GourdScanV2 SQL Passive Scan Platform Setup

Project Address: https://github.com/ysrc/GourdScanV2

Build Environment: Kali Linux

1. First install the Redis-server

Root@kali: ~#  apt-get Install Redis-server

PS: Run redis-server --version to see your own version, be aware of the 2.x version of Redis will be problematic

2. Get the project source code

Root@kali: ~#  git clone https://github.com/ysrc/GourdScanV2.git

3. Try to run

Root@kali: ~/gourdscanv2#root@kali: ~/gourdscanv2#  python gourdscan.py

Error running, warning missing Redis module, installing the module using PIP

Root@kali: ~#  pip install Redis

In addition, the default installation of Redis-server default is no password, the default redis-server password for the project is: y3rc_alw4ys_b3_w1th_y0u

You will need to change the password for Redis at this time.

4. Configure the Redis-server password

Using the VI command to open the redis.conf file, first use character matching to find the corresponding location to the Requirepass foobared, then modify the foobared to the desired password and delete the # comment before the current line, and then save the exit.

Save exit

5. Try to run

Then access the Kali 8000 port

Default login account password: admin:y3rc_admin

Enter config option to change password:

Go to scan config configuration scanning option, I use the default scan option, access a certain injection of the vulnerability is not scanned out, so configure SQLMAPAPI, call Sqlmap to scan

Turn off the other three options and choose Sqlmap Config

6. Enable Sqlmapapi

Root@kali: ~#  cd/usr/share/sqlmap/root@kali:/usr/share/sqlmap#  Python sqlmapapi.py-s

Set the agent platform listening Port here, then start the Proxy service, configure the browser agent.

GourdScanV2 SQL Passive Scan Platform Setup