in headers.txt file.

ubuntu:~/sqlisniper$ cat headers.txt 
Person-Agent: Mozilla/5.0 (Home windows NT 10.0; Win64; x64)

Sending Discord Alert Notifications

SqliSniper additionally presents Discord alert notifications, enhancing its performance by offering real-time alerts via Discord webhooks. This characteristic proves invaluable throughout large-scale scans, permitting immediate notifications upon detection.

./sqlisniper.py -r url.txt --discord <web_hookurl>


Threads might be outlined with --threads flag

 ./sqlisniper.py -r url.txt --threads 10

Be aware: It’s essential to contemplate that using a better variety of threads would possibly result in potential false positives or overlooking legitimate points. Because of the nature of time-based SQL injection it is strongly recommended to make use of decrease thread for extra correct detection.

Latest news
Related news


Please enter your comment!
Please enter your name here