Refactor

.gitignore

@@ -55,7 +55,7 @@ coverage.xml
 # Django stuff:
 *.log
 local_settings.py
-db.sqlite3
+./db.sqlite3
 
 # Flask stuff:
 instance/
@@ -103,3 +103,7 @@ venv.bak/
 
 # mypy
 .mypy_cache/
+!media/**/init.txt
+**/migrations/**
+!**/migrations
+!**/migrations/__init__.py

Procfile

@@ -0,0 +1 @@
+web: gunicorn projectwork.wsgi

README.md

@@ -1,25 +1,17 @@
 # SQLDex
-SQLDex is a nice tools that help you detect **SQL injection** in your Websites, it automate the process of scanning for **SQLi** vulnerability in a websites. 
-The tool, as some features like Parameter ID, Form Parameter, HTTP header and Cross site scriping (XSS). when supplied the necessary parameters it scan and printed out some Suggested Remediation, this tools is a web based which can be hosted locally or on a cloud server
-
-
-# Screnshots
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/home.JPG)
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/sql-vuln.JPG)
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/sql-notvuln.JPG)
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/form-vuln.JPG)
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/form-notvuln.JPG)
-![sqldex](https://github.com/abdulgaphy/sql-dex/blob/master/screenshots/httphead.JPG)
 
+SQLDex is a nice tools that help you detect **SQL injection** in your Websites, it automate the process of scanning for **SQLi** vulnerability in a websites.
+The tool, as some features like Parameter ID, Form Parameter, HTTP header and Cross site scriping (XSS). when supplied the necessary parameters it scan and printed out some Suggested Remediation, this tools is a web based which can be hosted locally or on a cloud server
 
 # Installation
 
-- $ git clone
-- $ cd sql-dex
-- $ pip install -r requirements.txt or pip3 install -r requirements.txt
+- \$ git clone
+- \$ cd sql-dex
+- \$ pip install -r requirements.txt or pip3 install -r requirements.txt
 
 # Contributions
-This project is open Bug reports and pull requests are welcome on GitHub at
+Contributions are always welcome! Please read the <a href='https://github.com/silvareal/sql-dex/blob/master/docs/CONTRIBUTING.md'>Contribution guidelines for this project</a>.
 
 # Thanks
+
 Special thanks to [Moses Ayomide Aleji](https://github.com/mosesayo) for his great contributions to the success of the project

dbdex/admin.py

@@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.

dbdex/apps.py

@@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class DbdexConfig(AppConfig):
+    name = 'dbdex'

projectwork/forms.py → dbdex/forms.py

@@ -1,10 +1,14 @@
 from django import forms
+from . validation import validate_dot_com, validate_url
 
 class urlForm(forms.Form):
-    url = forms.URLField(widget =forms.TextInput(
+    url = forms.URLField(label='',
+                    validators=[validate_url, validate_dot_com],
+                    widget =forms.TextInput(
                     attrs ={
                     "class":"form-control mr-sm-2 ",
-                    "placeholder":"Enter URL"
+                    "placeholder":"Enter URL",
+                    "autocomplete": "off",
                 }
                 )
             )

dbdex/models.py

@@ -0,0 +1,3 @@
+from django.db import models
+
+# Create your models here.

dbdex/templates/dbdex/base.html

@@ -0,0 +1,74 @@
+{% load static %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <meta http-equiv="X-UA-Compatible" content="ie=edge">
+    <meta property="og:title" content="Test for Sql Vulnarability">
+    <meta property="og:description" content="Test your website for Sql Vulnarability'>'
+    <meta property="og:image" content="{% static 'img/xss.png' %}">
+    <meta property="og:url" content="https://sqldex.herokuapp.com/">
+    <meta name="twitter:card" content="summary">
+    <meta property="og:site_name" content="sqldex">
+    <meta name="twitter:image:alt" content="Alt text for image">
+
+    <title>{% block title %}{% endblock title %} || SQL-DEX</title>
+    <!-- Bootstrap link -->
+    <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">    
+
+    <!-- Google font link -->
+    <link href="https://fonts.googleapis.com/css?family=Arvo" rel="stylesheet">
+
+    <!-- Fa icon link -->
+    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.1/css/all.css" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
+
+    <!-- local css -->
+    <link rel="stylesheet" href="{% static 'css' %}" >
+    <link rel="stylesheet" href="{% static 'css/new-index.css' %}" >
+</head>
+
+<body>
+    {% include 'dbdex/nav/header.html' %}
+
+    {% include 'dbdex/nav/validation_header.html' %}
+    {% block content %}
+      <main class='container'>
+      </main>
+    {% endblock content %}
+
+
+  <!-- FOOTER section -->
+  <footer id="myFooter">
+      <div class="container">
+            <div class="main-footer">
+                <div class="social-networks">
+                    <a href="https://github.com/abdulgaphy/sql-dex" class="google"><i class="fa fa-github"></i></a>
+                </div>
+                <a href='https://github.com/abdulgaphy/sql-dex/pulls'><button type="button" class="btn btn-primary">Contribute</button></a>
+            </div>
+      </div>
+      <div class="footer-copyright" >
+          <p>All rights reserved © <script type="text/javascript">document.write("2018 - "+ new Date().getFullYear());</script></p>
+      </div>
+  </footer>
+
+
+  <script src="https://code.jquery.com/jquery-3.3.1.slim.min.js" integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"></script>
+  <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
+  <script src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
+    <script>
+        // Add active class to the current button (highlight it)
+        var header = document.getElementById("tabbar");
+        var btns = header.getElementsByClassName("tablink");
+        for (var i = 0; i < btns.length; i++) {
+            btns[i].addEventListener("click", function() {
+                var current = document.getElementsByClassName("active");
+                current[0].className = current[0].className.replace(" active", "");
+                this.className += " active";
+            });
+        }
+    </script>
+</body>
+</html>

