Project Address: Sqliscanner
Brief introduction
Corporation a passive SQL injection vulnerability scanning Tool based on Sqlmap and Charles
A module isolated from the internal security platform supporting the scanning of Har files (with Charles use: Tools=>auto Save)
Characteristics
- Mailbox Notifications
- Task statistics
- Sqlmap reproducing command generation
Depend on
- Python 3.x
- Django 1.9
- PostgreSQL
- Celery
- Sqlmap
- Redis
Support Platform
Installation
Cloning a project to a local
git clone https://github.com/0xbug/SQLiScanner.git --depth 1
Configuration Sqlmap:
git clone https://github.com/sqlmapproject/sqlmap.git --depth 1
Sqliscanner supports Python version 3.x on Linux and OSX.
Installation dependencies
cd SQLiScanner/virtualenv --python=/usr/local/bin/python3.5 venvsource venv/bin/activatepip install -r requirements.txt
Create a database (requires configuration database)
python manage.py makemigrations scannerpython manage.py migrate
Create Superuser
python manage.py createsuperuser
Set up
Database Settings
SQLiScanner/settings.py:85
DATABASES = { ‘default‘: { ‘ENGINE‘: ‘django.db.backends.postgresql‘, ‘NAME‘: ‘‘, ‘USER‘: ‘‘, ‘PASSWORD‘: ‘‘, ‘HOST‘: ‘127.0.0.1‘, ‘PORT‘: ‘5432‘, }}
Email notification configuration
SQLiScanner/settings.py:152
# EmailEMAIL_BACKEND = ‘django.core.mail.backends.smtp.EmailBackend‘EMAIL_USE_TLS = FalseEMAIL_HOST = ‘‘EMAIL_PORT = 25EMAIL_HOST_USER = ‘‘EMAIL_HOST_PASSWORD = ‘‘DEFAULT_FROM_EMAIL = ‘‘
scanner/tasks.py:13
class SqlScanTask(object): def __init__(self, sqli_obj): self.api_url = "http://127.0.0.1:8775" self.mail_from = "" self.mail_to = [""]
Run
-s -p 8775python manage.py celery worker --loglevel=infopython manage.py runserver
* This article is submitted blur, reprint must indicate from freebuf.com
Sqliscanner: A passive SQL injection vulnerability scanning Tool based on Sqlmap and Charles