BBQSQL

BBQSQL Package Description

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
Similar to other SQL injection tools you provide certain request information.
Must provide the usual information:
  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies
Then specify where the injection is going and what syntax we are injecting.
Source: https://github.com/Neohapsis/bbqsql/
BBQSQL Homepage | Kali BBQSQL Repo
  • Author: BBQSQL
  • License: BSD

Tools included in the bbqsql package

bbqsql – SQL Injection Exploitation Tool
The Blind SQL Injection Exploitation Tool.

bbqsql Usage Example

root@kali:~# bbqsql
    _______   _______    ______    ______    ______   __      
   |       \ |       \  /      \  /      \  /      \ |  \    
   | $$$$$$$\| $$$$$$$\|  $$$$$$\|  $$$$$$\|  $$$$$$\| $$    
   | $$__/ $$| $$__/ $$| $$  | $$| $$___\$$| $$  | $$| $$    
   | $$    $$| $$    $$| $$  | $$ \$$    \ | $$  | $$| $$    
   | $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$    
   | $$__/ $$| $$__/ $$| $$/ \ $$|  \__| $$| $$/ \ $$| $$_____
   | $$    $$| $$    $$ \$$ $$ $$ \$$    $$ \$$ $$ $$| $$     \
    \$$$$$$$  \$$$$$$$   \$$$$$$\  \$$$$$$   \$$$$$$\ \$$$$$$$$
                     \$$$                \$$$

                   _.(-)._
                .'         '.
               / 'or '1'='1  \
               |'-...___...-'|
                \    '='    /
                 `'._____.'`
                  /   |   \
                 /.--'|'--.\
              []/'-.__|__.-'\[]
                      |
                     []

    BBQSQL injection toolkit (bbqsql)        
    Lead Development: Ben Toews(mastahyeti)        
    Development: Scott Behrens(arbit)        
    Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)  
    SET is located at: http://www.secmaniac.com(SET)  
    Version: 1.0              
   
    The 5 S's of BBQ:
    Sauce, Spice, Smoke, Sizzle, and SQLi
   


 Select from the menu:

   1) Setup HTTP Parameters
   2) Setup BBQSQL Options
   3) Export Config
   4) Import Config
   5) Run Exploit
   6) Help, Credits, and About

  99) Exit the bbqsql injection toolkit

bbqsql>

Comments

Post a Comment

Popular posts from this blog

How to trace someone ip and location?

How to trace someone ip and location?    This tutorial for education purpose only we don't responsible for any thing.Spying into someone's mobile without his/her permission is illegal.Please proceed in own risk. Our channel and blog intend to violate Community Guidelines.   Hi friends,                    I am giving information you about social engineering.All most hacking attacks are doing with this trick.Social engineering is one types of spamming. Means "Hathike dath kaneke or Dikane ke or".                   This time I would teach only trace someone public IP.You all know using IP we can trace all details like location,browser.API and etc.  Steps of finding someone IP     1.Go to  IP logger / Geabify IP logger /Blasze IP logger But I will give only IP logger`s example 2.Then Go to " Invisible Image " 3.Then click "Generat...
Read more

how to install metasploit kali linux

Hi, I have Kali Linux App from the App Store on Windows Subsystem for Linux and Windows 10 Host. I also have Kali Linux 2 on VMware but that's not the problem. I'm trying to install Metasploit on the Kali App. I've entered: sudo su apt-get -y install build-essential zlib1g zlib1g-dev libxml2 libxml2-dev libxslt-dev locate libreadline6-dev libcurl4-openssl-dev git-core libssl-dev libyaml-dev openssl autoconf libtool ncurses-dev bison curl wget postgresql postgresql-contrib libpq-dev libapr1 libaprutil1 libsvn1 libpcap-dev apt-get install git-core postgresql curl ruby1.9.3 nmap gem gem install wirble sqlite3 bundler cd /opt git clone https://github.com/rapid7/metasploit-framework.git   cd metasploit-framework bundle install ./msfconsole Everything worked fine and Metasploit starts up with no problems. Now I'm trying to setup the database. I enter: su postgres createuser msf -P -S -R -D createdb -O msf msf exit I get the error:...
Read more

twofi

twofi Package Description When attempting to crack passwords custom word lists are very useful additions to standard dictionaries. An interesting idea originally released on the “7 Habits of Highly Effective Hackers” blog was to use Twitter to help generate those lists based on searches for keywords related to the list that is being cracked. This idea has been expanded into twofi which will take multiple search terms and return a word list sorted by most common first. Source: https://digi.ninja/projects/twofi.php twofi Homepage | Kali twofi Repo Author: Robin Wood License: Creative Commons Attribution-Share Alike 2.0 Tools included in the twofi package twofi – Twitter words of interest root@kali:~# twofi -h twoif 2.0-beta Robin Wood (robin@digininja.org) (www.digininja.org) twoif - Twitter Words of Interest Usage: twoif [OPTIONS]     --help, -h: show help     --config <file>: config file, default is twofi.yml     --count...
Read more