reversemap: Analyse SQL injection attempts in web server logs

by do son · September 30, 2017

reversemap

Analyse SQL injection attempts in web server logs

The program can either be run in batch mode or interactive mode. In batch mode, the program will accept Apache web server logs and will deobfuscate requested URLs from the logs. In interactive mode, the program will prompt for user input and will print the deobfuscated results.

The program can deobfuscate the following obfuscation techniques:

SQL CHAR encoding
SQL CAST encoding
Case encoding of SQL keywords
Substring(Experimental – Disabled by default as it will fail with nested queries)

Download

git clone https://github.com/z00nx/reversemap.git

Use

python reversemap.py -h
usage: reversemap.py [-h] [-f FILE] [-o OUTPUT] [-i] [-e]

Analyse SQL injection attempts in web server logs

optional arguments:
-h, –help show this help message and exit
-f FILE, –file FILE Input file to process
-o OUTPUT, –output OUTPUT
Output file to write to
-i, –interactive Run interactively
-e, –experimental Enable experimental deobfuscation
techniques(Substring)