mirmohammadd / sqlgo Goto Github PK

An automatic SQL injection tool.

License: GNU General Public License v3.0

Python 99.49% HTML 0.41% TSQL 0.03% PLSQL 0.03% PLpgSQL 0.04%

cybersecurity databases python3 sqlinjection takeover sql sql-database sql-server sqlinject-defense penetration-testing pentesting

sqlgo's Introduction

sqlgo

Unlocking Data Safely with SQLGO: Your Shield Against Vulnerabilities!

What is sqlgo project?

sqlgo is a tool which designed for SQL injection test for the educational targets,not illegal.remember: FOR ETHICAL USE ONLY!!!

how to install sqlgo?

git clone --depth 1 https://github.com/HeisenbergCipherCracker/sqlgo.git

copy the above command to the terminal and navigate to the sqlgo directory make sure you have git installed on your system.

dependencies

use the following commands to install the sqlgo dependencies using pip

pip install -r requirements.txt

pip3 install -r requirements.txt

for window OS

python -m pip install -r requirements.txt

python3 -m pip install-r requirements.txt for unix based systems

Usage of --beep option

Note: python3.13 alpha will not support this feature! and we have been acknowledged that this options was not working peoperly on some devieces. if you wish to you use --beep option, you have to install the follwing libraries:

simpleaudio pydub

you can run :

python3 -m pip install -r extrarequirements.txt

Options

Show the help menu

python3 sqlgo.py --help

Update the program

python3 sqlgo.py --update

Launch attack

python3 sqlgo.py -u http://www.target-url?id=1 --level <level> --verbose <verbose> --tamper <tamper> --dbms<DBMS> --dump

Features of sqlgo

Supports SQL Injection attacks against MySQL
Support of sending the different payloads including stack query , time delay and union all payload and other strong payloads.
provides lot of tamper scripts to tamper the payloads to bypass WAF or Intrusion detection systems (IDS).
Provides various encoding techniques to encode
Automatic sql injection vulnerability detection and scanner

How do i report the bugs?

bugs will be accepted if they exists and you can report it from the github page of sqlgo. you can go to the issues tab in the github and report the bug in the clear sentence.

Persian Translation : https://github.com/HeisenbergCipherCracker/sqlgo/blob/main/doc/translations/farsi.md

French Translation : https://github.com/HeisenbergCipherCracker/sqlgo/blob/main/doc/translations/french.md

Chinese Translation : https://github.com/HeisenbergCipherCracker/sqlgo/blob/main/doc/translations/chinese.md

Bulgarian Translation: https://github.com/HeisenbergCipherCracker/sqlgo/blob/main/doc/translations/bulg.md

sqlgo's People

Contributors

Stargazers

Watchers

Forkers

jackthehacker1999 zxc2007

sqlgo's Issues

Add more tamper scripts

Make the prompt more designed for user friendly

Add usr/bin env

Dump all the databases columns and rows automatic.

Add an option to activate enumeration of database options and dump all the databases and show it to user.

feature request

request issue

Traceback (most recent call last):
File "/root/sqlgo/src/core/controler/controller.py", line 54, in heuristic_injection_test_union_based
response = urllib.request.urlopen(request)
File "/usr/lib/python3.10/urllib/request.py", line 216, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python3.10/urllib/request.py", line 519, in open
response = self._open(req, data)
File "/usr/lib/python3.10/urllib/request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/lib/python3.10/urllib/request.py", line 496, in _call_chain
result = func(*args)
File "/usr/lib/python3.10/urllib/request.py", line 1391, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/lib/python3.10/urllib/request.py", line 1352, in do_open
r = h.getresponse()
File "/usr/lib/python3.10/http/client.py", line 1375, in getresponse
response.begin()
File "/usr/lib/python3.10/http/client.py", line 318, in begin
version, status, reason = self._read_status()
File "/usr/lib/python3.10/http/client.py", line 279, in _read_status
line = str(self.fp.readline(_MAXLINE + 1), "iso-8859-1")
File "/usr/lib/python3.10/socket.py", line 705, in readinto
return self._sock.recv_into(b)
File "/usr/lib/python3.10/ssl.py", line 1303, in recv_into
return self.read(nbytes, buffer)
File "/usr/lib/python3.10/ssl.py", line 1159, in read
return self._sslobj.read(len, buffer)

make the program compatible with python2.7

Create a logo for python2 runtime

guide user while having missing dependencies

Make the program to continue the work after failing sending the requests until it reaches the dumping actions

