SQL Injection Testing Tool

Closed Posted Nov 4, 2008 Paid on delivery
Closed Paid on delivery

I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.

There are the required features for this tool:

1. Ability to crawl an http/https website and identify SQL Injection.

2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection

3. Ability enumerate database information, and read files located on the server

4. Ability to brute-force the MS-SQL Server 'sa' account

5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure

6. Ability to choose different encoding types, and comment injection for IDS evasion

You can use the following open-source tools as references for both required features, and source code samples:

[url removed, login to view]:

[url removed, login to view]

[url removed, login to view]:

[url removed, login to view]

[url removed, login to view]:

[url removed, login to view]

[url removed, login to view]:

[url removed, login to view]

[url removed, login to view]:

[url removed, login to view]

SQLNinja:

[url removed, login to view]

## Deliverables

I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.

There are the required features for this tool:

1. Ability to crawl an http/https website and identify SQL Injection.

2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection

3. Ability enumerate database information, and read files located on the server

4. Ability to brute-force the MS-SQL Server 'sa' account

5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure

6. Ability to choose different encoding types, and comment injection for IDS evasion

You can use the following open-source tools as references for both required features, and source code samples:

Wapiti:

[url removed, login to view]

This python based tool has the ability to scan a website and identify SQL Injection in both GET and POST requests. It also includes [url removed, login to view] for sites that require a cookie.

SQLMap:

[url removed, login to view]

This python based tool has the ability to extract data from a backend database via true/false sql injection (differentiating between a 1=1/1=2 or similar statement passed along with the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.

Note: It may be more efficient to write an [url removed, login to view] wrapper and just pass the required parameters to this program.

SQLBrute:

[url removed, login to view]

This python based tool has the ability to extract data from a backend database via time-based sql injection (appending a 'waitfor delay' statement to the end of the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.

Note: It may be more efficient to write an [url removed, login to view] wrapper and just pass the required parameters to this program.

SQID:

[url removed, login to view]

This ruby based tool has the ability to query google for SQL Injection vulnerabilities, it can test an individual URL for sql injection, and it can crawl a http/https website looking for SQL Injection vulnerabilities.

Squeeza:

[url removed, login to view]

This ruby based tool has the ability to extract data from a backend database via an out-of-band medium such as DNS, or HTTP.

SQLNinja:

[url removed, login to view]

This perl based tool has the ability to not only enumerate database information, but it can also brute-force the 'sa' account, re-enable xp_cmdshell stored procedure on MSSQL2000/2005, and it can upload netcat/dnstun to the host via inline file transfer.

Computer Security Engineering MySQL Perl PHP Project Management Python Ruby on Rails Software Architecture Software Testing Web Security

Project ID: #3364629

About the project

Remote project Active Nov 26, 2008