SQL Injection Testing Tool
$100-400 USD
Paid on delivery
I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.
There are the required features for this tool:
1. Ability to crawl an http/https website and identify SQL Injection.
2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection
3. Ability enumerate database information, and read files located on the server
4. Ability to brute-force the MS-SQL Server 'sa' account
5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure
6. Ability to choose different encoding types, and comment injection for IDS evasion
You can use the following open-source tools as references for both required features, and source code samples:
[url removed, login to view]:
[url removed, login to view]
[url removed, login to view]:
[url removed, login to view]
[url removed, login to view]:
[url removed, login to view]
[url removed, login to view]:
[url removed, login to view]
[url removed, login to view]:
[url removed, login to view]
SQLNinja:
[url removed, login to view]
## Deliverables
I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.
There are the required features for this tool:
1. Ability to crawl an http/https website and identify SQL Injection.
2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection
3. Ability enumerate database information, and read files located on the server
4. Ability to brute-force the MS-SQL Server 'sa' account
5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure
6. Ability to choose different encoding types, and comment injection for IDS evasion
You can use the following open-source tools as references for both required features, and source code samples:
Wapiti:
[url removed, login to view]
This python based tool has the ability to scan a website and identify SQL Injection in both GET and POST requests. It also includes [url removed, login to view] for sites that require a cookie.
SQLMap:
[url removed, login to view]
This python based tool has the ability to extract data from a backend database via true/false sql injection (differentiating between a 1=1/1=2 or similar statement passed along with the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.
Note: It may be more efficient to write an [url removed, login to view] wrapper and just pass the required parameters to this program.
SQLBrute:
[url removed, login to view]
This python based tool has the ability to extract data from a backend database via time-based sql injection (appending a 'waitfor delay' statement to the end of the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.
Note: It may be more efficient to write an [url removed, login to view] wrapper and just pass the required parameters to this program.
SQID:
[url removed, login to view]
This ruby based tool has the ability to query google for SQL Injection vulnerabilities, it can test an individual URL for sql injection, and it can crawl a http/https website looking for SQL Injection vulnerabilities.
Squeeza:
[url removed, login to view]
This ruby based tool has the ability to extract data from a backend database via an out-of-band medium such as DNS, or HTTP.
SQLNinja:
[url removed, login to view]
This perl based tool has the ability to not only enumerate database information, but it can also brute-force the 'sa' account, re-enable xp_cmdshell stored procedure on MSSQL2000/2005, and it can upload netcat/dnstun to the host via inline file transfer.
Project ID: #3364629