SQLmap是一款用来检测与利用SQL注入漏洞的免费开源工具,有一个非常棒的特性,即对检测与利用的自动化处理(数据库指纹、访问底层文件系统、执行命令)。SQLMAP-Web-GUI是一款使用PHP作为前端程序开发的Web版SQLMAP,和命令行版一样功能非常齐全。
Here is a few quick videos I made to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI.
Demo against: Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005
- YOUTUBE: http://youtu.be/8MRew20Q1xE
Demo against: Linux (CentOS), Apache, MySQL, PHP
- YOUTUBE: http://youtu.be/cs2Gvss0v-k
Blog Write-Up: http://kaoticcreations.blogspot.com/
Requirements:
- Linux, Apache, PHP (check your favorite distro's wiki or forum pages, or use google)
- PHP 5.3+ is suggested, older versions not tests so mileage may vary
- Python and any SQLMAP dependencies (refer to their wiki for any help there)
- Clone this repo to your machine
- Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
- Copy the entire sqlmap/ directory and contents to your web root directory (cd SQLMAP-Web-GUI && cp -R sqlmap/ /var/www/)
- When you want to use, simply fire up the sqlmap API server (python /home/user/tools/sqlmap/sqlmapapi.py -s)
- Then you can navigate to the Web GUI address in your Browser to begin (firefox http://127.0.0.1/sqlmap/index.php)
项目主页:http://www.open-open.com/lib/view/home/1435627850310