SQL, Code Injection, and Scanners                                           Chapter 5

            Technical Requirements

            For this chapter, in addition to our existing Burp and Burp Proxy integration with Chrome
            (             ), we'll also be using TRMNBQ, a CLI tool for detecting SQL- and NoSQL-
            based injections. TRMNBQ can be installed using Homebrew with CSFX JOTUBMM TRMNBQ
            and is also available as a Python module installable via QJQ. TRMNBQ is a popular tool, so
            there should be an installation path for you whatever your system.

            We'll also be using Arachni as our go-to scanner. Though noisy, scanners can be
            indispensable for the appropriate situation, and are great at flushing out otherwise hard-to-
            detect bugs. Arachni is an excellent choice because it's open source, multi-threaded,
            extensible via plugins, and has a great CLI that allows it to be worked into other automated
            workflows. Arachni is easy to install; you can install it as a gem (HFN JOTUBMM BSBDIOJ)
            or you can simply download the official packages straight from the installation site.
                         Please install Arachni from the site's Download page at IUUQ   XXX
                         BSBDIOJ TDBOOFS DPN EPXOMPBE  .BD 049




            After you've installed it, if you've downloaded the packages for the appropriate system,
            you'll want to move them to wherever is appropriate within your system.
            Then you can create a symlink (symbolic link) so that all the BSBDIOJ CLI packages will be
            available within your path (fill in the correct path to your BSBDIOJ installation):
                sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/arachni* /usr/local/bin

            You might find that, after you symlink your BSBDIOJ executables to your path, you receive
            the following error:
                /usr/local/bin/arachni: line 3: /usr/local/bin/readlink_f.sh: No such file
                or directory
                /usr/local/bin/arachni: line 4: readlink_f: command not found
                /usr/local/bin/arachni: line 4: ./../system/setenv: No such file or
                directory
            If you receive this error, simply symlink, copy, or move the SFBEMJOL@G TI script from
            your BSBDIOJ installation's CJO directory to your own path. In this case, we'll symlink it:

                sudo ln -s /Path/to/arachni-1.5.1-0.5.12/bin/readlink_f.sh
                /usr/local/bin/readline_f.sh





                                                    [ 74 ]