Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/sapphicart/sqli-fuzzer

Python script to fuzz for SQL injection vulnerabilities in URL and input parameters
https://github.com/sapphicart/sqli-fuzzer

python sqli-vulnerability-scanner sqlinjection

Last synced: about 1 month ago
JSON representation

Python script to fuzz for SQL injection vulnerabilities in URL and input parameters

Host: GitHub
URL: https://github.com/sapphicart/sqli-fuzzer
Owner: sapphicart
License: mit
Created: 2024-04-15T16:12:21.000Z (9 months ago)
Default Branch: main
Last Pushed: 2024-08-15T09:23:50.000Z (5 months ago)
Last Synced: 2024-10-28T22:37:05.344Z (2 months ago)
Topics: python, sqli-vulnerability-scanner, sqlinjection
Language: Python
Homepage:
Size: 535 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 2
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

SQLi Fuzzer

Summary •
Requirements •
Installation •
Usage •
To Do •
License

## Summary

SQLi Fuzzer is a tool made for personal use. This tool fuzzes for URL or input parameters vulnerable to SQL Injections. The file `url_fuzz.txt` currently contains basic `ORDER BY` SQL queries passed in URL parameter. The default wordlist includes SQL queries in plaintext, url encoding and hex encoding.

**Warning: The tool is currently under development. I cannot gurantee successful utilisation.**

## Requirements
- Python 3.xx

## Installation
There are two ways to install `sqlifuzzer`:

Install the tool directly with `pip`
```bash
pip install sqlifuzzer
```

Or, you can build from source. Download the latest [release](https://github.com/sapphicart/sqli-fuzzer/releases).

## Usage
Use the `--help` switch to read the `OPTIONS` available.
```bash
$ sqlifuzzer --help
Usage: sqlifuzzer.py [OPTIONS]

Options:
-u, --url TEXT The URL to fuzz
-v, --verify BOOLEAN SSL certificate verification. Default True
-w, --wordlist TEXT /path/to/wordlist.txt
--help Show this message and exit.
```
Example:
```bash
$ sqlifuzzer -u https://redtiger.labs.overthewire.org/level1.php -v False -w url_fuzz.txt
```

## Notes
A generic wordlist named `url_fuzz.txt` is available in the source code. You can use this wordlist or create your own!

Upcoming features:
- Input parameters fuzzing
- HTTP Verbs (GET, POST, PUT) fuzzing
- Diverse wordlist

## Contributions
All contributions are welcome. Just fork this repository, make your changes and open a pull request!

## License
Distributed under [MIT](LICENSE) License.