Oracle Point, Oracle Life.

Project Type: Small Business Project: $100(USD) and above
Max Bid: 400
Categories: Requirements,Perl,Misc (software related),Security,Python,Ruby,Software Related (Includes Websites)
Description:
I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.
There are the required features for this tool:
1. Ability to crawl an http/https website and identify SQL Injection.
2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection
3. Ability enumerate database information, and read files located on the server
4. Ability to brute-force the MS-SQL Server ’sa’ account
5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure
6. Ability to choose different encoding types, and comment injection for IDS evasion
You can use the following open-source tools as references for both required features, and source code samples:
Wapiti.py:
http://wapiti.sourceforge.net
SQLMap.py:
http://sqlmap.sourceforge.net
SQLBrute.py:
http://www.justinclarke.com/archives/2006/03/sqlbrute.html
SQID.rb:
http://sqid.rubyforge.org
Squeeza.rb:
http://www.sensepost.com/research/squeeza
SQLNinja:
http://sqlninja.sourceforge.net
Deliverables:
I have a requirement for the development of a sql injection identification, testing and exploitation tool. This tool must be written in python, or perl.
There are the required features for this tool:
1. Ability to crawl an http/https website and identify SQL Injection.
2. Ability to test individual URLs for Error, Union, True/False, and Time-based blind sql injection
3. Ability enumerate database information, and read files located on the server
4. Ability to brute-force the MS-SQL Server ’sa’ account
5. Ability to re-enable xp_cmdshell stored procedure, and/or write a new stored procedure
6. Ability to choose different encoding types, and comment injection for IDS evasion
You can use the following open-source tools as references for both required features, and source code samples:
Wapiti:
http://wapiti.sourceforge.net
This python based tool has the ability to scan a website and identify SQL Injection in both GET and POST requests. It also includes cookie.py for sites that require a cookie.
SQLMap:
http://sqlmap.sourceforge.net
This python based tool has the ability to extract data from a backend database via true/false sql injection (differentiating between a 1=1/1=2 or similar statement passed along with the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.
Note: It may be more efficient to write an sqlmap.py wrapper and just pass the required parameters to this program.
SQLBrute:
http://www.justinclarke.com/archives/2006/03/sqlbrute.html
This python based tool has the ability to extract data from a backend database via time-based sql injection (appending a ‘waitfor delay’ statement to the end of the sql query) in both GET and POST requests. It can not however scan a website and identify SQL Injection.
Note: It may be more efficient to write an sqlbrute.py wrapper and just pass the required parameters to this program.
SQID:
http://sqid.rubyforge.org
This ruby based tool has the ability to query google for SQL Injection vulnerabilities, it can test an individual URL for sql injection, and it can crawl a http/https website looking for SQL Injection vulnerabilities.
Squeeza:
http://www.sensepost.com/research/squeeza
This ruby based tool has the ability to extract data from a backend database via an out-of-band medium such as DNS, or HTTP.
SQLNinja:
http://sqlninja.sourceforge.net
This perl based tool has the ability to not only enumerate database information, but it can also brute-force the ’sa’ account, re-enable xp_cmdshell stored procedure on MSSQL2000/2005, and it can upload netcat/dnstun to the host via inline file transfer.
Platform:

Popularity: 34% [?]