https://github.com/axion-security/goinjection

Automated SQL Injection written in Golang
https://github.com/axion-security/goinjection

blind-based error-based sql sql-injection union-based

Last synced: 5 months ago
JSON representation

Automated SQL Injection written in Golang

• Host: GitHub
• URL: https://github.com/axion-security/goinjection
• Owner: Axion-Security
• License: other
• Created: 2024-12-18T18:53:24.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2025-01-04T17:13:02.000Z (6 months ago)
• Last Synced: 2025-01-04T18:23:44.468Z (6 months ago)
• Topics: blind-based, error-based, sql, sql-injection, union-based
• Language: Go
• Homepage:
• Size: 47.9 KB
• Stars: 3
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# GoInjection

![GoInjection Banner](img.png)



  🔧 Features | 

  🛡️ WAF Identification | 

  🔍 Fingerprinting | 

  💥 Injection Types | 

  🎨 GUI | 

  ⚙️ SQL Query Builder





  

    

  

  

    

  

  

    

  



## 🚀 Features

### 🛡️ WAF Identification

- Detect Web Application Firewalls (WAFs) by analyzing HTTP headers and server responses.

- Identifies potential WAFs based on changes in response status codes and content patterns.

### 🔍 Fingerprinting

- Automatically detects the type of database by analyzing errors and executing advanced SQL injection techniques like UNION and stacked queries.

- Custom tool-generated queries ensure precise fingerprinting.

### ⚙️ Interpreter

- Automatically selects the correct SQL dialect (MySQL, PostgreSQL, MSSQL, etc.) based on the target DBMS.

- Ensures the right syntax for effective SQL injections.

### 🧩 Resolver

- In development, this feature helps identify table columns and the name of the current database for more advanced injections.

- Essential for gaining deeper access to database structures.

### 💥 Injection Types

- Supports **Blind Injections** (Boolean and Time-based), **Error-based Injections**, and **UNION-based Injections**.

- Queries for these injection types are automatically created by the tool’s custom query generator.

### 🎨 GUI (Graphical User Interface)

- Modern, user-friendly interface designed to simplify the process, making it accessible for both experienced pentesters and beginners.

- Features intuitive controls for both new and experienced users.

### ⚙️ SQL Query Builder

- Generates tailored SQL payloads for each DBMS, optimizing query structure, including custom openings, endings, and elements.

- Fully automated query builder for each injection type.

## 📦 Installation

### Prerequisites:

Ensure you have Python 3.x installed and the required dependencies:

```bash

pip install flask pymysql

```

### Setup:

Clone the repository and install dependencies:

```bash

git clone https://github.com/Axion-Security/GoInjection.git

pip install flask pymysql

```

## 📝 Usage Example

Set up a basic SQL Injection Lab for testing:

```sql

USE sql_injection_lab;

CREATE TABLE IF NOT EXISTS products (

    id INT AUTO_INCREMENT PRIMARY KEY,

    name VARCHAR(100) NOT NULL,

    price DECIMAL(10, 2) NOT NULL

);

INSERT INTO products (name, price) VALUES

('Laptop', 799.99),

('Smartphone', 599.99),

('Tablet', 399.99),

('Headphones', 49.99),

('Smartwatch', 199.99);

```

## 🔑 License

This project is licensed under the [License](/LICENSE). See the `LICENSE` file for more details.