Injectionmap_v2 is an advanced open-source penetration testing tool that automates
the detection and exploitation of various types of vulnerabilities in web applications. Building on the capabilities from SQLMap Project
, Injectionmap_v2 expands its scope to include not only SQL injection but also Blind SQL, NoSQL, Command, LDAP, Directory Traversal, and other Injection Attack techniques.
- Comprehensive Injection Support: Detects and exploits SQL, Blind SQL, NoSQL, Command, LDAP, Directory Traversal, and other injection vulnerabilities.
- Wide DBMS Support: Compatible with MySQL, Oracle, PostgreSQL, Microsoft SQL Server, SQLite, MongoDB, and many more.
- Automated Testing: Automates the process of finding and exploiting injection vulnerabilities.
- Advanced Techniques: Uses a variety of techniques including boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and more.
- Payloads and Tampering: Includes numerous payloads and tamper scripts to bypass security mechanisms.
- Database Fingerprinting: Identifies the specific version and features of the targeted DBMS.
- Data Extraction: Extracts data such as database schema, tables, columns, and sensitive data.
- Command Execution: Executes arbitrary commands on the database server if privileges allow.
- Integration: Can be integrated with other tools and scripts for enhanced security testing.
Clone the repository:
git clone https://github.com/byt3n33dl3/Injectionmap_v2.git
cd Injectionmap_v2
Install the required dependencies:
pip install -r requirements.txt
Injectionmap_v2
is designed to be easy to use with a command line interface, below are some example commands:
To perform a basic SQL injection test:
python3 injectionmap -u "http://example.com/vulnerable.php?id=1"
To get a list of basic options and switches use:
python3 injectionmap -h
python3 injectionmap -hh
To get a list of all options and switches use:
python3 Injectionmap_v2 -hh
You can find a sample run here!.
Another injections attack modules:
- Blind SQL Injection
- NoSQL Injection
- GQL Injection
- Command Injection
- LDAP Injection
- Directory Traversal
Contributions are welcome! Please submit a pull request or open an issue to discuss any changes you would like to make. License. This project is licensed under the Injectionmap_v2 General Public License. See the LICENSE file for details. Contact
- SQLMapproject
- GangstaCrew
- The Designer
Visit our GitHub Organization
, or contact us at [email protected]