codewatchorg/sqlipy

Stars
251
Rank 161,862 (Top 4 %)
Language
Python
License
The Unlicense
Created about 10 years ago
Updated 5 months ago

codewatchorg/sqlipy

codewatchorg

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

sqlipy

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan.

Requirements

Jython 2.7 (up to 2.7.2) DO NOT USE Jython 2.7.3, it has a bug that will cause the extension to fail Java 1.7 or 1.8 (the beta version of Jython 2.7 requires this)

Note: Newer versions of Java do appear to work. Testing with jdk-11.0.7 works fine and newer versions are expected to work as well.

Usage

SQLiPy relies on a running instance of the SQLMap API server. You can manually start the server with:

  python sqlmapapi.py -s -H <ip> -p <port>

Or, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system.

Once the SQLMap API is running, it is just a matter of right mouse clicking in the 'Request' sub tab of either the Target or Proxy main tabs and choosing 'SQLiPy Scan'.

This will populate the SQLMap Scanner tab of the plugin with information about that request. Clicking the 'Start Scan' button will execute a scan.

If the page is vulnerable to SQL injection, then a thread from the plugin will poll the results and add them to the Scanner Results tab.

For more information, see the post here: https://www.codewatch.org/blog/?p=402

bypasswaf

Add headers to all Burp requests to bypass some WAF products

SideStep

Yet another AV evasion tool

cpscam

Bypass captive portals by impersonating inactive users

Burp-UserAgent

Automatically modify the User-Agent header in all Burp requests

Burp-Yara-Rules

Yara rules to be used with the Burp Yara-Scanner extension

Burp-AnonymousCloud

Burp extension that performs a passive scan to identify cloud buckets and then test them for publicly accessible vulnerabilities

Burp-IndicatorsOfVulnerability

Burp extension that checks application requests and responses for indicators of vulnerability or targets for attack

PowerSniper

Password spraying script and helper for creating password lists

gophish

GoPhish is a phishing script that enables rapid deployment of phishing sites.

jnlpdownloader

jnlpdownloader is a Python script that takes a URL to a JNLP and downloads all the associated JARs and native libraries. Another Java based tool exists that provides this functionality, but this Python version extends the capabilities to include the ability to authenticate with BASIC, DIGEST, NTLM, or cookie authentication.

OfficeCracker

Tool to bruteforce Word, Excel, and PowerPoint office document passwords

dirscalate

Dirscalate helps escalate a directory traversal vulnerability to root access (hopefully)

nacpersonate

The nacpersonate script uses configuration files to impersonate an OS likely to be allowed through the device without special authentication. The tool spoofs TCP and IP options as well as the User-Agent header sent in requests to appear to be from the selected OS.

droidboxhelper

A slight modification to the droidbox source and a helper file to convert the output into a more legible/readable form.

CloudKeyHunter

Scan targets via SMB for cloud key files on Windows systems

p2e

Process to escalate to, or p2e, identifies processes on remote hosts running under potentially privileged accounts to be used for escalation in penetration tests