Wednesday, December 15, 2010

SQLInject-Finder: Anti SQL-Injection Tool

SQLInject Finder is an anti sql injection tool.  It's a simple python script which parse through the .pcap file looking for suspicious POST & GET sql injects. Rules can also be added to check. Output can be printed on the command line or in tab delimited format.
The output includes:
  • The suspicious IP address
  • The attacked webpage
  • The parameter and value used
  • The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
  • The reason why the request was flagged
Command format: sqlinject-finder.py -f  [-t]
Options:
-f, --filename : valid pcap file
-t, --tab      : prints output in tab delimited format
-h, --help     : shows this screen

Example: #python sqlinject-finder.py -f capture.pcap
         #python sqlinject-finder.py -f capture.pcap -t > capture.tsv

Requirements
This script was tested using Python 2.6.5. Other versions are not guaranteed to work.
This script depends on the dpkt libraries. They can be downloaded from here: http://code.google.com/p/dpkt/downloads/list

Main Site: http://code.google.com/p/sqlinject-finder/
Download link.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)