免费开源的SQL注入工具SQLmap.zip
SQLmap是一款用来检测与利用SQL注入漏洞的免费开源工具,有一个非常棒的特性,即对检测与利用的自动化处理(数据库指纹、访问底层文件系统、执行命令)。
读者可以通过位于SourceForge的官方网站下载SQLmap源码:http://sourceforge.net/projects/sqlmap/
什么是SQL注入?
SQL注入是一种代码注入技术,过去常常用于攻击数据驱动性的应用,比如将恶意的SQL代码注入到特定字段用于实施拖库攻击等。SQL注入的成功必须借助应用程序的安全漏洞,例如用户输入没有经过正确地过滤(针对某些特定字符串)或者没有特别强调类型的时候,都容易造成异常地执行SQL语句。SQL注入是网站渗透中最常用的攻击技术,但是其实SQL注入可以用来攻击所有的SQL数据库。在这个指南中我会向你展示在Kali Linux上如何借助SQLMAP来渗透一个网站(更准确的说应该是数据库),以及提取出用户名和密码信息。
什么是SQLMAP?
SQLMAP是一个开源的渗透测试工具,它主要用于自动化地侦测和实施SQL注入攻击以及渗透数据库服务器。SQLMAP配有强大的侦测引擎,适用于高级渗透测试用户,不仅可以获得不同数据库的指纹信息,还可以从数据库中提取数据,此外还能够处理潜在的文件系统以及通过带外数据连接执行系统命令等。
访问SQLMAP的官方网站http://www.sqlmap.org可以获得SQLMAP更为详细的介绍,如它的多项特性,最为突出的是SQLMAP完美支持MySQL、Oracle、PostgreSQL、MS-SQL与Access等各种数据库的SQL侦测和注入,同时可以进行六种注入攻击。
还有很重要的一点必须说明:在你实施攻击之前想想那些网站的建立者或者维护者,他们为网站耗费了大量的时间和努力,并且很有可能以此维生。你的行为可能会以你永远都不希望的方式影响到别人。我想我已经说的够清楚了。(PS:请慎重攻击,不要做违法的事情)
PS:之前在wooyun上看了一些关于SQLMAP的文章,受益匪浅,今天翻译这篇文章,是希望对于如何使用SQLMAP提供一个基本的框架,SQL注入的原理以及SQLMAP详细的命令参数和不同的应用实例可以参考下面的文章:
SQL注射原理:http://drops.wooyun.org/papers/59
SQLMAP用户手册:http://drops.wooyun.org/tips/143
SQLMAP实例COOKBOOK:http://drops.wooyun.org/tips/1343
SQLmap的作者是谁?
Bernardo DameleAssumpcao Guimaraes (@inquisb),读者可以通过[email protected]与他取得联系,以及Miroslav Stampar (@stamparm)读者可以通过[email protected]与他联系。
[email protected]者联系。
相关教程请参考:
http://www.cnblogs.com/waw/p/5140555.html
http://www.freebuf.com/articles/web/29942.html
测试注入的效果图:
标签:sql注入
标签:sql注入
文件下载
资源详情
[{"title":"( 515 个子文件 7.37MB ) 免费开源的SQL注入工具SQLmap.zip","children":[{"title":"stager.asp_ <span style='color:#111;'> 1.17KB </span>","children":null,"spread":false},{"title":"backdoor.asp_ <span style='color:#111;'> 243B </span>","children":null,"spread":false},{"title":"stager.aspx_ <span style='color:#111;'> 529B </span>","children":null,"spread":false},{"title":"backdoor.aspx_ <span style='color:#111;'> 417B </span>","children":null,"spread":false},{"title":"AUTHORS <span style='color:#111;'> 190B </span>","children":null,"spread":false},{"title":"icmpsh-s.c <span style='color:#111;'> 9.12KB </span>","children":null,"spread":false},{"title":"icmpsh-m.c <span style='color:#111;'> 3.87KB </span>","children":null,"spread":false},{"title":"COMMITMENT <span style='color:#111;'> 2.04KB </span>","children":null,"spread":false},{"title":"sqlmap.conf <span style='color:#111;'> 20.51KB </span>","children":null,"spread":false},{"title":"runcmd.cpp <span style='color:#111;'> 1.32KB </span>","children":null,"spread":false},{"title":"stdafx.cpp <span style='color:#111;'> 293B </span>","children":null,"spread":false},{"title":"lib_mysqludf_sys.dll_ <span style='color:#111;'> 5.14KB </span>","children":null,"spread":false},{"title":"lib_postgresqludf_sys.dll_ <span style='color:#111;'> 4.66KB </span>","children":null,"spread":false},{"title":"lib_postgresqludf_sys.dll_ <span style='color:#111;'> 4.65KB </span>","children":null,"spread":false},{"title":"lib_postgresqludf_sys.dll_ <span style='color:#111;'> 4.64KB </span>","children":null,"spread":false},{"title":"lib_mysqludf_sys.dll_ <span style='color:#111;'> 4.44KB </span>","children":null,"spread":false},{"title":"lib_postgresqludf_sys.dll_ <span style='color:#111;'> 4.13KB </span>","children":null,"spread":false},{"title":"runcmd.exe_ <span style='color:#111;'> 36.33KB </span>","children":null,"spread":false},{"title":"icmpsh.exe_ <span style='color:#111;'> 6.84KB </span>","children":null,"spread":false},{"title":"shellcodeexec.x32.exe_ <span style='color:#111;'> 2.69KB </span>","children":null,"spread":false},{"title":".gitattributes <span style='color:#111;'> 275B </span>","children":null,"spread":false},{"title":".gitignore <span style='color:#111;'> 77B </span>","children":null,"spread":false},{"title":"stdafx.h <span style='color:#111;'> 516B </span>","children":null,"spread":false},{"title":"index.html <span style='color:#111;'> 5.79KB </span>","children":null,"spread":false},{"title":"data.json <span style='color:#111;'> 58.54KB </span>","children":null,"spread":false},{"title":"stager.jsp_ <span style='color:#111;'> 1.29KB </span>","children":null,"spread":false},{"title":"backdoor.jsp_ <span style='color:#111;'> 359B </span>","children":null,"spread":false},{"title":"LICENSE <span style='color:#111;'> 18.44KB </span>","children":null,"spread":false},{"title":"LICENSE <span style='color:#111;'> 1.37KB </span>","children":null,"spread":false},{"title":"LICENSE <span style='color:#111;'> 1.05KB </span>","children":null,"spread":false},{"title":"CHANGELOG.md <span style='color:#111;'> 32.36KB </span>","children":null,"spread":false},{"title":"THANKS.md <span style='color:#111;'> 24.43KB </span>","children":null,"spread":false},{"title":"THIRD-PARTY.md <span style='color:#111;'> 14.60KB </span>","children":null,"spread":false},{"title":"README.md <span style='color:#111;'> 4.79KB </span>","children":null,"spread":false},{"title":"README-gr-GR.md <span style='color:#111;'> 4.33KB </span>","children":null,"spread":false},{"title":"README-uk-UA.md <span style='color:#111;'> 4.30KB </span>","children":null,"spread":false},{"title":"README-ru-RUS.md <span style='color:#111;'> 4.30KB </span>","children":null,"spread":false},{"title":"README-bg-BG.md <span style='color:#111;'> 4.17KB </span>","children":null,"spread":false},{"title":"README-ja-JP.md <span style='color:#111;'> 3.67KB </span>","children":null,"spread":false},{"title":"README-es-MX.md <span style='color:#111;'> 3.53KB </span>","children":null,"spread":false},{"title":"README-fr-FR.md <span style='color:#111;'> 3.43KB </span>","children":null,"spread":false},{"title":"CONTRIBUTING.md <span style='color:#111;'> 3.42KB </span>","children":null,"spread":false},{"title":"README-it-IT.md <span style='color:#111;'> 3.38KB </span>","children":null,"spread":false},{"title":"README-pl-PL.md <span style='color:#111;'> 3.32KB </span>","children":null,"spread":false},{"title":"README-de-GER.md <span style='color:#111;'> 3.29KB </span>","children":null,"spread":false},{"title":"README-pt-BR.md <span style='color:#111;'> 3.28KB </span>","children":null,"spread":false},{"title":"README-hr-HR.md <span style='color:#111;'> 3.28KB </span>","children":null,"spread":false},{"title":"README-id-ID.md <span style='color:#111;'> 3.16KB </span>","children":null,"spread":false},{"title":"CODE_OF_CONDUCT.md <span style='color:#111;'> 3.14KB </span>","children":null,"spread":false},{"title":"README-tr-TR.md <span style='color:#111;'> 3.13KB </span>","children":null,"spread":false},{"title":"README-zh-CN.md <span style='color:#111;'> 3.03KB </span>","children":null,"spread":false},{"title":"bug_report.md <span style='color:#111;'> 865B </span>","children":null,"spread":false},{"title":"feature_request.md <span style='color:#111;'> 608B </span>","children":null,"spread":false},{"title":"FAQ.pdf <span style='color:#111;'> 304.89KB </span>","children":null,"spread":false},{"title":"README.pdf <span style='color:#111;'> 482.64KB </span>","children":null,"spread":false},{"title":"backdoor.php_ <span style='color:#111;'> 469B </span>","children":null,"spread":false},{"title":"stager.php_ <span style='color:#111;'> 379B </span>","children":null,"spread":false},{"title":"icmpsh-m.pl <span style='color:#111;'> 2.09KB </span>","children":null,"spread":false},{"title":"common.py <span style='color:#111;'> 173.88KB </span>","children":null,"spread":false},{"title":"bottle.py <span style='color:#111;'> 148.98KB </span>","children":null,"spread":false},{"title":"clientform.py <span style='color:#111;'> 123.79KB </span>","children":null,"spread":false},{"title":"xdot.py <span style='color:#111;'> 94.29KB </span>","children":null,"spread":false},{"title":"option.py <span style='color:#111;'> 92.13KB </span>","children":null,"spread":false},{"title":"gprof2dot.py <span style='color:#111;'> 82.17KB </span>","children":null,"spread":false},{"title":"big5freq.py <span style='color:#111;'> 80.66KB </span>","children":null,"spread":false},{"title":"beautifulsoup.py <span style='color:#111;'> 78.12KB </span>","children":null,"spread":false},{"title":"checks.py <span style='color:#111;'> 72.36KB </span>","children":null,"spread":false},{"title":"connect.py <span style='color:#111;'> 65.97KB </span>","children":null,"spread":false},{"title":"agent.py <span style='color:#111;'> 50.54KB </span>","children":null,"spread":false},{"title":"databases.py <span style='color:#111;'> 49.02KB </span>","children":null,"spread":false},{"title":"jisfreq.py <span style='color:#111;'> 46.21KB </span>","children":null,"spread":false},{"title":"hash.py <span style='color:#111;'> 45.34KB </span>","children":null,"spread":false},{"title":"euckrfreq.py <span style='color:#111;'> 44.90KB </span>","children":null,"spread":false},{"title":"cmdline.py <span style='color:#111;'> 42.54KB </span>","children":null,"spread":false},{"title":"settings.py <span style='color:#111;'> 38.93KB </span>","children":null,"spread":false},{"title":"gb2312freq.py <span style='color:#111;'> 35.17KB </span>","children":null,"spread":false},{"title":"euctwfreq.py <span style='color:#111;'> 34.05KB </span>","children":null,"spread":false},{"title":"controller.py <span style='color:#111;'> 32.29KB </span>","children":null,"spread":false},{"title":"inference.py <span style='color:#111;'> 32.04KB </span>","children":null,"spread":false},{"title":"api.py <span style='color:#111;'> 31.79KB </span>","children":null,"spread":false},{"title":"__init__.py <span style='color:#111;'> 31.69KB </span>","children":null,"spread":false},{"title":"target.py <span style='color:#111;'> 31.06KB </span>","children":null,"spread":false},{"title":"entries.py <span style='color:#111;'> 28.42KB </span>","children":null,"spread":false},{"title":"metasploit.py <span style='color:#111;'> 27.75KB </span>","children":null,"spread":false},{"title":"users.py <span style='color:#111;'> 27.72KB </span>","children":null,"spread":false},{"title":"dump.py <span style='color:#111;'> 27.26KB </span>","children":null,"spread":false},{"title":"pyDes.py <span style='color:#111;'> 26.86KB </span>","children":null,"spread":false},{"title":"search.py <span style='color:#111;'> 26.15KB </span>","children":null,"spread":false},{"title":"fcrypt.py <span style='color:#111;'> 26.14KB </span>","children":null,"spread":false},{"title":"identYwaf.py <span style='color:#111;'> 25.27KB </span>","children":null,"spread":false},{"title":"inject.py <span style='color:#111;'> 22.30KB </span>","children":null,"spread":false},{"title":"keepalive.py <span style='color:#111;'> 22.17KB </span>","children":null,"spread":false},{"title":"use.py <span style='color:#111;'> 20.49KB </span>","children":null,"spread":false},{"title":"use.py <span style='color:#111;'> 19.50KB </span>","children":null,"spread":false},{"title":"mbcssm.py <span style='color:#111;'> 19.13KB </span>","children":null,"spread":false},{"title":"jpcntx.py <span style='color:#111;'> 18.89KB </span>","children":null,"spread":false},{"title":"sgmllib.py <span style='color:#111;'> 17.85KB </span>","children":null,"spread":false},{"title":"web.py <span style='color:#111;'> 17.84KB </span>","children":null,"spread":false},{"title":"enumeration.py <span style='color:#111;'> 17.53KB </span>","children":null,"spread":false},{"title":"takeover.py <span style='color:#111;'> 17.43KB </span>","children":null,"spread":false},{"title":"......","children":null,"spread":false},{"title":"<span style='color:steelblue;'>文件过多,未全部展示</span>","children":null,"spread":false}],"spread":true}]
评论信息
其他资源
- Q.CSG 11109004-2013计量自动化终端上行通信规约中国南方电网企业标准
- flash人物动画
- STM8S105C6 ADC三通道采样实例-调试可用
- opencv车辆识别、标记并计数
- ASP.NET投票系统课程设计作业
- 图书管理系统+Java源代码+SQL Server数据库文件
- 精美网站模板,div+css模板,html模板,管理员网站模板01
- GIS工程设计与开发课程结业项目(小型GIS系统)
- 基于单片机的恒温箱设计
- osgeo4w下载的pdal库
- A星算法实现路径规划
- 含遮挡人脸库
- 成都理工大学《基础会计学》历年期末考试试卷(含答案).pdf
- TSQLFundamentals2008.sql
- SecureCRT and SecureFX8.5.rar
- 自适应各终端懒人网址导航源码v2.4.zip
- artemis-odb:流行的Artemis ECS框架的延续-源码
- doswf 破解版
- 论文研究-基于小波包-AR谱和深度学习的轴承故障诊断研究.pdf
- MiniGUI学习的十几个经典例子,非常适合初学者
- c# 基于ftp下载文件 自动升级,调试通过
- sg3525参考电路
免责申明
【只为小站】的资源来自网友分享,仅供学习研究,请务必在下载后24小时内给予删除,不得用于其他任何用途,否则后果自负。基于互联网的特殊性,【只为小站】 无法对用户传输的作品、信息、内容的权属或合法性、合规性、真实性、科学性、完整权、有效性等进行实质审查;无论 【只为小站】 经营者是否已进行审查,用户均应自行承担因其传输的作品、信息、内容而可能或已经产生的侵权或权属纠纷等法律责任。
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明
本站所有资源不代表本站的观点或立场,基于网友分享,根据中国法律《信息网络传播权保护条例》第二十二条之规定,若资源存在侵权或相关问题请联系本站客服人员,zhiweidada#qq.com,请把#换成@,本站将给予最大的支持与配合,做到及时反馈和处理。关于更多版权及免责申明参见 版权及免责申明