Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/agienka/blindy

Simple script to automate brutforcing blind sql injection vulnerabilities
https://github.com/agienka/blindy

Last synced: 3 months ago
JSON representation

Simple script to automate brutforcing blind sql injection vulnerabilities

Host: GitHub
URL: https://github.com/agienka/blindy
Owner: agienka
Created: 2017-04-10T13:59:25.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2017-07-16T13:20:52.000Z (over 7 years ago)
Last Synced: 2024-04-09T23:50:00.603Z (7 months ago)
Language: Python
Size: 21.5 KB
Stars: 54
Watchers: 6
Forks: 28
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

awesome-hacking-lists - agienka/blindy - Simple script to automate brutforcing blind sql injection vulnerabilities (Python)

README

        # Blindy

Simple script for running brute-force blind MySql injection

Note: this script was created for fun, helpful in some ctf challenges :)

## description

* The script will run through queries listed in sets in provided file and try to brute-force any place where `{}` placeholder is found. 

* GET & POST http methods are supported

* Http HEADERS are supported in the same way as other parameters

* In default mode, script looks for negative pattern (text that is not visible when injection succeeds)

* With `--positive` flag one can switch to looking for expected response

## command line interface

```bash

$ python3 blindy.py --help

usage: blindy.py [-h] [-X HTTP_METHOD] -p PARAMETER [-H HTTP_HEADER]

                 [-f FILENAME] -r PATTERN [--positive] [-s QUERY_SET] [-e]

                 [-v]

                 url

Run blind sql injection using brute force

positional arguments:

  url                   Target url

optional arguments:

  -h, --help            show this help message and exit

  -X HTTP_METHOD, --http-method HTTP_METHOD

                        Http method: (GET (default), POST)

  -p PARAMETER, --parameter PARAMETER

                        Parameter, e.g. name=value, name={}

  -H HTTP_HEADER, --http-header HTTP_HEADER

                        Http headers, e.g. X-Custom_header:value,

                        X-Custom_header:{}

  -f FILENAME, --filename FILENAME

                        File with commands in json, default queries.json

  -r PATTERN, --pattern PATTERN

                        Regular expression

  --positive            Injection was successfull if pattern IS PRESENT in

                        response

  -s QUERY_SET, --query-set QUERY_SET

                        Json key for query set, default to ['login']

  -e, --encode          Url encode payload

  -v, --verbose         Print full info what's going on

==================== [example usage] ===================

Bruteforce POST `query_param` parameter:

$ python3 blindy.py http://localhost/index.php -X POST -p query_param={} -p submit=1 -r "Wrong param" -s "['blind']"

Bruteforce POST `query_param` parameter part:

$ python3 blindy.py http://localhost/index.php -X POST -p "query_param=login {}" -p submit=1 -H 'Cookie: PHPSESSID=sdfsdgvdvsdvs' -r "Wrong param" -s "['blind']"

Bruteforce `X-Custom-Header` in GET request - use single query from set:

$ python3 blindy.py http://localhost/index.php -X GET -p admin=1 -H "X-Custom_header: {}" -r "Wrong param" -s "['blind'][0]"

Simple check a list of queries against `username` parameter (negative pattern):

$ python3 blindy.py http://localhost/login.php -X POST -p username={} -p submit=1 -r "Wrong username" -s "['login']"

Simple check a list of queries against `username` parameter (positive pattern):

$ python3 blindy.py http://localhost/login.php -X POST -p username={} -p submit=1 -r "Welcome back, admin" --positive -s "['login']"

```

## running tests

```bash

python3 -m unittest blindy_test.py

```