中文
R
Sign in Register
中文
Sign in Register
niQin shared an aphorism: I returned and saw under the sun, that the race is not to the swift, nor the battle to the strong, neither yet bread to the wise, nor yet riches to men of understanding, nor yet favour to men of skill; but time and chance happeneth to them all. -- 《圣经》
For data outside this website, summary aggregation only; without any storage, and the access address is the link of the source website. If there is anything improper, please contact ask@rusthub.org.

Algorithm & Library sql漏洞扫描器 开源众包 Recommended

Data aggregation at 2024-04-25 08:15:23+08:00

Hits: 1489

💥 Project Description

Investment: 5000 yuan (CNY) - Negotiated

Development duration: 10 days

Project keys/tags: python

1. URL解析模块:负责解析输入的URL地址,提取出主机名、路径和参数等信息。

2. 数据库类型识别模块:通过发送特定的SQL语句,识别目标数据库的类型(如MySQL、Oracle、SQL Server等)。

3. SQL注入漏洞检测模块:针对不同类型的SQL注入漏洞(基于布尔的盲注、基于时间的盲注、基于错误的注入、基于UNION查询的注入、堆叠查询等),构造相应的Payload,发送给目标网站,检测是否存在注入点。

4. 枚举功能模块:在确认存在注入点后,利用SQL注入漏洞,进行用户、密码哈希、权限、角色、数据库、表和列等信息的枚举。

5. 多线程模块:使用多线程技术,提高程序的扫描效率,可以同时对多个URL进行扫描。

6. GUI界面模块:使用Tkinter等工具,设计简洁易用的图形用户界面,方便用户输入URL地址和设置参数,并展示扫描结果。

7. 报告保存模块:将扫描结果保存为报告文件,包括发现的漏洞、枚举到的信息等。

针对每个模块,你需要考虑其模块化和可扩展性,确保代码结构清晰,各个模块之间相互独立、可复用。

Project examples: -

Project files: To download project files, please Sign in JunHen

💥 Recruitment conditions

Recruitment role: Person - Engineer

Recruitment description: -

💥 Contact information

Contact person:

To view contact details of project, please Sign in JunHen


This website only provides data aggregation without any legal responsibility. Please identify the risks by yourself and beware of being deceived.