SQLReInjector – A tool for automated identification of exfiltrated data

SQLReInjector.py is designed as a tool to be used in responses to SQL injection attacks.  At a high level, the tool is designed to operate against two components: (1) a virtual machine built off of a forensic image of a compromised server; and (2) the web server logs extracted from that forensic image.

Basic Usage:
Output is stored in a sqlite database that you can then analyze.
After virtualizing the forensic image and extracting the web server logs, SQLReInjector.py can be run with the following command line options:
-i –inLog : The web server log containing the SQL injection requests.
-d–dbFile : A sqlite database file the script will use to store its OUTPUT.
-w–website : The URL to the virtualized forensic image.
-l–logFormat : The LogFormat string from the web server’s configuration file.Advanced Usage:
SQLReInjector can take the following command line arguments:
-j–havijParser Pass to have SQLReInjector reconstruct the database table as exfiltrated by Havij.
-c–compareToGood :Pass to have SQL ReInjector compare the results of SQL injection requests       against a known good.
-k–knownGood: The local HTML copy of a known good version of the attacked site to use for diffs.
-e–cookie : If the webapp requires a session cookie, you can pass one to SQL ReInjector.
The -c and -k flags have to be passed together. The -k flag should point to a local HTML copy of the website that hasn’t been affected by an attack.

Download version :
strozfriedberg-SQLReInjector.zip (1.173 KB) https://github.com/strozfriedberg/SQLReInjector/zipball/master
strozfriedberg-SQLReInjector.tar (1.173 KB) https://github.com/strozfriedberg/SQLReInjector/tarball/master
Read more in here https://github.com/strozfriedberg/SQLReInjector