├── .gitignore ├── xss_test.go ├── sqli_test.go ├── README.md ├── main.go └── Makefile /.gitignore: -------------------------------------------------------------------------------- 1 | libinjection 2 | tmp 3 | -------------------------------------------------------------------------------- /xss_test.go: -------------------------------------------------------------------------------- 1 | package libinjection 2 | 3 | import ( 4 | "net/url" 5 | "testing" 6 | 7 | "github.com/stretchr/testify/assert" 8 | ) 9 | 10 | func Test_XSS_1(t *testing.T) { 11 | in, _ := url.QueryUnescape("confirm(0);") 12 | found := IsXSS(in) 13 | assert.True(t, found) 14 | } 15 | -------------------------------------------------------------------------------- /sqli_test.go: -------------------------------------------------------------------------------- 1 | package libinjection 2 | 3 | import ( 4 | "testing" 5 | 6 | "github.com/stretchr/testify/assert" 7 | ) 8 | 9 | func Test_SQLi_36(t *testing.T) { 10 | found, fingerprint := IsSQLi("foo\" and 1=1 `") 11 | assert.True(t, found) 12 | assert.Equal(t, "s&1c", fingerprint, "Fingerprint mismatch") 13 | } 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Golang-libinjection 2 | 3 | This is just a simple Go wrapper around the [libinjection](https://github.com/client9/libinjection) library. 4 | 5 | It exposes two functions 6 | 7 | ### func IsSQLi 8 | ```golang 9 | IsSQLi(statement string) (bool, string) 10 | ``` 11 | This function returns true and the fingerprint if the statement is found to be an SQLi. 12 | 13 | ### func IsXSS 14 | ```golang 15 | IsXSS(input string) bool 16 | ``` 17 | This function returns true if the input is thought to be XSS 18 | -------------------------------------------------------------------------------- /main.go: -------------------------------------------------------------------------------- 1 | package libinjection 2 | 3 | /* 4 | #cgo LDFLAGS: -linjection 5 | #include "libinjection.h" 6 | #include "libinjection_sqli.h" 7 | */ 8 | import "C" 9 | import ( 10 | "bytes" 11 | "unsafe" 12 | ) 13 | 14 | func IsSQLi(statement string) (bool, string) { 15 | var out [8]C.char 16 | pointer := (*C.char)(unsafe.Pointer(&out[0])) 17 | if found := C.libinjection_sqli(C.CString(statement), C.size_t(len(statement)), pointer); found == 1 { 18 | output := C.GoBytes(unsafe.Pointer(&out[0]), 8) 19 | return true, string(output[:bytes.Index(output, []byte{0})]) 20 | } 21 | return false, "" 22 | } 23 | 24 | func IsXSS(input string) bool { 25 | if found := C.libinjection_xss(C.CString(input), C.size_t(len(input))); found == 1 { 26 | return true 27 | } 28 | return false 29 | } 30 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | SHELL = /bin/bash 2 | all: test 3 | 4 | .PHONY: copylibinjection 5 | copylibinjection: 6 | @if [ ! -d "tmp" ]; then \ 7 | git clone https://github.com/client9/libinjection.git tmp; \ 8 | else \ 9 | cd tmp; \ 10 | git pull; \ 11 | fi 12 | @if [ ! -d "libinjection" ]; then \ 13 | mkdir libinjection; \ 14 | fi 15 | cp tmp/src/libinjection*.h ./libinjection 16 | cp tmp/src/libinjection*.c ./libinjection 17 | 18 | buildlibinjection: copylibinjection 19 | gcc -std=c99 -Wall -Werror -fpic -c libinjection/libinjection_sqli.c -o libinjection/libinjection_sqli.o 20 | gcc -std=c99 -Wall -Werror -fpic -c libinjection/libinjection_xss.c -o libinjection/libinjection_xss.o 21 | gcc -std=c99 -Wall -Werror -fpic -c libinjection/libinjection_html5.c -o libinjection/libinjection_html5.o 22 | gcc -dynamiclib -shared -o libinjection/libinjection.so libinjection/libinjection_sqli.o libinjection/libinjection_xss.o libinjection/libinjection_html5.o 23 | 24 | test: buildlibinjection 25 | go test -v 26 | 27 | clean: 28 | @rm -rf libinjection 29 | @rm -f main 30 | --------------------------------------------------------------------------------