Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/agienka/blindy
Simple script to automate brutforcing blind sql injection vulnerabilities
https://github.com/agienka/blindy
Last synced: 21 days ago
JSON representation
Simple script to automate brutforcing blind sql injection vulnerabilities
- Host: GitHub
- URL: https://github.com/agienka/blindy
- Owner: agienka
- Created: 2017-04-10T13:59:25.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-07-16T13:20:52.000Z (over 7 years ago)
- Last Synced: 2024-08-09T21:11:20.626Z (4 months ago)
- Language: Python
- Size: 21.5 KB
- Stars: 53
- Watchers: 6
- Forks: 28
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - agienka/blindy - Simple script to automate brutforcing blind sql injection vulnerabilities (Python)
README
# Blindy
Simple script for running brute-force blind MySql injectionNote: this script was created for fun, helpful in some ctf challenges :)
## description
* The script will run through queries listed in sets in provided file and try to brute-force any place where `{}` placeholder is found.
* GET & POST http methods are supported
* Http HEADERS are supported in the same way as other parameters
* In default mode, script looks for negative pattern (text that is not visible when injection succeeds)
* With `--positive` flag one can switch to looking for expected response## command line interface
```bash
$ python3 blindy.py --help
usage: blindy.py [-h] [-X HTTP_METHOD] -p PARAMETER [-H HTTP_HEADER]
[-f FILENAME] -r PATTERN [--positive] [-s QUERY_SET] [-e]
[-v]
urlRun blind sql injection using brute force
positional arguments:
url Target urloptional arguments:
-h, --help show this help message and exit
-X HTTP_METHOD, --http-method HTTP_METHOD
Http method: (GET (default), POST)
-p PARAMETER, --parameter PARAMETER
Parameter, e.g. name=value, name={}
-H HTTP_HEADER, --http-header HTTP_HEADER
Http headers, e.g. X-Custom_header:value,
X-Custom_header:{}
-f FILENAME, --filename FILENAME
File with commands in json, default queries.json
-r PATTERN, --pattern PATTERN
Regular expression
--positive Injection was successfull if pattern IS PRESENT in
response
-s QUERY_SET, --query-set QUERY_SET
Json key for query set, default to ['login']
-e, --encode Url encode payload
-v, --verbose Print full info what's going on==================== [example usage] ===================
Bruteforce POST `query_param` parameter:
$ python3 blindy.py http://localhost/index.php -X POST -p query_param={} -p submit=1 -r "Wrong param" -s "['blind']"Bruteforce POST `query_param` parameter part:
$ python3 blindy.py http://localhost/index.php -X POST -p "query_param=login {}" -p submit=1 -H 'Cookie: PHPSESSID=sdfsdgvdvsdvs' -r "Wrong param" -s "['blind']"Bruteforce `X-Custom-Header` in GET request - use single query from set:
$ python3 blindy.py http://localhost/index.php -X GET -p admin=1 -H "X-Custom_header: {}" -r "Wrong param" -s "['blind'][0]"Simple check a list of queries against `username` parameter (negative pattern):
$ python3 blindy.py http://localhost/login.php -X POST -p username={} -p submit=1 -r "Wrong username" -s "['login']"Simple check a list of queries against `username` parameter (positive pattern):
$ python3 blindy.py http://localhost/login.php -X POST -p username={} -p submit=1 -r "Welcome back, admin" --positive -s "['login']"
```## running tests
```bash
python3 -m unittest blindy_test.py
```