blackops-sql 0.1.6__py3-none-any.whl

blackops_sql-0.1.6.dist-info/METADATA

@@ -0,0 +1,250 @@
+Metadata-Version: 2.4
+Name: blackops-sql
+Version: 0.1.6
+Summary: API-aware SQL injection reconnaissance and validation engine
+Project-URL: Homepage, https://github.com/roc1t1z3not/BlackOpsSQL
+Project-URL: Issues, https://github.com/roc1t1z3not/BlackOpsSQL/issues
+Author: roc1t1z3not
+License: AGPL-3.0-or-later
+License-File: LICENSE
+License-File: NOTICE
+Keywords: bugbounty,pentest,scanner,security,sql-injection,sqli
+Classifier: Development Status :: 4 - Beta
+Classifier: Environment :: Console
+Classifier: Intended Audience :: Information Technology
+Classifier: License :: OSI Approved :: GNU Affero General Public License v3
+Classifier: Operating System :: OS Independent
+Classifier: Programming Language :: Python :: 3
+Classifier: Programming Language :: Python :: 3.10
+Classifier: Programming Language :: Python :: 3.11
+Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
+Classifier: Topic :: Security
+Requires-Python: >=3.10
+Requires-Dist: blackops-cli
+Requires-Dist: blackops-core
+Requires-Dist: blackops-payloads
+Requires-Dist: requests>=2.28.0
+Requires-Dist: urllib3>=1.26.0
+Provides-Extra: browser
+Requires-Dist: blackops-core[browser]; extra == 'browser'
+Provides-Extra: dev
+Requires-Dist: mypy>=1.0; extra == 'dev'
+Requires-Dist: pytest-mock>=3.0; extra == 'dev'
+Requires-Dist: pytest>=8.0; extra == 'dev'
+Requires-Dist: ruff>=0.4; extra == 'dev'
+Requires-Dist: types-requests; extra == 'dev'
+Description-Content-Type: text/markdown
+
+# BlackOpsSQL
+<p align="center">
+  <img src="assets/BlackOpsSQL_logo.png" alt="BlackOpsSQL" width="300"/>
+</p>
+<!-- markdownlint-disable MD033 -->
+<p align="center">
+  <a href="LICENSE">
+    <img src="https://img.shields.io/badge/License-AGPL--3.0-white?style=for-the-badge&logo=opensourceinitiative&logoColor=black" alt="License">
+  </a>
+  <img src="https://img.shields.io/badge/Python-3.10+-black?style=for-the-badge&logo=python&logoColor=white" alt="Python">
+</p>
+<!-- markdownlint-enable MD033 -->
+
+**API-aware SQL injection reconnaissance and validation engine** — detect and extract in one command, across all major backends, with WAF evasion baked in. No Java. No license fees. Drops into a Python pipeline.
+
+
+> BlackOpsSQL is an AGPL-3.0-or-later modified fork of BreachSQL by CommonHuman-Lab.
+
+```bash
+# Install from source (editable install — required on externally-managed Python)
+git clone https://github.com/roc1t1z3not/BlackOpsSQL.git
+cd BlackOpsSQL
+python3 -m venv .venv && source .venv/bin/activate
+pip install -e .
+
+# Scan, exploit, and dump everything — outputs written to target.com/
+blackops-sql -u "https://target.com/item?id=1" --exploit
+
+# Dump a specific table straight from the finding
+blackops-sql -u "https://target.com/item?id=1" --dump users
+```
+
+> Point it at a target. Get findings. Drop it in a pipeline.
+
+---
+
+## Why BlackOpsSQL?
+
+- **Faster** — binary-search boolean extraction, parallel surface probing, no per-request sleep loops
+- **Detect → exploit in one pass** — `--exploit` dumps every discovered table and writes `.txt`, `.json`, and `.html` outputs to a `<host>/` folder automatically; `--dump TABLE` targets a single table
+- **Python API** — `from blackopssql.engine import scan, ScanOptions` — embed it directly in your own tooling or scripts
+- **Scan from spec** — `--openapi` imports every endpoint from a Swagger/OpenAPI file and scans them all
+- **Curated payloads** — backed by [commonhuman-payloads](https://github.com/CommonHuman-Lab/commonhuman-payloads), an auditable, versioned payload library shared across the toolchain
+- **Pipeline-native** — structured JSON output, clean exit codes, no interactive prompts by default
+- **Lightweight** — pure Python 3.10+, no C extensions, no Java, installs in a venv in seconds
+
+---
+
+## Quick Start
+
+```bash
+# Install
+pip install -e .
+
+# GET parameter
+blackops-sql -u "https://target.com/item?id=1"
+
+# POST form
+blackops-sql -u "https://target.com/login" -d "username=admin&password=x"
+
+# JSON body
+blackops-sql -u "https://target.com/api/user" -d '{"user_id": 1}'
+
+# Cookie injection
+blackops-sql -u "https://target.com/profile" --cookie "session_id=abc" --cookie-params session_id
+
+# Path parameter
+blackops-sql -u "https://target.com/item/1" --path-params id
+
+# Time-blind with custom threshold
+blackops-sql -u "https://target.com/search?name=x" --technique T --time-threshold 3
+
+# Specific backend and technique
+blackops-sql -u "https://target.com/users?id=1" --dbms mysql --technique E
+
+# Exploit: dump every table, write target.com/{txt,json,html} automatically
+blackops-sql -u "https://target.com/users?id=1" --exploit
+
+# Dump all rows from a specific table (implies --exploit)
+blackops-sql -u "https://target.com/users?id=1" --dump users
+
+# Dump every table, save results to a custom output stem
+blackops-sql -u "https://target.com/users?id=1" --dump-all -o results/target
+
+# Full multi-technique scan
+blackops-sql -u "https://target.com/report?id=1" --dbms mysql --technique EBTUS --level 2 --risk 2
+
+# Authenticate before scanning
+blackops-sql -u "https://target.com/app/search?q=test" \
+  --login-url "https://target.com/login" \
+  --login-user admin --login-pass secret
+
+# Import all endpoints from an OpenAPI / Swagger spec
+blackops-sql -u "https://target.com/" --openapi https://target.com/openapi.json
+
+# Discover JS-rendered endpoints first, then scan everything
+blackops-sql -u "https://target.com/" --browser-crawl --level 2
+```
+
+---
+
+## Techniques
+
+| Flag | Technique | Description |
+| ---- | --------- | ----------- |
+| `E` | Error-based | Database errors leak schema/data via malformed syntax |
+| `B` | Boolean-blind | True/false response differences reveal data bit by bit |
+| `T` | Time-blind | `SLEEP()` / `pg_sleep()` / `randomblob()` timing confirms injection |
+| `U` | UNION-based | Column-count probing + data extraction via UNION SELECT |
+| `S` | Stacked | Semicolon-delimited second statement injection |
+
+Combine with `-t EBTUS` to run all techniques in a single pass.
