SQLMap is a powerful open-source automated SQL injection tool designed to help penetration testers quickly discover and exploit SQL injection vulnerabilities. It has features such as automated detection, vulnerability exploitation, and data extraction. The main function of SQLMap is to scan, discover, and exploit SQL injection vulnerabilities in a given URL. It also includes many bypass plugins and supports multiple databases, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, and SAPMaxDB. By using SQLMap, penetration testers can efficiently detect and exploit SQL injection vulnerabilities.
The following is a batch detection tool written in Python that can import a list of URLs from multiple websites at once and automatically scan them. This greatly improves the efficiency of vulnerability scanning and saves time and effort.
Running effect:
Before running this program, please make sure that SQLMap is installed on your local machine and added to the environment variables. This allows you to use this tool for SQL injection detection in any directory.
The code uses the tkinter library to create a GUI application for batch detection of SQL injection vulnerabilities. It provides a user interface where users can import a list of URLs and run the detection. The program will automatically check if each URL has a SQL injection vulnerability and display the detection results.
The code includes the Application class, which inherits from the Tk class of the tkinter library and represents the window of the entire application. In the initialization method, the title and size of the window are set, and a Treeview control is created to display the URL, injection status, and payload information, as well as a Text control to display the detection results.
The main functions of the application include importing a list of URLs, running the detection, pausing the detection, and clearing the results. The import_data method imports a text file using a file dialog, reads the URL list from it, and inserts it into the Treeview control.
The run method retrieves the parameters entered by the user, sets the run button to disabled state, and the pause button to enabled state. Then, a new thread is created to call the _run_scan method for detection.
In the _run_scan method, each URL in the Treeview control is iterated. If the pause flag is True, the detection is stopped. Otherwise, the sqlmap command is called using the subprocess library for detection, and the results are output to the Text control. Based on the detection results, the injection status and payload information in the Treeview control are updated. Finally, the run button is set to enabled state, and the pause button is set to disabled state.
The clear_content method is used to clear the content of the Text control and the Treeview control.
In the main program, an instance of the Application class is created, and the mainloop method is called to start the event loop of the application.