SQLMap is a powerful open-source automated SQL injection tool designed to help penetration testers quickly discover and exploit SQL injection vulnerabilities. It has features such as automated detection, vulnerability exploitation, and data extraction. The main function of SQLMap is to scan, discover, and exploit SQL injection vulnerabilities in a given URL. It also includes many bypass plugins and supports multiple databases, including MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, and SAPMaxDB. By using SQLMap, penetration testers can efficiently detect and exploit SQL injection vulnerabilities.
The following is a batch detection tool written in Python, which can import a list of URLs from multiple websites at once and automatically scan them. This greatly improves the efficiency of vulnerability scanning, saving time and effort.
Running effect:
Before running this program, please make sure that SQLMap is installed on your local machine and added to the environment variables. This allows you to use this tool for SQL injection detection in any directory.
The code uses the tkinter library to create a GUI application for batch detection of SQL injection vulnerabilities. It provides a user interface where users can import a list of URLs and run the detection. The program will automatically check if each URL has a SQL injection vulnerability and display the detection results.
The code uses the Application class, which inherits from the Tk class of the tkinter library, representing the window of the entire application. In the initialization method, the title and size of the window are set, and a Treeview control is created to display the URL, injection status, and payload information, as well as a Text control to display the detection results.
The main functions of the application include importing a list of URLs, running the detection, pausing the detection, and clearing the results. The import_data method for importing a list of URLs uses a file dialog to select a text file, reads the URL list from it, and inserts it into the Treeview control.
The run method for running the detection gets the parameters entered by the user, sets the run button to disabled, and the pause button to enabled. Then a new thread is created, in which the _run_scan method is called to perform the detection.
In the _run_scan method, each URL in the Treeview control is traversed. If the pause flag is True, the detection is stopped. Otherwise, the sqlmap command is called using the subprocess library for detection, and the results are output to the Text control. Based on the detection results, the injection status and payload information in the Treeview control are updated. Finally, the run button is set to enabled, and the pause button is set to disabled.
The clear_content method is used to clear the content of the Text control and the Treeview control.
In the main program, an instance of the Application class is created, and the mainloop method is called to start the event loop of the application.