pruzko / hakuin Goto Github PK
View Code? Open in Web Editor NEWA blazing fast Blind SQL Injection optimization and automation framework.
License: MIT License
A blazing fast Blind SQL Injection optimization and automation framework.
License: MIT License
Hakuin now requires users to specify which DBMS engine is used by the target. This is not practical, because users have to obtain this information manually prior to extraction. Hakuin should include a set of test queries that detect the DBMS automatically.
It is (typically) possible to extract all schemas from vulnerable web applications, but Hakuin now only extracts the default one, the one that the application is connected to. Supporting extraction of all schemas should only require rewriting the injected queries to take the DB name into consideration. For instance, users
will become dbo.users
.
Hakuin currently extracts non-textual data types with binary search. This can be done more efficiently.
Int:
Float:
Bytes:
Like with #10, Hakuin should be able to extract all databases.
Hakuin does not check NULL values before attempting to extract columns. This may lead to wrong results.
Hakuin should check NULL values in a similar fashion as it checks ASCII values, i.e., first on the column level and then on the row level.
Hakuin currently extracts texts
, ints
, floats
, and blobs
. There are, however, other (possibly DBMS-specific) data types, such as polygon
, json
, and more. If possible, Hakuin should cast them to text
and extract them.
Currently, Hakuin can only extract text columns.
Support extraction of other data types, such as integers, floats, bytes, dates, etc.
Hakuin currently supports only SQLite and MySQL DBMSs, but there are other popular engines.
Hakuin should support:
Currently, Hakuin supports only ASCII extraction. Extending the implementation to include Unicode characters requires only minor changes to the extraction logic and few new queries.
Implement a wrapper tool hk.py
that can be quickly used to call Hakuin's basic functionality without the need to write your own python scripts.
Hakuin blocks on sending requests. This is not necessary. Instead, there should be multiple tasks extracting column rows independently.
Implementing this feature will require some sync code as the tasks share the same language models.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.