DeepSQLi is a deep natural language processing based tool. This repository includes the test cases generate module and other dependencies required for reproduce the experiment.
These instructions will get you a copy of the project up and running on your local machine for development and testing purposes.
(1) Each application is distributed as a WAR file in /SUT/*.war;
(2) Application's database is in WAR files. You can use the DB initialization script after loading SUT.
(2) /SUT/Instrument is used to output SQL statements in the SUT. Its specific execution steps are in /SUT/Instrument/README.md.
DeepSQLi uses a crawler to automatically parse the Web links of the SUT. We use Burp Suite (Professional Version) in the experiment.
(1) Download Burp Suite Pro from the official website;
(2) We first need to set the log path such as \Demo\demo.log in order to use the log file obtained by the crawler in the next step;
(3) Keep the browser agent consistent with the Burp Suite and start scanning the SUT.
In order to ensure the accuracy. DeepSQLi uses a powerful tool SQL Parser to determine whether or not a SQL statement is malicious.
(1) Download SQL Parser from the official website;
(2) Package it and record the path such as \Demo\demo.jar.
python main.py -t <targetDomain> -l <logPath> -i <jarPath>\localhost/empldir
\/demo/demo.log
\/demo/demo.jar