+
+---
+
+## Python API
+
+```python
+from blackopssql.engine import scan, ScanOptions
+
+result = scan(
+    "https://target.com/users?id=1",
+    ScanOptions(dbms="mysql", technique="E", risk=1),
+)
+
+print(f"{result.total_findings} finding(s) in {result.duration_s:.1f}s")
+for f in result.error_based:
+    print(f"  [{f.technique}] {f.param} — {f.evidence}")
+```
+
+---
+
+## Options
+
+| Option | Default | Description |
+| ------ | ------- | ----------- |
+| `-u` | — | Target to use |
+| `--crawl` | — | Crawl target |
+| `--dbms` | auto | Target backend: `mysql`, `mariadb`, `postgres`, `sqlite`, `mssql`, `oracle` |
+| `-t` / `--technique` | `EBTUS` | Techniques to run (any combo of E B T U S) |
+| `--level` | `1` | Payload depth: 1 = standard, 2 = extended, 3 = extended + data extraction |
+| `--risk` | `1` | Payload aggression: 1 = low, 2 = medium, 3 = high |
+| `--time-threshold` | `5` | Seconds to consider a time-blind hit (T technique) |
+| `-d` / `--data` | — | POST body — form-encoded or JSON |
+| `--cookie` | — | Cookie string: `name=val; name2=val2` |
+| `--cookie-params` | — | Which cookie names to inject |
+| `--header-params` | — | HTTP header names to inject (e.g. `X-Forwarded-For`) |
+| `--path-params` | — | Path segment names to treat as injection points |
+| `--second-url` | — | Read URL for two-step injection |
+| `--timeout` | `10` | Per-request timeout in seconds |
+| `--login-url` | — | Login form URL — authenticates before scanning |
+| `--login-user` | — | Username for form login |
+| `--login-pass` | — | Password for form login |
+| `--openapi` | — | OpenAPI/Swagger spec file or URL — imports endpoints to scan |
+| `--browser-crawl` | — | Headless Chromium endpoint discovery (requires selenium) |
+| `--exploit` | — | Dump every discovered table; auto-creates `<host>/` and writes `<host>.txt`, `<host>.json`, `<host>.html` |
+| `--dump TABLE` | — | Dump all rows from TABLE using a confirmed injection point (implies `--exploit`) |
+| `--dump-all` | — | Dump every discovered table (implies `--exploit`); use with `-o` to control output path |
+| `-o` | — | Output stem — writes `<name>.txt`, `<name>.json`, `<name>_dump.json` |
+| `--report-html` | — | Write a self-contained HTML report to this file |
+
+---
+
+## Fire Range
+
+The **BreachSQL Fire Range** is a deliberately vulnerable Flask + MySQL + PostgreSQL + SQLite app that ships with [OctoRig](https://github.com/CommonHuman-Lab/OctoRig). It provides injectable endpoints that the scanner is verified against on every change.
+
+```bash
+# Start the Fire Range (OctoRig required)
+./octorig.sh start breachsql
+
+# Run the full end-to-end test suite
+pytest tests/test_firerange.py -v
+```
+
+→ [Fire Range README](https://github.com/CommonHuman-Lab/OctoRig/tree/main/labs/firerange)
+
+---
+
+## Install from source
+
+```bash
+git clone https://github.com/roc1t1z3not/BlackOpsSQL.git
+cd BlackOpsSQL
+python3 -m venv .venv && source .venv/bin/activate
+pip install -e .
+pip install -e ".[dev]"   # + pytest, mypy, ruff
+```
+
+Requires Python 3.10+. No C extensions. On Kali and other Debian-based systems, the virtual env is required — system Python is externally managed.
+
+---
+
+## Legal & Ethical Use
+
+Only run BlackOpsSQL against applications you own or have explicit written authorization to test. Authorized use includes penetration testing engagements, bug bounty programs within defined scope, and CTF competitions.
+
+`--exploit`, `--dump`, and `--dump-all` extract live database content — only use them where data extraction is explicitly permitted by your engagement scope.
+
+The authors accept no liability for unauthorized or illegal use.
+
+---
+
+## License
+
+Licensed under the [AGPLv3](LICENSE). You are free to use, modify, and distribute this software. If you run it as a service or distribute it, the source must remain open.
+
+---
+
+## Attribution
+
+BlackOpsSQL is an AGPL-3.0-or-later modified fork of [BreachSQL](https://github.com/CommonHuman-Lab/breachsql) by CommonHuman-Lab. Original copyright (c) 2026 CommonHuman-Lab. See [NOTICE](NOTICE) for full attribution.

