NodeSQL is an experimental web based GUI and back-end API that interfaces with SQLMap for database exploitation and exploration. Its interface was designed for ease-of-use, and my goal was to make it look and feel just like a MySQL workbench tool, while leveraging injection techniques for data retrieval. Build the image and it should just work regardless of your operating system.
It also features:
- an asynchronous API supporting database, table, column and data extraction through SQLMap
- an easy to use front-end for traversing a vulnerable database
- full support for HTTP GET/POST with both form and cookie inputs
NodeSQL was built with security awareness in mind. It comprises only a small subset of SQLMap's extensive feature set, so for meaningful security engagements it's probably best to stick with the original SQLMap CLI. PR's are always welcome, and I've left a few notes in the bottom of this file of things to think about.
We provide two methods for building NodeSQL. The simplest of the two is to build a local docker image. Though if you want to run the application from source, that's supported too.
# clone this repository
git clone <this repository>
# building the docker image
docker build . -t nodesql
# run the front-end and API from your container (optional: mynet for docker networking)
docker run --rm --name injection --net mynet -p 3000:3000 -it nodesql:latest
# clone this repository
git clone <this repository>
# install node dependencies
cd app && npm install
#run the web interface and api
node index.js
Point your browser to http://localhost:3000 to access the web interface.
Note: The API looks for SQLMap in the
bin/directory from this repository. You may override that by setting the environment variable inside the Dockerfile.
The quickest way to demonstrate this tool is to set up a vulnerable docker image like Damn Vulnerable Web App.
docker pull vulnerables/web-dvwa
docker run --rm -d --name dvwa --net mynet -p 80:80 vulnerables/web-dvwa
Or if you've ever gone through Troy Hunt's hack-yourself-first website examples, there's a few vulnerable endpoints in there too!
It is your responsibility to ensure you have consent for assessing websites using this tool. Please don't point this at systems for which you do not have approval. Better yet, go grab yourself a vulnerable web app to test with. Examples that I've tested so far are CrackMe Bank, DVWA, Wackopicko and Mutillidae.
- Extend the sqlmapapi to include data fetching
- Refactor the injection models to use the sqlmapapi, rather than subprocesses
- Use websockets to inform clients of updated SQLMap output
- Modify the front-end to use React
- Eslint all the things