This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label MySQL. Show all posts
Showing posts with label MySQL. Show all posts

portSpider - A Lightning Fast Multithreaded Network Scanner Framework With Modules

June 04, 2017  , , , , , , , , , , , , , ,  


A lightning fast multithreaded network scanner framework with modules.

modules:
  • http - Scan for open HTTP ports, and get the the titles.
  • mysql - Scan for open MySQL servers, and try to log in with the default credentials.
  • mongodb - Scan for open MongoDB instances, and check if they are password protected.
  • ssh - Scan for open SSH ports.
  • printer - Scan for open printer ports and websites.
  • gameserver - Scan for open game server ports.
  • manual - Scan custom ports.

commands:
  • modules - List all modules.
  • use - Use a module.
  • options - Show a module's options.
  • set - Set an option.
  • run - Run the selected module.
  • back - Go back to menu.
  • exit - Shut down portSpider.

installing:

Debian based systems:
$ sudo apt-get update && sudo apt-get install python3 python3-pip -y

$ git clone https://github.com/xdavidhu/portSpider

$ cd portSpider/

$ python3 -m pip install -r requirements.txt

macOS / OSX:
$ brew install python3

$ git clone https://github.com/xdavidhu/portSpider

$ cd portSpider/

$ python3 -m pip install -r requirements.txt
NOTE: You need to have Homebrew installed before running the macOS/OSX installation.
WARNING: portSpider is only compatible with Python 3.3 & 3.4 & 3.5 & 3.6

developers:


Read More

Leviathan - Wide Range Mass Audit Toolkit

April 28, 2017  , , , , , , , , , , , , , , , , ,  


Leviathan is a mass audit toolkit which has wide range service discovery, brute force, SQL injection detection and running custom exploit capabilities. It consists open source tools such masscan, ncrack, dsss and gives you the flexibility of using them with a combination.
The main goal of this project is auditing as many system as possible in country-wide or in a wide IP range.

Main Features
Discovery: Discover FTP, SSH, Telnet, RDP, MYSQL services running inside a specific country or in an IP range via Shodan, Censys. It's also possible to manually discover running services on a IP range by integrated “masscan” tool.
Brute Force: You can brute force the discovered services with integrated “ncrack” tool. It has wordlists which includes most popular combinations and default passwords for specific services.
Remote Command Execution: You can run system commands remotely on compromised devices.
SQL Injection Scanner: Discover SQL injection vulnerabilities on websites with specific country extension or with your custom Google Dork.
Exploit Specific Vulnerabilities: Discover vulnerable targets with Shodan, Censys or masscan and mass exploit them by providing your own exploit or using preincluded exploits.

Integrated Tools
Masscan: It’s a very fast TCP port scanner by Robert David Graham. Leviathan uses masscan for detecting services on a huge IP range. https://github.com/robertdavidgraham/masscan
Ncrack: Ncrack is a high-speed network authentication cracking tool. Leviathan uses ncrack to brute force services such as FTP, SSH, RDP, Telnet, MYSQL etc. https://github.com/nmap/ncrack
DSSS (Damn Small SQLi Scanner): DSSS is a fully functional and minimal SQL injection vulnerability scanner by Miroslav Stampar. Leviathan uses DSSS to identify SQL Injection vulnerabilities on specific URLs. https://github.com/stamparm/DSSS

Installation
For detailed installiation, please visit our wiki page.

Kali Linux:
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Install Python libraries:
pip install -r requirements.txt
It's done!

Debian/Ubuntu:
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Run installiation script. It will setup required tools (ncrack, masscan) and python libraries.
bash scripts/debian_install.sh
It's done!

macOS:
If homebrew is not installed on your system, please install it first:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
Download leviathan by cloning the Git repository:
git clone https://github.com/leviathan-framework/leviathan.git
Go inside the folder
cd leviathan
Run installiation script. It will setup required tools (ncrack, masscan) and python libraries.
bash scripts/macos_install.sh
It's done!

Requirements
Python version 2.7.x is required for running this program.
Supported platforms: Linux (Kali Linux, Debian, Ubuntu), macOS

Usage
Run the program with following command:
python leviathan.py
You can get basic usage information inside the menus. For detailed usage manual, visit our wiki page.

Screenshots



Read More

Blindy - Simple Script for running BruteForce Blind MySql Injection

April 23, 2017  , , , , , , , , , , , ,  


Simple script for running bruteforce blind MySql injection
The script will run through queries listed in sets in provided file (default-queries.json as default) and try to bruteforce places with {} placeholder. If no {} placeholder present, the script will simply make request with current query.

command line
$ python3 blindy.py --help
usage: blindy.py [-h] [-f filename] [-m method] -p name -r regexp -u url
                 [-s set_of_queries]

Run blind sql injection using brutforce

optional arguments:
  -h, --help            show this help message and exit
  -f filename           File name for your commands in json format, defaults
                        to default-queries.json
  -m method, --method method
                        Where to inject (GET - get parameter/default, POST -
                        post parameter, HEADER - header)
  -p name               Name of parameter (for get - param name, post - param
                        name, for header - name of header). If params need to
                        have fixed value use -p submit=true
  -r regexp             Regular expression for negative pattern (script search
                        for the pattern and if present - will consider that
                        injection failed and igrone result.)
  -u url                Url to test
  -s set_of_queries, --set set_of_queries
                        Which set of queries to analyze from json file, for
                        ex. login, blind. Default to blind.

Example usage
Bruteforce inject into POST query_param
python3 blindy.py -m POST -p query_param -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/index.php -s blind
Bruteforce inject into POST query_param with placeholder
python3 blindy.py -m POST -p "query_param=login {}" -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/index.php -s blind
This will inject the queries in a place of {} parameter placeholder
Simple check a list of queries against username parameter
python3 blindy.py -m POST -p username -p submit=1 -r 'Pattern\ to\ ignore\ result' -u http://example.com/login.php -s login


Read More

Hexorbase - Multiple Database Management and Audit Tool

June 22, 2014  , , , , , , , , , , ,  


HexorBase is a database application designed for administering and auditing multiple database servers simultaneously from a centralized location, it is capable of performing SQL queries and bruteforce attacks against common database servers (MySQL, SQLite, Microsoft SQL Server, Oracle, PostgreSQL ).HexorBase allows packet routing through proxies or even metasploit pivoting antics to communicate with remotely inaccessible servers which are hidden within local subnets.

It works on Linux and Windows running the following:

Requirements:

  • python
  • python-qt4
  • cx_Oracle
  • python-mysqldb
  • python-psycopg2
  • python-pymssql
  • python-qscintilla2


To install simply run the following command in terminal after changing directory to the path were the downloaded package is:
root@host:~# dpkg -i hexorbase_1.0_all.deb


Read More

[jSQL] SQLi automática con Java

February 22, 2013  , , , , , , ,  

jSQL es una herramienta gratuita y de código abierto construida en Java para inyecciones SQL automáticas. Con una interfaz muy sencilla y fácil de usar para el usuario.



Características:
  • Soporte para metodos GET, POST, header cookie.
  • Tipos de inyección: normal, error based, blind, time based.
  • Detección de algoritmos automática.
  • Muestra el progreso para recibir datos
  • Opciones para detener, pausar o reanudar operaciones.
  • Soporte para Proxy.
  • Evasión
  • Disponible para Linux, Windows, etc.
  • Soporte solo para MySQL
Actualmente se encuentra en la versión 0.2

Página del proyecto: http://code.google.com/p/jsql-injection/
Descargas: http://adf.ly/14645Y

Read More
Subscribe to: Posts (Atom)