https://github.com/agc93/dechar
A simple tool to decode SQL CHAR() commands (as often seen in SQLi)
https://github.com/agc93/dechar
logs sqli
Last synced: about 2 months ago
JSON representation
A simple tool to decode SQL CHAR() commands (as often seen in SQLi)
- Host: GitHub
- URL: https://github.com/agc93/dechar
- Owner: agc93
- License: mit
- Created: 2019-07-11T05:14:46.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2019-07-11T11:39:15.000Z (almost 6 years ago)
- Last Synced: 2024-05-28T23:41:36.217Z (11 months ago)
- Topics: logs, sqli
- Language: Go
- Size: 4.88 KB
- Stars: 0
- Watchers: 1
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# deCHAR
## Introduction
A simple Go CLI used to "decode" SQL `CHAR()` commands. These are often used in SQL Injection attacks (SQLi) to obfuscate the commands/queries being injected.
Logs like
```sql
CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),...
```
are pretty unhelpful, so run it through `deCHAR` to get the "real" output.
## Usage
To run, simply run `./dechar` and provide the comma-separated `CHAR()` text as argument (support for piping/stdin will hopefully come in future):
```bash
./dechar "CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45)"
```
You can also provide `-o simple|lines|table` to change the output format. The default (`simple`) is a comma-separated list, while `lines` is newline-separated and `table` prints both the original and decoded text in a table.