clouedoc / autosqli Goto Github PK

View Code? Open in Web Editor NEW

263.0 16.0 66.0 153 KB

An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.

Python 99.61% Shell 0.39%

python tor sqlmap waf sql-injection websites-vulnerable dork-scanning automated infosec cyberwar

autosqli's Introduction

AutoSQLi, the new way script-kiddies hack websites

Features

Save System - there is a complete save system, which can resume even when your pc crashed. - technology is cool
Dorking - from the command line ( one dork ): YES - from a file: NO - from an interactive wizard: YES
Waffing - Thanks to Ekultek, WhatWaf now has a JSON output function. - So it's mostly finished :) - UPDATE: WhatWaf is completly working with AutoSQLi. Sqlmap is the next big step
Sqlmapping - I'll look if there is some sort of sqlmap API, because I don't wanna use execute this time (: - Sqlmap is cool
REPORTING: YES
Rest API: NOPE

TODO:

Log handling (logging with different levels, cleanly)
Translate output (option to translate the save, which is in pickle format, to a json/csv save)
Spellcheck (correct wrongly spelled words and conjugational errors. I'm on Neovim right now and there is no auto-spelling check)

The Plan

This plan is a bit outdated, but it will follow this idea

AutoSQLi will be a python application which will, automatically, using a dork provided by the user, return a list of websites vulnerable to a SQL injection.
To find vulnerable websites, the users firstly provide a dork DOrking, which is passed to findDorks.py, which returns a list of URLs corresponding to it.
Then, AutoSQLi will do some very basic checks ( TODO: MAYBE USING SQLMAP AND IT's --smart and --batch function ) to verify if the application is protected by a Waf, or if one of it's parameters is vulnerable.
Sometimes, websites are protected by a Web Application Firewall, or in short, a WAF. To identify and get around of these WAFs, AutoSQLi will use WhatWaf.
Finally, AutoSQLi will exploit the website using sqlmap, and give the choice to do whatever he wants !

Tor

Also, AutoSQLi should work using Tor by default. So it should check for tor availiability on startup.

FAQ

Cool :)

Thanks

It looks like SQLiDumper, no ?

Yeah, I know.

Don't mess up

This project is for demonstration purposes. Nobody should ever run AutoSQLi. Really. Hacking into DB's is fun, but you know, there are guys just like you and me who don't want to get their entire work messed up. You don't to make them pull out their hairs, ya?

autosqli's People

Contributors

Stargazers

Watchers

autosqli's Issues

Issue with dorking

[DEBUG] Loading save...
[DEBUG] current_save.stage in main(): 0
[DEBUG] Getting into the next stage
[DEBUG] Launching the dork stage
[DEBUG] interactively querying dork
[INFO] Enter a dork:
dork: "inurl:php?id=10"
 |__ dork: "inurl:php?id=10"
   |__ googly dorking...
[DEBUG] command: ['bash -c \' googler/googler -n 100 "inurl:php?id=10" --noprompt --json\'']; cwd: None; timeout: None; shellmode: True
bash: googler/googler: No such file or directory
Traceback (most recent call last):
  File "autosqli.py", line 46, in <module>
    main()
  File "autosqli.py", line 35, in main
    need_to_continue = stages.nextStage(args)
  File "/Users/admin/bin/tools/AutoSQLi/autosqli/stages.py", line 58, in nextStage
    launchDorkStage(args)
  File "/Users/admin/bin/tools/AutoSQLi/autosqli/stages.py", line 19, in launchDorkStage
    dork_stage(args)
  File "/Users/admin/bin/tools/AutoSQLi/autosqli/dork_stage.py", line 51, in dork_stage
    search_dork(dorks)
  File "/Users/admin/bin/tools/AutoSQLi/autosqli/dork_stage.py", line 12, in search_dork
    return find_dorks.dorkLines(dorks)
  File "/Users/admin/bin/tools/AutoSQLi/autosqli/find_dorks.py", line 55, in dorkLines
    result_clean = json.loads(result)
  File "/usr/local/Cellar/python/3.6.5/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/__init__.py", line 354, in loads
    return _default_decoder.decode(s)
  File "/usr/local/Cellar/python/3.6.5/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 339, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/local/Cellar/python/3.6.5/Frameworks/Python.framework/Versions/3.6/lib/python3.6/json/decoder.py", line 357, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

get databases banners

currently using GitHub as a note platform

tampers white-list; use sqlmap tampers

~~Hola, currently a lot of tampers are used.~~
~~The problem is that some tampers only works with some db and some are not needed in our case ( like the base64encode one )~~

~~If you've a suggestion of tamper to blacklist, I would be glad you post it here.~~

I'm thinking that AutoSQLI should adopt a white-list way of getting tampers.
And I may get rid of the custom WhatWaf tampers (even if they are proven to be effective), because they don't have a priority level assigned to them

Threading things up

I think it would be possible to thread up things, because on fast connections but slow websites, sqlmap and/or whatwaf could hang a lot, wasting time btw.

Idea:

Launch another thread/process (?) if the other didn't finished in a delimited time

Detect when google and/or duckduckgo detects suspicious activities

ImportError: cannot import name save

Traceback (most recent call last):
  File "autosqli.py", line 7, in <module>
    from autosqli import save
  File "/root/AutoSQLi/autosqli/save.py", line 3, in <module>
    from autosqli import stages
  File "/root/AutoSQLi/autosqli/stages.py", line 4, in <module>
    from autosqli import save
ImportError: cannot import name save

Sqlmap dump issue

I am getting a problem while dumping db its backend is postgresql and i gave sqlmap command
--random-user - - no-cast - -timeout-sec=30 - - schema - - D db - - T table - - C column - - dump it has retrived all the calumns db names and tabels also - - banner but the problem is when i try to dump a column by using above command it start dumping all db rather the table and columns i mentiond in the command its too much time consuming to dump all db please help..

