General
Most tabs in the tool apply on the target you set in the address bar, other tabs like Brute force and Encoding do not require any target.
Inject the target to get databases, tables, columns and rows.
- Process starts by validating the target and loading the tree on left, then you select the database and the table, and finally check the columns and Right click + Load on the table to load the rows
- The rows load to a tab on the right and can be sorted, searched and exported
You can also choose the engine and strategy manually in the address bar, or let the identification to 💉jSQL.
Scan the target to find existing admin pages using the list on the left.
Page loads in a tab on the right when a successful HTTP response is detected.
Database engine can read the filesystem on the target when enough rights is granted to current user, in that case a file can be read via injection.
First inject the target, then choose a file path on the left and click Read, the file opens in a tab on the right when it exists and can be read.
Remote server can be exposed to several issues allowing to write payloads and to interact in a terminal or to upload a file.
Select the exploit type on the left and click Create to start interacting with the system, more details on the page Exploit.
Text hashing is a one way process but the original text can be found over all permutations with enough compute.
Choose options hash type and chars range to define the source text to find, then the original text shows when any computed hash matches.
Text encoding and decoding is trivial, though often needed during target analysis and CTF.
Set text on the top and select method encode or decode, the result displays on the bottom.
A list of targets can be conveniently checked in a raw for injection.
Add targets to the left and start identification, each target is tagged with strategies identified.