Sqlmap is a free open source tool for detecting and exploiting SQL injection vulnerabilities, with a great feature of automated processing of detection and utilization (database fingerprinting, access to the underlying file system, execution of commands). Sqlmap-web-gui is a Web version of Sqlmap that is developed using PHP as a front-end program, and is as versatile as the command-line version.
Here are a few quick videos I made to show this almost all of the your usual SQLMAP command line functionality is still POSSIBL E via this Web GUI.
Demo against:windows 2003 Server, iis/6.0 + ASP + ms-sql 2005
- Youtube:http://youtu.be/8mrew20q1xe
Demo Against:linux (CentOS), Apache, MySQL, PHP
- Youtube:http://youtu.be/cs2gvss0v-k
Blog write-up:http://kaoticcreations.blogspot.com/
Requirements:
- Linux, Apache, PHP (check your favorite distro ' s wiki or forum pages, or use Google)
- PHP 5.3+ is suggested, older versions not tests so mileage may vary
- Python and any sqlmap dependencies (refer to their wiki for all help there)
- Clone this repo-your machine
- Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
- Copy the entire sqlmap/directory and contents to your Web root directory (CD Sqlmap-web-gui && cp-r sqlmap//var /www/)
- When you want to use, simply fire up the Sqlmap API server (python/home/user/tools/sqlmap/sqlmapapi.py-s)
- Then your can navigate to the Web GUI address in your Browser to begin (Firefox http://127.0.0.1/sqlmap/index.php)
Project home:http://www.open-open.com/lib/view/home/1435627850310