PySQLRecon: Offensive MSSQL toolkit written in Python
All of the main modules from SQLRecon have equivalent commands. Commands noted with [PRIV] require elevated privileges or sysadmin rights to run. Alternatively, commands marked with [NORM] can likely be run by normal users and do not require elevated privileges.
Support for impersonation ([I]) or execution on linked servers ([L]) are denoted at the end of the command description.
git clone https://github.com/tw1sm/pysqlrecon
poetry run pysqlrecon –help
PySQLRecon has global options (available to any command), with some commands introducing additional flags. All global options must be specified before the command name:
View global options:
View command-specific options:
Change the database authenticated to, or used in certain PySQLRecon commands (query, tables, columns rows), with the –database flag.
Target execution of a PySQLRecon command on a linked server (instead of the SQL server being authenticated to) using the –link flag.
Impersonate a user account while running a PySQLRecon command with the –impersonate flag.
–link and –impersonate and incompatible.