blackops_sql-0.1.6.dist-info/RECORD

@@ -0,0 +1,29 @@
+blackopssql/__init__.py,sha256=wjwAW0NvvkX3EB5p7Qm505uQo1pcX35Qw4VEfxuj-Ds,3242
+blackopssql/__main__.py,sha256=iVQ7jiAV4YgjpbbiPqA7r8op-cJfODSx2W18DWje6ok,11533
+blackopssql/_cli/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+blackopssql/_cli/args.py,sha256=eEVGYUkbXVafFxQV3DpuLjA2V25GKwap9o6OgumhsF4,11044
+blackopssql/_cli/summary.py,sha256=U_iH3Vy3y2pnih2fPiczCohUP7L7iz5K1t4kLu8lrx4,8416
+blackopssql/engine/__init__.py,sha256=ehHE2iRZpnOTRBH0AV3D15gAojAG07jVc_AVmhBivAo,688
+blackopssql/engine/crawler.py,sha256=tmJZl-czM4DJZWvRCZfrmPZU3VfapLQ7D4QwBGATZ_0,268
+blackopssql/engine/log.py,sha256=GfImVlILwiE8QscQU3ep7pfKT8PB0tvMZwgqFxIImD4,319
+blackopssql/engine/reporter.py,sha256=--ePOj1f7ZgfZlO2DoDaiScLxsl007lqlHPHDpqNY-o,6550
+blackopssql/engine/scanner.py,sha256=4n77Z8jQFANZqMQWeUbRP3_76ywE16L9v-rEvF6aSuM,3175
+blackopssql/engine/_scanner/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+blackopssql/engine/_scanner/blind.py,sha256=jR7Gi2pcKyVLTc0kBcinhGTMbxSiS8lxQOt1mkwglHU,12098
+blackopssql/engine/_scanner/extract.py,sha256=aux-ggEddl-4QotsVy7TIJORMlsnLXxK8ILMLbvtaO8,10910
+blackopssql/engine/_scanner/options.py,sha256=IEDFG7L_XJe2yGpk2YzywpJHyk73WsWVOGdDmwOXhzs,4511
+blackopssql/engine/_scanner/passive.py,sha256=L43Nt5UtZWMiFZR6Yf3QC_gYPBNVPCX-cN3qxXvmkpw,3092
+blackopssql/engine/_scanner/pipeline.py,sha256=d4xhxUvY11fSr7Nopa17Gz9nMoNgqnbOE3sRZbHWhFU,21858
+blackopssql/engine/_scanner/stacked.py,sha256=QKO6yHZvV2Nggz6o27yl7BsReaSel5xnpIC9sxkGgR0,5087
+blackopssql/engine/_scanner/active/__init__.py,sha256=p2aNw3d7u5fj_mIYqRBPjdsUdW9cZqfFyikEMK0L2ks,21830
+blackopssql/engine/_scanner/active/_helpers.py,sha256=mBgm6Ggz7deDa3Wiz8rDsZDsMHg1uecd4wXi0Y0df5U,12214
+blackopssql/engine/_scanner/payloads/__init__.py,sha256=9AL9S7mNw5Ufqr8PCWls8SWZqncr9XRDpZo_CAfttpc,1854
+blackopssql/engine/http/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+blackopssql/engine/http/injector.py,sha256=0ANkmEFyYFC-S5JxmXvzh7x80gwR_WykuDdq7Z1EokI,397
+blackopssql/engine/http/waf_detect.py,sha256=IIzxXWDyQKlprndmhm98Ub1N-hU6iXWWXGS6_zgLl4I,1510
+blackops_sql-0.1.6.dist-info/METADATA,sha256=m2RSJQzxyNaQv11sf2bUKxN-8CVESYytHOFwEf1X_6I,10086
+blackops_sql-0.1.6.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+blackops_sql-0.1.6.dist-info/entry_points.txt,sha256=EzHK84x_9at3uSPMrC_BVxOFXh5tRY8Npl_P2NNWeII,59
+blackops_sql-0.1.6.dist-info/licenses/LICENSE,sha256=hIahDEOTzuHCU5J2nd07LWwkLW7Hko4UFO__ffsvB-8,34523
+blackops_sql-0.1.6.dist-info/licenses/NOTICE,sha256=Chb7ex9ALb-HDIiOPw0nDiuq1vI2ZZNAIvUlFjxf5a4,1107
+blackops_sql-0.1.6.dist-info/RECORD,,

blackops_sql-0.1.6.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

blackops_sql-0.1.6.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+blackops-sql = blackopssql.__main__:main