SQL / SQLI tokenizer parser analyzer. For
See https://libinjection.client9.com/ for details and presentations.
To use: look at sqli_cli.c, reader.c, and fptool as examples, but it's as simple as this:
#include <stdio.h>
#include <strings.h>
#include "libinjection.h"
int main(int argc, const char* argv[])
{
sfilter state;
int issqli
const char* input = argv[1];
size_t slen = strlen(input);
/* in real-world, you would url-decode the input, etc */
libinjection_sqli_init(&state, input, slen, FLAG_NONE);
issqli = libinjection_is_sqli(&state);
if (issqli) {
fprintf(sterr, "sqli detected with fingerprint of '%s'\n", state.pat);
}
return issqli;
}$ gcc -Wall -Wextra examples.c libinjection_sqli.c
$ ./a.out "-1' and 1=1 union/* foo */select load_file('/etc/passwd')--"
sqli detected with fingerprint of 's&1UE'
See CHANGELOG for details.
Versions are listed as "major.minor.point"
Major are significant changes to the API and/or fingerprint format. Applications will need recompiling and/or refactoring.
Minor are C code changes. These may include
- logical change to detect or suppress
- optimization changes
- code refactoring
Point releases are purely data changes. These may be safely applied.
Use the diagnostic test page at
https://libinjection.client9.com/diagnostics
For quick experiments, cracking and breaking, and other ad-hoc tests.
At https://libinjection.client9.com/cicada/ is a integration server showing automated testing:
- build and unit-tests under GCC latest
- build, unit-tests and static analysis using clang
- results from cppcheck (static analysis on C code)
- results from pylint and pyflake (static analysis on python helper scripts)
- results from valgrind (memory errors)
- performance tests using gprof
- false negatives and positives reports
Copyright (c) 2012,2013 Nick Galbreath
Licensed under the standard BSD open source license. See COPYING.txt for details.
Commercial and support licenses available.
Send requests to [email protected]
The 'c' directory contains everything, but you only need to copy the following into your source tree: