Skip to content

A python based cross-platform tool that automates the process of detecting and exploiting error-based injection security flaws.

License

Notifications You must be signed in to change notification settings

r0oth3x49/Xpath

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

96 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

GitHub release GitHub stars GitHub forks GitHub issues GitHub license

Xpath

A python based cross-platform tool that automates the process of detecting and exploiting error-based injection security flaws.

Xpath3-0.png

Requirements

  • Python 3
  • Python pip3
  • Python module requests
  • Python module colorama
  • Python module chardet

Module Installation

pip install -r requirements.txt

Tested on

  • Windows 7/8/8.1/10
  • Ubuntu-LTS (tested with super user)

Download Xpath

You can download the latest version of Xpath by cloning the GitHub repository.

git clone https://github.com/r0oth3x49/Xpath.git

Features

  • Supports error based MySQL/PostgreSQL/MSSQL injections.
  • Supports all types (HEADERS/COOKIE/POST/GET) for the listed dbms.
  • Added switch to support proxy option --proxy.
  • Added swicth to force SSL connection --force-ssl.
  • Ability to search for db/table/column --search.

Advanced Usage


Author: Nasir khan (r0ot h3x49)

usage: python xpath.py -u URL [OPTIONS]

A cross-platform python based automated tool to detect and exploit error-based sql injections.

General:
  -h, --help          Shows the help.
  --version           Shows the version.
  -v VERBOSE          Verbosity level: 1-5 (default 1).
  --batch             Never ask for user input, use the default behavior
  --flush-session     Flush session files for current target

Target:
  At least one of these options has to be provided to define the
  target(s)

  -u URL, --url URL   Target URL (e.g. 'http://www.site.com/vuln.php?id=1).

Request:
  These options can be used to specify how to connect to the target URL

  -A , --user-agent   HTTP User-Agent header value
  -H , --header       Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
  --host              HTTP Host header value
  --data              Data string to be sent through POST (e.g. "id=1")
  --cookie            HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
  --referer           HTTP Referer header value
  --headers           Extra headers (e.g. "Accept-Language: fr\nETag: 123")
  --proxy             Use a proxy to connect to the target URL
  --force-ssl         Force usage of SSL/HTTPS

Detection:
  These options can be used to customize the detection phase

  --level             Level of tests to perform (1-3, default 1)

Techniques:
  These options can be used to tweak testing of specific SQL injection
  techniques

  --technique TECH    SQL injection techniques to use (default "XEFDBGJ")

Enumeration:
  These options can be used to enumerate the back-end database
  managment system information, structure and data contained in the
  tables.

  -b, --banner        Retrieve DBMS banner
  --current-user      Retrieve DBMS current user
  --current-db        Retrieve DBMS current database
  --hostname          Retrieve DBMS server hostname
  --dbs               Enumerate DBMS databases
  --tables            Enumerate DBMS database tables
  --columns           Enumerate DBMS database table columns
  --dump              Dump DBMS database table entries
  --search            Search column(s), table(s) and/or database name(s)
  -D DB               DBMS database to enumerate
  -T TBL              DBMS database tables(s) to enumerate
  -C COL              DBMS database table column(s) to enumerate

Example:
  python xpath.py http://www.site.com/vuln.php?id=1 --dbs

Legal disclaimer

Usage of xpath for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local,state and federal laws. 
Developer assume no liability and is not responsible for any misuse or damage caused by this program.

TODO

  • Add support for all other DBMS injection
  • Add support to multitarget injection from file.
  • Add support for union based/booelan/time based SQL injections.

About

A python based cross-platform tool that automates the process of detecting and exploiting error-based injection security flaws.

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Languages