Python script to fuzz for SQL injection vulnerabilities in URL and input parameters.

These details have not been verified by PyPI

Project links

Project description

SQLi Fuzzer

Summary • Requirements • Installation • Usage • To Do • License

alt text

Summary

SQLi Fuzzer is a tool made for personal use. This tool fuzzes for URL or input parameters vulnerable to SQL Injections. The file url_fuzz.txt currently contains basic ORDER BY SQL queries passed in URL parameter. The default wordlist includes SQL queries in plaintext, url encoding and hex encoding.

Warning: The tool is currently under development. I cannot gurantee successful utilisation.

Requirements

Python 3.xx

Installation

A few Python libraries are required for successfully usage. These libraries can be downloaded with the requirements.txt file.

# Clone this repository
$ git clone https://github.com/sapphicart/sqli-fuzzer.git

# Change directories
$ cd sqli-fuzzer

# Install required dependencies
pip install -r requirements.txt

Usage

Use the --help switch to read the OPTIONS available.

$ python sqlifuzzer.py --help
Usage: sqlifuzzer.py [OPTIONS]

Options:
  -u, --url TEXT        The URL to fuzz
  -v, --verify BOOLEAN  SSL certificate verification. Default True
  -w, --wordlist TEXT   /path/to/wordlist.txt
  --help                Show this message and exit.

Example:

$ python sqlifuzzer.py -u https://redtiger.labs.overthewire.org/level1.php -v False -w url_fuzz.txt

To Do

Upcoming features:

Input parameters fuzzing
HTTP Verbs (GET, POST, PUT) fuzzing
Diverse wordlist

License

Distributed under MIT License.

Project details

These details have not been verified by PyPI

Project links

Release history Release notifications | RSS feed

0.0.9

Aug 15, 2024

0.0.7

Aug 15, 2024

0.0.5

Aug 14, 2024

0.0.4

Aug 14, 2024

This version

0.0.3

Aug 14, 2024

0.0.2

Aug 14, 2024

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sqlifuzzer-0.0.3.tar.gz (4.9 kB view details)

Uploaded Aug 14, 2024 Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

The dropdown lists show the available interpreters, ABIs, and platforms. Enable javascript to be able to filter the list of wheel files.

sqlifuzzer-0.0.3-py3-none-any.whl (5.5 kB view details)

Uploaded Aug 14, 2024 Python 3

File details

Details for the file sqlifuzzer-0.0.3.tar.gz.

File metadata

Download URL: sqlifuzzer-0.0.3.tar.gz
Upload date: Aug 14, 2024
Size: 4.9 kB
Tags: Source
Uploaded using Trusted Publishing? No
Uploaded via: twine/5.1.1 CPython/3.10.11

File hashes

Hashes for sqlifuzzer-0.0.3.tar.gz
Algorithm	Hash digest
SHA256	`45928bda00075ca14409894eb72443aec8b84e5423312cc8f276d946a6155b61`
MD5	`8bc27ad76aaca4b349be6d9f0c67e0ce`
BLAKE2b-256	`262eea9d6de8c7c8771ac1f6431addc2f3c9ddefe0491219d4b52a68a602a6a9`

See more details on using hashes here.

File details

Details for the file sqlifuzzer-0.0.3-py3-none-any.whl.

File metadata

Download URL: sqlifuzzer-0.0.3-py3-none-any.whl
Upload date: Aug 14, 2024
Size: 5.5 kB
Tags: Python 3
Uploaded using Trusted Publishing? No
Uploaded via: twine/5.1.1 CPython/3.10.11

File hashes

Hashes for sqlifuzzer-0.0.3-py3-none-any.whl
Algorithm	Hash digest
SHA256	`9d15b26eb0f2bd84ecf0c2765a4639c24d546ef69391ee88a5463ecaba46a5e5`
MD5	`14fdc8e6901aa5a7a3420850f0fac2f5`
BLAKE2b-256	`5504e2a8952775b41dc33e5af6cedcf03ccb16deeb52252fd133a38f88c2cf2e`

See more details on using hashes here.

sqlifuzzer 0.0.3

Navigation

Verified details

Maintainers

Unverified details

Project links

Meta

Classifiers

Project description

SQLi Fuzzer

Summary

Requirements

Installation

Usage

To Do

License

Project details

Verified details

Maintainers

Unverified details

Project links

Meta

Classifiers

Release history Release notifications | RSS feed

Download files

Source Distribution

Built Distribution

File details

File metadata

File hashes

File details

File metadata

File hashes