基于PHP开发的SQLMAP-Web-GUI

jopen 9年前

SQLmap是一款用来检测与利用SQL注入漏洞的免费开源工具,有一个非常棒的特性,即对检测与利用的自动化处理(数据库指纹、访问底层文件系统、执行命令)。SQLMAP-Web-GUI是一款使用PHP作为前端程序开发的Web版SQLMAP,和命令行版一样功能非常齐全。

Here is a few quick videos I made to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI.

Demo against: Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005

Demo against: Linux (CentOS), Apache, MySQL, PHP

Blog Write-Up: http://kaoticcreations.blogspot.com/

Requirements:

  • Linux, Apache, PHP (check your favorite distro's wiki or forum pages, or use google)
    • PHP 5.3+ is suggested, older versions not tests so mileage may vary
    </li>
  • Python and any SQLMAP dependencies (refer to their wiki for any help there)
  • Clone this repo to your machine
    • Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
    • Copy the entire sqlmap/ directory and contents to your web root directory (cd SQLMAP-Web-GUI && cp -R sqlmap/ /var/www/)
    • When you want to use, simply fire up the sqlmap API server (python /home/user/tools/sqlmap/sqlmapapi.py -s)
    • Then you can navigate to the Web GUI address in your Browser to begin (firefox http://127.0.0.1/sqlmap/index.php)
    • </ul> </li> </ul>

      项目主页:http://www.open-open.com/lib/view/home/1435627850310