Good day, Turk Hack Team family.
Today, I will introduce the second version of the FetiSQL tool that I have developed for you.
During the R&D process, I shared it with many friends under the name tht-opsdk during the Denmark operation and made adjustments based on feedback.
What is FetiSQL?
Today, I will introduce the second version of the FetiSQL tool that I have developed for you.
During the R&D process, I shared it with many friends under the name tht-opsdk during the Denmark operation and made adjustments based on feedback.
What is FetiSQL?
FetiSQL was initially a tool that scanned SQL dorks and performed an automatic SQL vulnerability test on the results.
With its second version, it began to touch upon different points based on the feedback you provided.
In short, FetiSQL aims to minimize human intervention while exploiting SQL vulnerabilities with dorks.
The name FetiSQL is a combination of the words 'Fetish' and 'SQL' .
Features and Updates
+Dork Scanner (Updated)
+SQL Vulnerability Check
+Admin Panel Scanner (NEW)
+FTP Port Check (NEW)
+Auto Shell (NEW)
+Auto Dump (NEW)
Dork Scanner Update
In the previous version, the dork scanner was working as headless. In the new version, it is no longer headless.
It performs dork scanning through Google.
It solves Google captchas for the user.
Installation
You can follow the steps below for your Kali Linux device.
Let's download our files from Github
Kod:
git clone https://github.com/mentalistler/FetiSQL-V2.git
Then, let's navigate to the directory where the code is located using the 'cd' command.
Kod:
cd FetiSQL-V2
Let's install the necessary libraries.
Kod:
pip install -r requirements.txt
Installation for Linux Devices
Let's download the SQLmap software that the application needs.
Kod:
sudo apt-get install sqlmap
Let's download our files from Github.
Kod:
git clone https://github.com/mentalistler/FetiSQL-V2.git
Next, let's navigate to the directory where the code is located using the 'cd' command.
Kod:
cd FetiSQL-V2
Let's install the necessary libraries.
Kod:
pip install -r requirements.txt
Installation for Windows Devices
(Python 3 needs to be installed.)
Let's download the software from this address.
Extract it to a folder.
Open the terminal and navigate to the folder directory using 'cd' commands.
pip install sqlmap
pip install -r requirements.txt
After completing these steps, your installation will be complete.
Usage
Save your dorks in the dorks.txt file located in the files folder. Then, you can use the following command to run the software:
python main.py
Options and Their Meanings:
Scan Dorks: Scans the dorks in files/dorks.txt on Google and saves the results in results/results.txt.
SQL Injection Check: Checks websites listed in results/results.txt one by one for SQL injection vulnerabilities. Saves the results in results/sql.txt.
Auto Shell: Attempts to inject a shell into websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com directory.
Auto Dump: Attempts to retrieve all data from websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com/table_name.csv format.
Scan for Panels: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt. Also performs FTP checks.
Quick Panel Scan: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt using a smaller panel list. Also performs FTP checks.
Options 7, 8, 9, 10, and 11 perform the above operations in sequence without requiring user input.
For example:
Let's use option
7) Scan Dorks > SQL Check > Scan for Panels.
After scanning the dorks, it automatically scans the found websites.
As you can see in the images above, the software displayed websites with SQL vulnerabilities as 'vulnerable: url - database type' on the screen. Then, it started scanning for admin panels and saved the results in the directory named results/SqlAndPanels.txt. During the scan, it displayed on the screen in the format:
sql url | admin panel | FTP status.
I hope you achieve great success in your endeavors.
Good luck and happy hunting
Source: @Enistein https://www.turkhackteam.org/konula...-oto-dump-sql-oto-shell-panel-bulucu.2033006/
FetiSQL was initially a tool that scanned SQL dorks and performed an automatic SQL vulnerability test on the results.
With its second version, it began to touch upon different points based on the feedback you provided.
In short, FetiSQL aims to minimize human intervention while exploiting SQL vulnerabilities with dorks.
The name FetiSQL is a combination of the words 'Fetish' and 'SQL' .
Features and Updates
+Dork Scanner (Updated)
+SQL Vulnerability Check
+Admin Panel Scanner (NEW)
+FTP Port Check (NEW)
+Auto Shell (NEW)
+Auto Dump (NEW)
Dork Scanner Update
In the previous version, the dork scanner was working as headless. In the new version, it is no longer headless.
