Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/axion-security/goinjection

Automated SQL Injection written in Golang
https://github.com/axion-security/goinjection

auto automated blind error golang sql sql-injection sqli union

Last synced: 27 days ago
JSON representation

Automated SQL Injection written in Golang

Host: GitHub
URL: https://github.com/axion-security/goinjection
Owner: Axion-Security
License: other
Created: 2024-12-18T18:53:24.000Z (about 1 month ago)
Default Branch: main
Last Pushed: 2024-12-18T19:19:46.000Z (about 1 month ago)
Last Synced: 2024-12-18T20:28:19.187Z (about 1 month ago)
Topics: auto, automated, blind, error, golang, sql, sql-injection, sqli, union
Language: Go
Homepage:
Size: 41 KB
Stars: 0
Watchers: 0
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # GoInjection

![img.png](img.png)

## Overview

This project is designed to perform SQL injection testing on various database systems. It includes functions to determine the number of columns in a database table and to identify the database type based on the response to SQL injection queries.

## Features

- SQL Injection Testing: Perform SQL injection testing on various database systems.

- Column Count Detection: Determine the number of columns in a database table using SQL injection.

- Database Type Identification: Identify the database type (MySQL, PostgreSQL, MsSQL, SQLite) based on SQL injection responses.

- Word Count Analysis: Count the occurrences of words in the response to help identify the database.

- WAF Detection: Detect the presence of Web Application Firewalls (WAF) by analyzing HTTP responses and status codes.

- WAF Identification: Identify specific WAFs (e.g., Cloudflare, Cloudfront, Akamai, Sucuri) based on HTTP headers and response content.

- Multi-DBMS Support: Support for multiple database management systems (DBMS) including MySQL, PostgreSQL, MsSQL, and SQLite.

## Testing

```sql

USE sql_injection_lab;

CREATE TABLE IF NOT EXISTS products (

    id INT AUTO_INCREMENT PRIMARY KEY,

    name VARCHAR(100) NOT NULL,

    price DECIMAL(10, 2) NOT NULL

);

INSERT INTO products (name, price) VALUES

('Laptop', 799.99),

('Smartphone', 599.99),

('Tablet', 399.99),

('Headphones', 49.99),

('Smartwatch', 199.99);

```

The project includes a test site that is located in `SQL_Injection_Lab.py` file.

## ToDo

- Add more methods for Getting Database and Columns.

- Add Table dumping.

- Make a GUI for the project.

## License

This project is licensed under the MIT License. See the `LICENSE` file for more details.