QueryArmor v1.0.1
QueryArmor is an advanced tool for detecting malicious queries and testing payloads. It's designed for both pentesters and developers, featuring exploit mode for comprehensive testing and test mode for validating implementations.
QueryArmor Demo
Key Features
- Exploit Mode: Comprehensive testing for security professionals and pentesters.
- Test Mode: Analyze individual queries or files for potential XSS and SQL Injection vulnerabilities.
- Malicious Query Detection: Advanced algorithms to identify potential SQL injections and XSS attacks.
- Payload Testing: Robust system for testing various attack payloads.
Download and Installation
Download QueryArmor v1.0.1
Installation Steps:
- Extract the contents of the ZIP file to a location of your choice.
- Open a terminal/command prompt and navigate to the extracted QueryArmor-Project directory.
- Create a virtual environment (recommended):
python -m venv queryarmor_env
- Activate the virtual environment:
- Install the required dependencies:
pip install -r QueryArmor/requirements.txt
- Navigate to the src directory:
cd QueryArmor/src
- Run QueryArmor:
python3 queryarmor_cli.py
Usage
After launching QueryArmor, you can choose between:
- Exploit Mode: For comprehensive security testing. Use 'mode exploit' to enter this mode.
- Test Mode: For developers to analyze queries for vulnerabilities. Use 'mode test' to enter this mode.
- Quick Test: Use 'sqli <query>' or 'xss <query>' for quick single query testing.
Exploit Mode
Exploit Mode allows security professionals to test endpoints with various payloads:
- Set target endpoint using 'set_endpoint <url>'
- Choose HTTP method (GET/POST) using 'set_method <GET/POST>'
- Set delay between requests using 'set_delay <seconds>'
- Start testing with the 'test' command
Test Mode
Test Mode provides developers with a safe environment to analyze their queries for potential vulnerabilities:
- Automatically checks for both XSS and SQL Injection vulnerabilities.
- Provides detailed analysis of each query, including risk assessment and suggestions for improvement.
- Allows for analyzing individual queries or multiple queries from a file.
- Offers a user-friendly interface for quick and efficient query testing.
Test Mode Commands:
analyze <query>
: Analyze a single query for XSS and SQL Injection vulnerabilities.
analyze_file <filename>
: Analyze multiple queries from a file.
Advanced Customization
QueryArmor offers powerful customization options for advanced users:
- Custom Payloads: Add your own payloads to the respective .txt files for more comprehensive testing.
- Model Retraining: Run
process_payloads.py
for SQLi or process_xss_payloads.py
for XSS to incorporate new payloads.
- Enhanced Analysis: Retrain models by running
sql_injection_detector.py
or xss_detector.py
for improved detection capabilities.
- Model Tuning: Adjust model parameters based on your specific needs or expertise for even more accurate results.
Additional Notes
- Ensure you have Python 3.6 or higher installed on your system.
- Use
python3
instead of python
when running commands.
- In Exploit Mode, set the endpoint, method, and delay before testing.
- In Test Mode, you can analyze queries without setting an endpoint.
- For any issues or feature requests, please visit our GitHub repository.
Contact Information
For inquiries or support, please contact:
Disclaimer and License Notice
Disclaimer
QueryArmor is a tool intended for authorized use only. Using QueryArmor without explicit permission from the target system's owner is illegal and may result in severe legal consequences. Users must comply with all applicable local, state, and federal laws and regulations.
We disclaim any liability for:
- Misuse or damage caused by this program
- Unauthorized access or hacking attempts
- Any consequences resulting from the use of this tool
License
QueryArmor is licensed under the MIT License.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.