It performs dork scanning through Google.
It solves Google captchas for the user.
Installation
You can follow the steps below for your Kali Linux device.
Let's download our files from Github
You can follow the steps below for your Kali Linux device.
Let's download our files from Github
Kod:
git clone https://github.com/mentalistler/FetiSQL-V2.git
Then, let's navigate to the directory where the code is located using the 'cd' command.
Kod:
cd FetiSQL-V2
Let's install the necessary libraries.
Kod:
pip install -r requirements.txt
Installation for Linux Devices
Let's download the SQLmap software that the application needs.
Kod:
sudo apt-get install sqlmap
Let's download our files from Github.
Kod:
git clone https://github.com/mentalistler/FetiSQL-V2.git
Next, let's navigate to the directory where the code is located using the 'cd' command.
Kod:
cd FetiSQL-V2
Let's install the necessary libraries.
Kod:
pip install -r requirements.txt
Installation for Windows Devices
(Python 3 needs to be installed.)
Let's download the software from this address.
Extract it to a folder.
Open the terminal and navigate to the folder directory using 'cd' commands.
pip install sqlmap
pip install -r requirements.txt
After completing these steps, your installation will be complete.
Usage
Save your dorks in the dorks.txt file located in the files folder. Then, you can use the following command to run the software:
python main.py
Options and Their Meanings:
Scan Dorks: Scans the dorks in files/dorks.txt on Google and saves the results in results/results.txt.
SQL Injection Check: Checks websites listed in results/results.txt one by one for SQL injection vulnerabilities. Saves the results in results/sql.txt.
Auto Shell: Attempts to inject a shell into websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com directory.
Auto Dump: Attempts to retrieve all data from websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com/table_name.csv format.
Scan for Panels: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt. Also performs FTP checks.
Quick Panel Scan: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt using a smaller panel list. Also performs FTP checks.
Options 7, 8, 9, 10, and 11 perform the above operations in sequence without requiring user input.
For example:
Let's use option
7) Scan Dorks > SQL Check > Scan for Panels.
After scanning the dorks, it automatically scans the found websites.
(Python 3 needs to be installed.)
Let's download the software from this address.
Extract it to a folder.
Open the terminal and navigate to the folder directory using 'cd' commands.
pip install sqlmap
pip install -r requirements.txt
After completing these steps, your installation will be complete.
Usage
Save your dorks in the dorks.txt file located in the files folder. Then, you can use the following command to run the software:
python main.py
Options and Their Meanings:
Scan Dorks: Scans the dorks in files/dorks.txt on Google and saves the results in results/results.txt.
SQL Injection Check: Checks websites listed in results/results.txt one by one for SQL injection vulnerabilities. Saves the results in results/sql.txt.
Auto Shell: Attempts to inject a shell into websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com directory.
Auto Dump: Attempts to retrieve all data from websites with SQL vulnerabilities listed in results/sql.txt. Saves the results in sql/website_name.com/table_name.csv format.
Scan for Panels: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt. Also performs FTP checks.
Quick Panel Scan: Attempts to find admin panels on websites with SQL vulnerabilities listed in results/sql.txt using a smaller panel list. Also performs FTP checks.
Options 7, 8, 9, 10, and 11 perform the above operations in sequence without requiring user input.
For example:
Let's use option
7) Scan Dorks > SQL Check > Scan for Panels.
After scanning the dorks, it automatically scans the found websites.
As you can see in the images above, the software displayed websites with SQL vulnerabilities as 'vulnerable: url - database type' on the screen. Then, it started scanning for admin panels and saved the results in the directory named results/SqlAndPanels.txt. During the scan, it displayed on the screen in the format:
sql url | admin panel | FTP status.
I hope you achieve great success in your endeavors.
Good luck and happy hunting
Source: @Enistein https://www.turkhackteam.org/konula...-oto-dump-sql-oto-shell-panel-bulucu.2033006/
sql url | admin panel | FTP status.
I hope you achieve great success in your endeavors.
Good luck and happy hunting
Source: @Enistein https://www.turkhackteam.org/konula...-oto-dump-sql-oto-shell-panel-bulucu.2033006/