SQLInject-Finder - Intelligent SQL Injection Detection Script - Darknet - The Darkside

14 December 2010 | 16,433 views

SQLInject-Finder – Intelligent SQL Injection Detection Script

SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.

The output includes:

The suspicious IP address
The attacked webpage
The parameter and value used
The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
The reason why the request was flagged

Requirements

This script was tested using Python 2.6.5. Other versions are not guaranteed to work.

This script depends on the dpkt libraries.

You can download SQLInject-Finder here:

sqlinject-finder.py

Or read more here.

Tags: Database Hacking, database-security, Hacking Tools, locate sql injection, sql injection detection, sql injection vulnerability, sql-injection, sql-injection-tool, sqlinject-finder, Web Hacking, web-application-security

Subscribe to Darknet RSS Feed

Subscribe to Darknet RSS Feed

Follow @THEdarknet

Recent in Database Hacking:
- The Mole v0.3 Released For Download – Automatic SQL Injection Exploitation Tool
- MySQL 1 Liner Hack Gives Root Access Without Password
- xSQLScanner – Database Password Cracker & Security Audit Tool For MS-SQL & MySQL

Related Posts:
- Wapiti – Web Application Scanner / Black-box testing
- w3af – Web Application Attack and Audit Framework
- WAVSEP – Web Application Vulnerability Scanner Evaluation Project

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 65,221 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,285 views
- Absinthe Blind SQL Injection Tool/Software - 38,166 views

Comments are closed.