SQLInject-Finder – Intelligent SQL Injection Detection Script

Cybertroopers storming your ship?


SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.

The output includes:

  • The suspicious IP address
  • The attacked webpage
  • The parameter and value used
  • The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
  • The reason why the request was flagged

Requirements

This script was tested using Python 2.6.5. Other versions are not guaranteed to work.

This script depends on the dpkt libraries.

You can download SQLInject-Finder here:

sqlinject-finder.py

Or read more here.


Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , , , , ,

Recent in Database Hacking:
- Onapsis Bizploit v1.50 – SAP Penetration Testing Framework
- OAT – Oracle Auditing Tools For Database Security
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security

Related Posts:

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 75,965 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 54,294 views
- SQLBrute – SQL Injection Brute Force Tool - 40,539 views

Get 50% off your second year with our 2-year deal!


Comments are closed.