View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0008750Kali LinuxNew Tool Requestspublic2024-05-06 02:312024-06-03 12:12
Reportermalvads Assigned Todaniruiz  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Fixed in Version2024.2 
Summary0008750: sqlmc - About Check all urls of a domain for SQL injections
Description

[Name] - sqlmc
[Version] - 1.0.0

[Homepage] - https://github.com/malvads/sqlmc

[Download] - https://github.com/malvads/sqlmc/releases

[Author] - Miguel Alvarez

[Licence] - AGPL-3.0

[Description] - SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.

[Dependencies] - python3

[Similar tools] - Is similar to sqliv but instead of scan for urls on the web it scan all urls of a domain

[Activity] - Im currently developing and maintaining it

[How to install] - pip3 install .

[How to use] - sqlmc -u http://example.com -d 2

[Packaged] - Is the tool already packaged for Debian? No

Activities

Arszilla

Arszilla

2024-05-19 18:04

reporter   ~0019301

Hey @malvads. I am taking a look at packaging your tool, however a few questions/concerns arise regarding the tool's dependencies.

It requires:

  • python3-aiohttp v3.9.5
  • python3-frozenlist v1.4.1
  • python3-idna v3.7
  • python3-multidict v6.0.5
  • python3-tabulate v0.9.0

However, Kali has the following versions available (which come from Debian):

  • python3-aiohttp v3.9.1
  • python3-frozenlist v1.4.0
  • python3-idna v3.6
  • python3-multidict v6.0.4
  • python3-tabulate v0.8.10

Will the older versions work? If so, any chance to remove the "version restrictions" in requirements.txt and make them more open ended? i.e. >= x.y.z instead of == x.y.z
malvads

malvads

2024-05-19 21:15

reporter   ~0019303

i updated all the dependencies to match kali ones, and the tool is working with no issues :)
malvads

malvads

2024-05-19 21:16

reporter   ~0019304

you can package now @Arszilla
Arszilla

Arszilla

2024-05-20 19:44

reporter   ~0019317

@malvads just to clarify, I meant to use >= on all dependencies (assuming majority if not all of the code does not use functions etc. from those libraries that will be deprecated/subjected to major changes).

Regardless, a draft package is available: https://gitlab.com/Arszilla/sqlmc
malvads

malvads

2024-05-20 19:57

reporter   ~0019319

that was fast @Arszilla, than u for the work :), sure, i updated the dependencies on https://github.com/malvads/sqlmc now it contains non-restrictive dependencies in the requirements.
daniruiz

daniruiz

2024-06-03 12:01

manager   ~0019342

This tool is now packaged!
https://gitlab.com/kalilinux/packages/sqlmc

Thank you ;)

Issue History

Date Modified Username Field Change
2024-05-06 02:31 malvads New Issue
2024-05-06 06:26 daniruiz Summary Add sqlmc tool => sqlmc - About Check all urls of a domain for SQL injections
2024-05-19 18:04 Arszilla Note Added: 0019301
2024-05-19 21:15 malvads Note Added: 0019303
2024-05-19 21:16 malvads Note Added: 0019304
2024-05-20 19:44 Arszilla Note Added: 0019317
2024-05-20 19:57 malvads Note Added: 0019319
2024-06-03 12:01 daniruiz Note Added: 0019342
2024-06-03 12:12 daniruiz Assigned To => daniruiz
2024-06-03 12:12 daniruiz Status new => resolved
2024-06-03 12:12 daniruiz Resolution open => fixed
2024-06-03 12:12 daniruiz Fixed in Version => 2024.2