Code Monkey home page Code Monkey logo

xpath's Introduction

Xpath Automated SQL Injection

Xpath is a python open source Sql injector that automates the process of detecting and exploiting error-based injection security flaws. At the moment, DBMS supported by Xpath is mysql. Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk!.

image.png

Date

  • 18-02-2017

Requirements

Python27

  • requests
  • colorama

How to install requierd modules.

pip install [required module]

Tested on

  • Windows 7/8
  • Kali linux 2.0
  • Mac 10.9.5

Installation

You can download the latest version of Xpath by cloning the GitHub repository:

git clone https://github.com/r0oth3x49/Xpath.git

Usage


xpath tool v2.0 - Automated Xpath Sql Injection
Author: Nasir khan (r0ot h3x49)
Usage: xpath.py [options]
Options:
  -h, --help           Show basic help message and exit
  --version            Show program's version number and exit
  Target:
    At least one of these options has to be provided to define the target(s)	
    -u URL, --url=URL  Target URL (e.g. "http://www.site.com/vuln.php?id=1")
  Request:
    These options can be used to specify how to connect to the target URL
    --data=DATA        Data string to be sent through POST
    --tor              Use Tor anonymity network
    --new-id           Request for new identity to Tor anonymity network
    --timeout=TIMEOUT  Seconds to wait before timeout connection (default 30)
  Techniques:
    These options can be used to tweak testing of specific SQL injection techniques
    --technique=TECH   SQL injection techniques to use  (default 'X')
                       error-based (DOUBLE/BIGINT) Injection (--technique=D)
                       error-based   (Geometric)   Injection (--technique=G)
                       error-based     (FLOOR)     Injection (--technique=E)
  Enumeration:
    These options can be used to enumerate the back-end database
    managment system information, structure and data contained in the tables.
    -b, --banner       Retrieve DBMS banner
    --current-user     Retrieve DBMS current user
    --current-db       Retrieve DBMS current database
    --hostname         Retrieve DBMS server hostname
    --dbs              Enumerate DBMS databases
    --tables           Enumerate DBMS database tables
    --columns          Enumerate DBMS database table columns
    --dump             Dump DBMS database table entries
    -D DB              DBMS database to enumerate
    -T TBL             DBMS database tables(s) to enumerate
    -C COL             DBMS database table column(s) to enumerate
  Example:
    xpath.py -u http://www.test.com/index.php?id=1 --dbs

    xpath.py -u http://www.test.com/ --data "index.php?id=1" --dbs

Legal disclaimer

Usage of xpath for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local,state and federal laws. 
Developer assume no liability and is not responsible for any misuse or damage caused by this program.

xpath's People

Contributors

r0oth3x49 avatar

Watchers

James Cloos avatar Walter C avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.