• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2018
  • June
  • 20
  • SleuthQL – SQL Injection Discovery Tool

SleuthQL – SQL Injection Discovery Tool

June 20, 2018 Comments Off on SleuthQL – SQL Injection Discovery Tool
how to use sleuthql sleuthql SleuthQL - SQL Injection Discovery Tool sleuthql download sleuthql tutorial

SleuthQL is a python3 script to identify parameters and values that contain SQL-like syntax. Once identified, SleuthQL will then insert SQLMap identifiers (*) into each parameter where the SQL-esque variables were identified.

SleuthQL aims to augment an assessor’s ability to discover SQL injection points by automating some of the request analysis required during a web application assessment. SleuthQL is a Python 3 script to search Burp Suite’s request history for parameters and values that match syntax matching that of database languages, such as SQL. It judges a parameter or value based on whether it matches a regular expression associated with database queries. SleuthQL can scan json, xml, form-data and url-encoded data without issue.

These regex matches include database names, common operands, common variable names and more. Once a match is discovered, it will create a list of vulnerable parameters per endpoint and per method the endpoint was requested with. Once this list is compiled, it will then iterate over all requests matching that endpoint and method, appending a custom injection marker (*) at the point of each potentially vulnerable parameter. It then writes this request out to a directory matching the domain name. You could then feed every request file in that directory into SQLmap for processing with the following command:

find $domainName -name “*.txt” -exec sqlmap -r {} –batch \;

If terminal output is preferred, it also prints each path and method that is vulnerable, followed by a list of variable names for an assessor to manually investigate by hand.

 

Supported Request Types

SleuthQL requires an export of Burp’s Proxy History. To gain this export, simply navigate to your proxy history tab, highlight every item and click “Save Items”. Ensure that each request is saved using base64 encoding. When SleuthQL scans the proxy history file, outside of the regular URL parameters, it will be able to identify vulnerable parameters from the following request content-types:

  • application/json
  • application/x-www-form-urlencoded
  • multipart/form-data

There are cases where this tool will break down. Namely, if there is nested content-types (such as a base64 encoded parameter within JSON data), it will not be able to identify those parameters. It also does not cover Cookies, as too often something such as CloudFlare will flag a parameter we’re not interested in.

 

What does SleuthQL not do?

Currently, there are a few limitations of the tool, such as parsing of nested parameters of different types. For example, there have been instances where JSON POST data is sent to an application with parameter values that are base-64 encoded. That value would not be able to be parsed by SleuthQL and would require an expert’s eye.

Moreover, it does not scan an application’s cookies for potential injection points. This is because cookies often interfere with session state (and invalidate the current session), and have a particularly high number of false positives, such as CDN identifiers.

 

 

In conclusion, SleuthQL aims to discover potentially vulnerable SQL injection points in web applications by parsing parameter names and values for potentially dangerous values. Using this in tandem with a tool like SQLMap can help augment a regular application audit and ensure a total depth of coverage.

 

SQL Injection Discovery Tool: SleuthQL Download

Post navigation

DejaVU – Open Source Deception Framework
Tracy – Web Application Penetration Testing Tool

Related Articles

SQLMate – Automated SQLi Using Dorks

- Sql Injection
July 12, 2019July 11, 2019

List of Best Open Source SQL Injection Tools – 2019

- Sql Injection
February 19, 2019May 19, 2019

BSQLinjector – Blind SQL Injection Exploitation Tool

- Sql Injection
July 26, 2018July 22, 2018
hacker gadgets
hacker phone covers

Recent Posts

Three Sentenced to Prison for Selling Amphetamines

Three Sentenced to Prison for Selling Amphetamines

May 20, 2022
C2concealer - Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

C2concealer – Command Line Tool That Generates Randomized C2 Malleable Profiles For Use In Cobalt Strike

May 20, 2022
PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerProxy – PowerShell SOCKS Proxy With Reverse Proxy Capabilities

May 19, 2022
Researchers created a PoC exploit for Safari CVE-2022-26717 bug

Researchers created a PoC exploit for Safari CVE-2022-26717 bug

May 19, 2022
logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

logdata-anomaly-miner v2.5.1 releases: parses log data and allows to define analysis pipelines for anomaly detection

May 19, 2022
Paris: Versus Market Exploit “is Real”

Paris: Versus Market Exploit “is Real”

May 19, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW