|
1 | 1 | # SecWordVault |
2 | | -SecWordVault is a specialized repository with wordlists for testing SQL injection vulnerabilities related to parameters and integers. |
3 | 2 |
|
| 3 | +SecWordVault is a specialized repository featuring wordlists designed for testing SQL injection vulnerabilities related to parameters and integers. |
4 | 4 |
|
5 | | -Tutorial: Running SQL Injection Vulnerability Tests with SecWordVault and Gobuster |
| 5 | +#### Tutorial: Running SQL Injection Vulnerability Tests with SecWordVault and Gobuster |
6 | 6 |
|
7 | | -1. Requirements: |
| 7 | +1. **Requirements:** |
8 | 8 |
|
9 | | -Gobuster installed on your system. If not installed, download it from Gobuster GitHub repository. |
10 | | -Python installed on your system. If not installed, download it from Python.org. |
11 | | -SecWordVault repository cloned or downloaded to your local machine. Ensure you have the necessary wordlists specific to SQL injection parameters and integers. |
12 | | -2. Setting Up: |
| 9 | + - Gobuster installed on your system. If not installed, download it from [Gobuster GitHub repository](https://github.com/OJ/gobuster). |
| 10 | + - SecWordVault repository cloned or downloaded to your local machine. Ensure you have the necessary wordlists specific to SQL injection parameters and integers. |
13 | 11 |
|
14 | | -Clone or download the SecWordVault repository from SecWordVault GitHub repository. |
15 | | -Extract the downloaded files to a convenient location on your machine. |
16 | | -3. Running Gobuster with SecWordVault: |
| 12 | +2. **Setting Up:** |
17 | 13 |
|
18 | | -Open your terminal or command prompt. |
| 14 | + - Clone or download the SecWordVault repository from [SecWordVault GitHub repository](https://github.com/your-username/SecWordVault). |
19 | 15 |
|
20 | | -Navigate to the directory where Gobuster is installed or extracted. |
| 16 | + **Clone Using HTTPS (recommended):** |
| 17 | + ```bash |
| 18 | + git clone https://github.com/your-username/SecWordVault.git |
| 19 | + ``` |
21 | 20 |
|
22 | | -Use the following command structure to run Gobuster with SecWordVault wordlists: |
| 21 | + **Clone Using SSH (if SSH keys are set up):** |
| 22 | + ```bash |
| 23 | + git clone [email protected]:your-username/SecWordVault.git |
| 24 | + ``` |
23 | 25 |
|
24 | | -bash |
25 | | -Copy code |
26 | | -gobuster sql -u <TARGET_URL> -w <PATH_TO_WORDLIST> |
27 | | -Replace <TARGET_URL> with the URL of the target website or application where you want to test for SQL injection vulnerabilities. |
| 26 | + **Download ZIP:** |
| 27 | + - Download and extract the ZIP archive from [SecWordVault GitHub page](https://github.com/your-username/SecWordVault/archive/refs/heads/main.zip). |
28 | 28 |
|
29 | | -Replace <PATH_TO_WORDLIST> with the path to the specific SQL injection wordlist from SecWordVault included in your cloned repository. For example: |
| 29 | +3. **Running Gobuster with SecWordVault:** |
30 | 30 |
|
31 | | -bash |
32 | | -Copy code |
33 | | -gobuster sql -u http://example.com -w /path/to/secwordvault/sql_injection_wordlist.txt |
34 | | -4. Analyzing Results: |
| 31 | + - Open your terminal or command prompt. |
| 32 | + - Navigate to the directory where Gobuster is installed or extracted. |
| 33 | + - Use the following command structure to run Gobuster with SecWordVault wordlists: |
35 | 34 |
|
36 | | -Gobuster will begin scanning the specified URL with each payload from the SQL injection wordlist. |
37 | | -Monitor the terminal for any indications of successful injections or vulnerabilities detected. |
38 | | -Note down any URLs or parameters that return abnormal responses, as these may indicate potential vulnerabilities. |
| 35 | + ```bash |
| 36 | + gobuster sql -u <TARGET_URL> -w <PATH_TO_WORDLIST> |
| 37 | + ``` |
| 38 | + |
| 39 | + Replace `<TARGET_URL>` with the URL of the target website or application where you want to test for SQL injection vulnerabilities. |
| 40 | + |
| 41 | + Replace `<PATH_TO_WORDLIST>` with the path to the specific SQL injection wordlist from SecWordVault included in your cloned repository. For example: |
| 42 | + |
| 43 | + ```bash |
| 44 | + gobuster sql -u http://example.com -w /path/to/secwordvault/sql_injection_wordlist.txt |
| 45 | + ``` |
| 46 | + |
| 47 | +4. **Analyzing Results:** |
| 48 | + |
| 49 | + - Gobuster will begin scanning the specified URL with each payload from the SQL injection wordlist. |
| 50 | + - Monitor the terminal for any indications of successful injections or vulnerabilities detected. |
| 51 | + - Note down any URLs or parameters that return abnormal responses, as these may indicate potential vulnerabilities. |
| 52 | + |
| 53 | +#### Contributing |
| 54 | + |
| 55 | +Feel free to contribute new wordlists or improvements to existing ones by forking this repository, making your changes, and submitting a pull request. |
| 56 | + |
| 57 | +#### License |
| 58 | + |
| 59 | +This project is licensed under the [MIT License](LICENSE). |
0 commit comments