Xpath
A python based cross-platform tool that automates the process of detecting and exploiting error-based injection security flaws.
Requirements
- Python 3
- Python
pip3 - Python module
requests - Python module
colorama - Python module
chardet
Module Installation
pip install -r requirements.txt
Tested on
- Windows 7/8/8.1/10
- Ubuntu-LTS (tested with super user)
Download Xpath
You can download the latest version of Xpath by cloning the GitHub repository.
git clone https://github.com/r0oth3x49/Xpath.git
Features
- Supports error based MySQL/PostgreSQL/MSSQL injections.
- Supports all types (HEADERS/COOKIE/POST/GET) for the listed dbms.
- Added switch to support proxy option
--proxy. - Added swicth to force SSL connection
--force-ssl. - Ability to search for db/table/column
--search.
Advanced Usage
Author: Nasir khan (r0ot h3x49)
usage: python xpath.py -u URL [OPTIONS]
A cross-platform python based automated tool to detect and exploit error-based sql injections.
General:
-h, --help Shows the help.
--version Shows the version.
-v VERBOSE Verbosity level: 1-5 (default 1).
--batch Never ask for user input, use the default behavior
--flush-session Flush session files for current target
Target:
At least one of these options has to be provided to define the
target(s)
-u URL, --url URL Target URL (e.g. 'http://www.site.com/vuln.php?id=1).
Request:
These options can be used to specify how to connect to the target URL
-A , --user-agent HTTP User-Agent header value
-H , --header Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
--host HTTP Host header value
--data Data string to be sent through POST (e.g. "id=1")
--cookie HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--referer HTTP Referer header value
--headers Extra headers (e.g. "Accept-Language: fr\nETag: 123")
--proxy Use a proxy to connect to the target URL
--force-ssl Force usage of SSL/HTTPS
Detection:
These options can be used to customize the detection phase
--level Level of tests to perform (1-3, default 1)
Techniques:
These options can be used to tweak testing of specific SQL injection
techniques
--technique TECH SQL injection techniques to use (default "XEFDBGJ")
Enumeration:
These options can be used to enumerate the back-end database
managment system information, structure and data contained in the
tables.
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--hostname Retrieve DBMS server hostname
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--dump Dump DBMS database table entries
--search Search column(s), table(s) and/or database name(s)
-D DB DBMS database to enumerate
-T TBL DBMS database tables(s) to enumerate
-C COL DBMS database table column(s) to enumerate
Example:
python xpath.py http://www.site.com/vuln.php?id=1 --dbs
Legal disclaimer
Usage of xpath for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local,state and federal laws.
Developer assume no liability and is not responsible for any misuse or damage caused by this program.
TODO
- Add support for all other DBMS injection
- Add support to multitarget injection from file.
- Add support for union based/booelan/time based SQL injections.
