- A+
所属分类:神兵利刃
仅用于安全研究/教学演示之用,禁止非法用途!
shoryuken是一款linux bash工具,可以对存在SQL注入漏洞的主机(且未站库分离)进行自动化利用测试,简化了繁琐的手工操作。值得一提的是,由于适用于注入点的渗透测试,这个工具可能需要应用具有较高的数据库权限(SA or System)。
选项
-h help -i interactive mode -p direct punch -t test mode -l test from list
实例
./shoryuken1.1 -i ./shoryuken1.1 -p "192.168.0.2/test.asp?id=1" ./shoryuken1.1 -p "vuln-site.net/home/news.php?info=text&vuln_param=11230" ./shoryuken1.1 -t "www.example.com/page.php?name=john" ./shoryuken1.1 -l mytargets.txt results.txt"
特点
- Very simple to use; - Very small (just 8k) e portable; - Can be easily used in tiny linux systems like mobile ones; - Pwns MySQL and MSSQL systems at once; - Doesn't need to download/upload anything to target; - Doesn't need an extra open port on machine or firewall; - Can be easily used when pivoting over linux machines; - Minimum footprinting in Test Mode (1 request); - Auto cleaning (except for logs); - Impressive hacking to people that lacks hacking/security knowledge.
- 我的微信
- 这是我的微信扫一扫
-
- 我的微信公众号
- 我的微信公众号扫一扫
-
