Xpath Automated Sqli tool By r0ot h3x49

Xpath is a python open source Sql injector that automates the process of detecting xpath injection security flaws. At the moment, DBMS supported by Xpath is mysql. Please note that this project is an early state. As such, you might find bugs, flaws or mulfunctions. Use it at your own risk!, keep all files in the same (folder/dir).

Usage:

xpath tool v1.0 - Automated Xpath Sql Injection
Author: Nasir khan (r0ot h3x49)
Usage: xpath.py -u  [options]
  Options:
    --version            show program's version number and exit
    -h, --help           show this help message and exit
  Target:
    At least one of these options has to be provided to define the
    target(s)
    -u URL, --url=URL  Target URL 
  Request:
    These options can be used to specify how to connect to the target URL
    --data=DATA        Data string to be sent through POST
  Enumeration:
    These options can be used to enumerate the back-end database
    managment system information, structure and data contained in the
    tables.
    -b, --banner       Retrieve DBMS banner
    --current-user     Retrieve DBMS current user
    --current-db       Retrieve DBMS current database
    --hostname         Retrieve DBMS server hostname
    --dbs              Enumerate DBMS databases
    --tables           Enumerate DBMS database tables
    --columns          Enumerate DBMS database table columns
    --dump             Dump DBMS database table entries
    -D DB              DBMS database to enumerate
    -T TBL             DBMS database tables(s) to enumerate
    -C COL             DBMS database table column(s) to enumerate
  Example:
    xpath.py -u http://www.test.com/index.php?id=1 --dbs
    xpath.py -u http://www.test.com/ --data "index.php?id=1" --dbs 

[Download Xpath Automated SQL Injection]

Sumber:anonpakforce.blogspot.com