General Discussion Thread. Say `Hi.`

Sorry for cluttering up your ticket feed. Your code base has changed a lot since last i checked it, I was wondering are you still incorporating DorkNet or features derived from DorkNet? And if so, if you made some cool improvements, consider opening a Pull Request. At my repo:

https://github.com/NullArray/DorkNet

Of course you will be accredited for any contributions. Acknowledgements are important.

Also;

When I woke up this morning, someone said that a guy by the name of NullArray tweeted about this project. 11 stars later, it makes me want to finish it more than ever !

I'm actually VectorSEC on Twitter. I know, confusing. If you want we could make this the General Discussion Thread like we had with AutoSploit

Lemme know. See you on Discord.

local variable 'dorks' referenced before assignment

I got this message when trying to use this cmd : python3 autosqli.py -f /root/Desktop/dork.txt

Traceback (most recent call last):
File "autosqli.py", line 46, in
main()
File "autosqli.py", line 35, in main
need_to_continue = stages.nextStage(args)
File "/root/Desktop/AutoSQLi/autosqli/stages.py", line 58, in nextStage
launchDorkStage(args)
File "/root/Desktop/AutoSQLi/autosqli/stages.py", line 19, in launchDorkStage
dork_stage(args)
File "/root/Desktop/AutoSQLi/autosqli/dork_stage.py", line 48, in dork_stage
dorks = getdorks(args)
File "/root/Desktop/AutoSQLi/autosqli/dork_stage.py", line 41, in getdorks
return dorks
UnboundLocalError: local variable 'dorks' referenced before assignment

-D option ( only dork mode )

the -D ( uppercase "d" ) should allow to enter the dork stage only and exit. It would allow the use of multiple dorklists, and permit to obtain more urls ( via a different ip, per example )

parse sqlmap report

Yaaaaa !

Fix the fact find_dorks waits 15 seconds to avoid a ban even if there isn't any query following

Proxylist support

AutoSQLi should be able to select a proxy from a list given by the user. It would allow to bypass rate-restrictions of DuckDuckGo and Google

Check for duplicated urls

Sometimes, the same url can show up on different search engines.
The oldest Target should be kept.

Remove the camelCase of functions everywhere

To conform with the PEP8

Sqlmap API hook integration

here is a sqlmap API hook that can be used, you’ll need to figure out how to leverage it with your system and how to call sqlmap but it should work

How is this tool used?

python3 autosqli.py --dork site:cn inurl:index.php?id=

Installation problem

root@Dork:/AutoSQLi# pip install -r requirements.txt
Requirement already satisfied: pudb in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (2019.1)
Requirement already satisfied: argparse in /usr/lib/python2.7 (from -r requirements.txt (line 2)) (1.2.1)
Requirement already satisfied: psutil in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3)) (5.6.2)
Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages/requests-2.5.0-py2.7.egg (from -r requirements.txt (line 4)) (2.5.0)
Requirement already satisfied: urwid>=1.1.1 in /usr/lib/python2.7/dist-packages (from pudb->-r requirements.txt (line 1)) (2.0.1)
Requirement already satisfied: pygments>=1.0 in /usr/lib/python2.7/dist-packages (from pudb->-r requirements.txt (line 1)) (2.3.1)
root@Dork:/AutoSQLi# ./install.sh
Could not open requirements file: [Errno 2] No such file or directory: 'WhatWaf/requirements.txt'
Requirement already satisfied: pudb in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 1)) (2019.1)
Requirement already satisfied: argparse in /usr/lib/python2.7 (from -r requirements.txt (line 2)) (1.2.1)
Requirement already satisfied: psutil in /usr/local/lib/python2.7/dist-packages (from -r requirements.txt (line 3)) (5.6.2)
Requirement already satisfied: requests in /usr/local/lib/python2.7/dist-packages/requests-2.5.0-py2.7.egg (from -r requirements.txt (line 4)) (2.5.0)
Requirement already satisfied: urwid>=1.1.1 in /usr/lib/python2.7/dist-packages (from pudb->-r requirements.txt (line 1)) (2.0.1)
Requirement already satisfied: pygments>=1.0 in /usr/lib/python2.7/dist-packages (from pudb->-r requirements.txt (line 1)) (2.3.1)
Requirement already satisfied: pysocks in /usr/lib/python2.7/dist-packages (1.6.8)

| dependencies installed ! |

running chmod +x on *.py ...
chmod: cannot access 'DorkNet/dorknet.py': No such file or directory
chmod: cannot access 'WhatWaf/whatwaf.py': No such file or directory
chmod: cannot access 'sqlmap/sqlmap.py': No such file or directory
root@Dork:~/AutoSQLi#

Allow to dork from file

Finish the "dork from file" feature.

Add tests.

Currently, to debug AutoSQLi, I need to run it with the --debug flag which launch a sort of a python debugger which looks like GDB. this permit to check entirely the code flow, but takes a long time.

I don't know how tests are handled in python, so if someone have a suggestion, write it here :)
( don't be shy )