BBQSQL

Description

BBQSQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. It can help you address those issues.

It  is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. it is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making  extremely fast.

Usage

Syntax

bbqsql [-h] [-V] [-c config [config ...]]

Options

  -h, --help            show this help message and exit
  -V, --version         show program's version number and exit
  -c config [config ...]
                        import config file

Command

cyborg@cyborg:~$ sudo bbqsql 


    _______   _______    ______    ______    ______   __       
   |       \ |       \  /      \  /      \  /      \ |  \      
   | $$$$$$$\| $$$$$$$\|  $$$$$$\|  $$$$$$\|  $$$$$$\| $$      
   | $$__/ $$| $$__/ $$| $$  | $$| $$___\$$| $$  | $$| $$      
   | $$    $$| $$    $$| $$  | $$ \$$    \ | $$  | $$| $$      
   | $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$      
   | $$__/ $$| $$__/ $$| $$/ \ $$|  \__| $$| $$/ \ $$| $$_____ 
   | $$    $$| $$    $$ \$$ $$ $$ \$$    $$ \$$ $$ $$| $$     \
    \$$$$$$$  \$$$$$$$   \$$$$$$\  \$$$$$$   \$$$$$$\ \$$$$$$$$
                     \$$$                \$$$ 

                   _.(-)._
                .'         '.
               / 'or '1'='1  \
               |'-...___...-'|
                \    '='    /
                 `'._____.'` 
                  /   |   \
                 /.--'|'--.\
              []/'-.__|__.-'\[]
                      |
                     [] 

    Blind SQL injection toolkit (bbq sql)         
    Lead Development: Ben Toews(mastahyeti)         
    Development: Scott Behrens(arbit)         
    Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)    
    SET is located at: http://www.secmaniac.com(SET)    
    Version: 1.0               
    
    The 5 S's of BBQ: 
    Sauce, Spice, Smoke, Sizzle, and SQLi
    


 Select from the menu:

   1) Setup HTTP Parameters
   2) Setup BBQSQL Options
   3) Export Config
   4) Import Config
   5) Run Exploit
   6) Help, Credits, and About

  99) Exit the bbqsql injection toolkit

bbqsql>
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?