A command-line tool for extracting database names through blind SQL injection. Built for educational purposes and authorized penetration testing only
dbpeek automates the process of blind SQL injection by sending crafted payloads to a target URL and inferring the database name character by character based on the application's response.
- Python 3
- requests library
pip3 install requests
python3 dbpeek.py -u <url> -p <param> -s <keyword> -l <length>
| Flag | Description | Example |
|---|---|---|
-u |
Target URL | http://site.com/login |
-p |
Vulnerable parameter name | username |
-s |
Success keyword in the response | Welcome |
-l |
Max character length to extract (default: 20) | 15 |
-h |
Show help menu |
Example
python3 dbpeek.py -u http://site.com/search -p search -s Welcome -l 15
Finding the parameter
Open your browser's DevTools, go to the Network tab, submit the form, and look at the request body. If you see something like search=airpodspro, then search is your parameter.
For each character position, the tool iterates through a predefined alphabet and sends a payload like:
' OR (SUBSTR(DATABASE(),1,1))='a'-- If the success keyword appears in the response, the character is confirmed and the tool moves to the next position. This continues until no match is found or the max length is reached.
This tool is intended for use on systems you own or have explicit written permission to test. Unauthorized use against any system is illegal and unethical.
gsy — v1.1