Shoryuken - An SQL Injection Tool

Shoryuken ("rising dragon punch" in Japanese) is an SQLi tool written in Bash that allows you to hack into poorly configurated web applications with backend DBMS in the same machine.

The takeover is pretty straightforward with a single request issued to open a "custom shell" on:

• Windows using xp_cmdshell output redirected to a file at default web server root (c:\inetpub\wwwroot)

• Linux using a PHP one line web shell with sudo also at default web server root (/var/www).

Note: Shoryuken requires cURL (Debian-like systems: apt-get install curl).

Advantages:

• Gets root/system almost instantly.

• Scans and tests multiple targets.

• Very simple to use.

• Very small (just 9k) e portable.

• Can be easily used in tiny Linux systems like mobile ones.

• Pwns MySQL and MSSQL systems at once.

• No need to download/upload anything to target.

• No need for an extra open port on machine or firewall.

• No need for password(s) stored in the database.

• No need for privilege escalation.

• Can be easily used when pivoting over Linux machines.

• Minimum footprinting in Test Mode (1 request).

• Uses filter bypass techniques like hex converting and HPP.

• Uses statistics from @VulnSites project to improve detection rate.

• Auto cleaning (except for logs).

Download Shoryuken 1.5 (Link 1)

Download Shoryuken 1.5 (Link 2)

Download Shoryuken 1.1 (Link 1)

Download Shoryuken 1.1 (Link 2)

Download shoryuken 1.0 (Link 1)

Download Shoryuken 1.0 (Link 2)

You might also like:

• 14 Best IP Hide Tools 2016/2017

• Katana - A Portable Multi-Boot Security Distribution

• OWASP SwitchBlade - An Open-Source Denial of Service Attack Tool

• Medusa - Login BruteForcer

• 18 Online Android App Analyzers

• Top 4 Best File Recovery Apps For Android

• 4 Best App Lock Apps For Android

• Burp Suite - Web Application Penetration Testing Tool

• Netsparker - Web Application Vulnerability Scanner For Hackers

• FireMaster - Crack Firefox's Master Password (Windows Tool)