基于PHP開發的SQLMAP-Web-GUI

SQLmap是一款用來檢測與利用SQL注入漏洞的免費開源工具，有一個非常棒的特性，即對檢測與利用的自動化處理（數據庫指紋、訪問底層文件系統、執行命令）。SQLMAP-Web-GUI是一款使用PHP作為前端程序開發的Web版SQLMAP，和命令行版一樣功能非常齊全。

Here is a few quick videos I made to show that almost all of your usual SQLMAP command line functionality is still possible via this Web GUI.

Demo against: Windows 2003 Server, IIS/6.0 + ASP + MS-SQL 2005

• 油Tube: http://youtu.be/8MRew20Q1xE

Demo against: Linux (CentOS), Apache, MySQL, PHP

• 油Tube: http://youtu.be/cs2Gvss0v-k

Blog Write-Up: http://kaoticcreations.blogspot.com/

Requirements:

• Linux, Apache, PHP (check your favorite distro's wiki or forum pages, or use google)
  • PHP 5.3+ is suggested, older versions not tests so mileage may vary
• Python and any SQLMAP dependencies (refer to their wiki for any help there)
• Clone this repo to your machine
  • Edit the sqlmap/inc/config.php file so the paths all point to the right locations on your system
  • Copy the entire sqlmap/ directory and contents to your web root directory (cd SQLMAP-Web-GUI && cp -R sqlmap/ /var/www/)
  • When you want to use, simply fire up the sqlmap API server (python /home/user/tools/sqlmap/sqlmapapi.py -s)
  • Then you can navigate to the Web GUI address in your Browser to begin (firefox http://127.0.0.1/sqlmap/index.php)

項目主頁：http://www.baiduhome.net/lib/view/home/1435627850310