Asqlmap is a terminal interface to automatize the famous SQL Injection's tool sqlmap. It provides a very simple interface to quickly perform sqlmap's tests on a specific target.
This version of asqlmap was tested on Parrot Security.
Asqlmap is very simple to use: you only need to specify the target. Then you can choose which test you want to perform.
- Vulnerability check and information research (Databases,tables)
- Users, passwords and privileges research
- Open SQL Shell
- Open OS Shell
- Dump single table (CSV)
- Dump single table (HTML)
- Dump single database (CSV)
- Dump single database (HTML)
- Dump all databases (CSV)
- Dump all databases (HTML)
- Retrieve everything (CSV) - can take a long time!
- Retrieve everything (HTML) - can take a long time!
asqlmap is pre-configured to keeps your anonymity safe using Tor for every operation and using a random User Agent for each test.
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.
For further information about sqlmap visit their github webpage: https://github.com/sqlmapproject/sqlmap
- sqlmap
- Tor (Start Tor on all the system before running asqlmap)
Before you can run asqlmap you need to set execution permission
chmod +x asqlmap.sh
USAGE:
./asqlmap.sh "URL" [OPTIONS]
Options after URL:
-r <risk value> Risk of test to perform (0-3, default 1)
-l <level value> Level of test to perform (1-5, default 1)
-t <# of threads> Number of threads (1-10, default 1)
Options without URL:
-g <google dork> Search for Google Dorks
-purge-output Securely erase the sqlmap output directory
-h,-help Show this help
-v Show the version of asqlmap
Eg. ./asqlmap.sh "http://www.example.com" -r 2 -l 3
NOTE: Don't forget to add " at the beginning and at the end of the URL to support more than one GET variables.
See sqlmap documentation to understand risk (https://github.com/sqlmapproject/sqlmap/wiki/Usage#risk) and level (https://github.com/sqlmapproject/sqlmap/wiki/Usage#level) options
Eg. ./asqlmap.sh -g "inurl:index.php?id="
To scan a website for Google Dork
Eg. ./asqlmap.sh -g "site:http://www.example.com ext:php"
None at the moment