Skip to main content

BBSQL and new injection tool written in python

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

Summary

We tried to write the tool in such a way that it would be very self explanatory when setting up an attack in the UI. However, for sake of thoroughness we have included a detailed Readme that should provide you additional insight on the specifics of each configuration option. One thing to note is that every configuration option in the UI has a description associated with it, so if you do choose to fire up the tool without reading this page you should be able to hack your way through an attack.

High Level Usage

Similar to other SQL injection tools you provide certain request information.
Must provide the usual information:

URLHTTP MethodHeadersCookiesEncoding methodsRedirect behaviorFilesHTTP AuthProxies

Then specify where the injection is going and what syntax we are injecting. Read on for details.

How to Install

This should be straight forward, but what ever is. Try running:

sudo pip install bbqsql

If that doesn’t work for you, you can install from source. The tool requires gevent , requests .

Download now: BBQSQL

Labels:

Comments

Post a Comment

Popular posts from this blog

Kali linux android simply amazing

How to Install and run Kali Linux on any Android Smartphone TUTORIAL FOR INSTALLING AND RUNNING KALI LINUX ON ANDROID SMARTPHONES AND TABLETS Kali Linux is one the best love operating system of white hat hackers, security researchers and pentesters. It offers advanced penetration testing tool and its ease of use means that it should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. Now a days more and more apps are available on Android operating system for smartphones and tablets so it becomes worthwhile to have  it on your smartphone as well. Kali Linux on Android smartphones and tablets allows researchers and pentesters to perform ” security checks” on things like cracking wep Wi-Fi passwords, finding vulnerabilities/bugs or cracking security on websites.  This opens the door to doing this from a mobile device such a...
Post a Comment
Read more

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...
Post a Comment
Read more

Lunix malware havoc

The Krebs DDoS attacks have proven that the IoT landscape is a fertile ground that can breed huge botnets capable of launching massive DDoS assaults. As such, it should be no surprise that malware authors are now focusing their efforts on this sector and putting out new threats in the hopes of building the next Mirai botnet. One of the latest additions to the IoT malware market is a trojan codenamed Linux/NyaDrop, recently reverse engineered by MalwareMustDie, the same researcher who discovered the Mirai malware. MalwareMustDie points out in his research that this binary appeared in May, but was somewhat simplistic and not that common. Things changed after the Krebs DDoS attacks, and a new sample has appeared on the market, with the malware’s author most likely drawn back to the IoT landscape by Mirai’s success. Just like most IoT malware nowadays, NyaDrop’s author relies on brute-forcing Internet-exposed IoT devices using their default credentials. In a conversati...
Post a Comment
Read more