Fixes

Traceback (most recent call last):
File "/Users/alimirmohammad/sqlgo/sqlgo.py", line 2, in
from lib.core.tester.gather import gather_exploit
File "/Users/alimirmohammad/sqlgo/lib/core/tester/gather.py", line 37, in
from lib.core.tester.useragentparam.useragent import crawler
File "/Users/alimirmohammad/sqlgo/lib/core/tester/useragentparam/useragent.py", line 70, in
_req = requests.get(_url)
^^^^^^^^^^^^^^^^^^
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/sessions.py", line 575, in request
prep = self.prepare_request(req)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/sessions.py", line 486, in prepare_request
p.prepare(
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/models.py", line 368, in prepare
self.prepare_url(url, params)
File "/Users/alimirmohammad/sqlgo/thirdparty/requests/models.py", line 439, in prepare_url
raise MissingSchema(
thirdparty.requests.exceptions.MissingSchema: Invalid URL 'None': No scheme supplied. Perhaps you meant https://None?

Gradually delete xml payload and then the option from the program.

Design the program for python 3.6 to more

Add more documents

Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Error: 3-23 01:07:31] [ERROR] 'int' object has no attribute 'isspace'

Describe the bug
A clear and concise description of what the bug is.

To Reproduce
Steps to reproduce the behavior:

Go to '...'
Click on '....'
Scroll down to '....'
See error

Expected behavior
A clear and concise description of what you expected to happen.

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

OS: [e.g. iOS]
Browser [e.g. chrome, safari]
Version [e.g. 22]

Smartphone (please complete the following information):

Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]

Additional context
Add any other context about the problem here.

None type url issue

Traceback (most recent call last):
File "/Users/alimirmohammad/sqlgo/sqlgo.py", line 2, in
from lib.core.tester.gather import gather_exploit
File "/Users/alimirmohammad/sqlgo/lib/core/tester/gather.py", line 37, in
from lib.core.tester.useragentparam.useragent import crawler
File "/Users/alimirmohammad/sqlgo/lib/core/tester/useragentparam/useragent.py", line 67, in
crawler = Crawler(_url)
^^^^^^^^^^^^^
File "/Users/alimirmohammad/sqlgo/lib/core/tester/useragentparam/useragent.py", line 25, in init
self.request = urllib.request.Request(url)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/urllib/request.py", line 322, in init
self.full_url = url
^^^^^^^^^^^^^
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/urllib/request.py", line 348, in full_url
self._parse()
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/urllib/request.py", line 377, in _parse
raise ValueError("unknown url type: %r" % self.full_url)
ValueError: unknown url type: 'None'

Remove the useless modules and codes

Program will not print the tampered payloads

url is assigned before it declaration for logger.debug(url) in _requests.py file

Add CSV dumping option

Add sqlmap DBMS classes for thirdparty

FIXES

Exception in thread Thread-11:
Traceback (most recent call last):
File "/opt/homebrew/Cellar/[email protected]/3.12.1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/threading.py", line 1073, in _bootstrap_inner
self.run()
File "/opt/homebrew/Cellar/[email protected]/3.12.1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/threading.py", line 1010, in run
self._target(*self._args, **self._kwargs)
TypeError: 'tuple' object is not callable

ISSUES

Exception in thread Thread-11:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/threading.py", line 1045, in _bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/threading.py", line 982, in run
self._target(*self._args, **self._kwargs)
TypeError: 'tuple' object is not callable

Update the payloads data

thread 2o issue

Exception in thread Thread-20:
Traceback (most recent call last):
File "/opt/homebrew/Cellar/[email protected]/3.12.1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/threading.py", line 1073, in _bootstrap_inner
self.run()
File "/opt/homebrew/Cellar/[email protected]/3.12.1/Frameworks/Python.framework/Versions/3.12/lib/python3.12/threading.py", line 1010, in run
self._target(*self._args, **self._kwargs)
TypeError: 'bool' object is not callable