dbdex/templates/dbdex/documentation.html

@@ -0,0 +1,72 @@
+{% extends 'dbdex/base.html' %}
+{% load static %}
+
+{% block title %}Documentation{% endblock title %}
+
+{% block content %}
+
+    <section class="documentation">
+
+            <h2>Documentation</h2>
+            <div class="container">
+                <div style='padding-bottom: 20px;'>
+                    <p class='shift'><b>SQL Injection</b> is one of the most dangerous vulnerabilities a web application can be 
+                    prone to. When a user’s input is being passed unvalidated and unsanitzed as part of an 
+                    SQL query that means that the user can manipulate the query itself and force it to return 
+                    different data than what it was supposed to return.  we will see how and why this is so 
+                    dangerous.
+                    </p>
+
+                    <p class='shift'>
+                        Suppose that we have a web application which takes the parameter 
+                        “article” via <code>$_GET</code> request and queries the database to get an article’s content. 
+                        <i style='color: blue;'>http://website.com/show.php?article=1</i> The underlying PHP code is the following: // 
+                        The ”article” parameter is assigned to $article variable without any sanitization or 
+                        validation <code>$articleid = $_GET[‘article’];</code> // The $articleid parameter is passed as part 
+                        of the query <code>$query = "SELECT * FROM articles WHERE articleid = $articleid";</code>
+                        If a user changes the article parameter to 1 AND 1=1 then the query becomes like this: 
+                        <code>$query = "SELECT * FROM articles WHERE articleid = 1 AND 1=1";</code> In this case, the content 
+                        of the page does not change because the two conditions in the SQL statement are both true. 
+                        There is an article with an id of 1, and 1 equals to 1 which is true. If a user changes 
+                        the parameter to 1 AND 1=2, it returns nothing because 1 is not equal to 2.That means 
+                        that the user is controlling the query and can adjust it accordingly to manipulate the 
+                        results.
+                    </p>
+                </div>
+                <hr>
+                <div class="container doc-type">
+                    <div class="row justify-content-center">
+                        <div class="col-md-4 marginal">
+                            <h3>SQL Injection</h3>
+                            <ul>
+                                <li>You can scan a url for SQL Injection vulnerability simply by inserting the url in the url field and clicking "Test Url</li>
+                                <li>If the url is vulnerable to SQL Injection, It will be shown in the result </li>
+                                <li>Procedures to take in protecting against this kind of attack will be suggested if the url is vulnerable to this kind of attack.</li>
+                            </ul>
+                        </div>
+
+                        <div class="col-md-4 marginal">
+                            <h3>HTTP HEADER</h3>
+                            <ul>
+                                <li>Get basic informations About HTTP protocol of any website E.g Cookies,hostname </li>
+                                <li>You can insert a website address or I.P address in the URL field and click on Get info.</li>
+                                <li>Procedures to take in protecting against this kind of attack will be suggested if the url is vulnerable to this kind of attack.</li>
+                            </ul>
+                        </div>
+
+                        <div class="col-md-4 marginal">
+                            <h3>Cross Site Scripting</h3>
+                            <ul>
+                                <li>Cross-site scripting is the unintended execution of remote code by a web 
+                                    client. Any web application might expose itself to XSS if it takes input from 
+                                    a user and outputs it directly on a web page. If input includes HTML or JavaScript,
+                                    remote code can be executed when this content is rendered by the web client.
+                                </li>
+
+                            </ul>
+                        </div>
+                    </div>
+                </div>
+            </div>
+    </section>
+{% endblock %}

dbdex/templates/dbdex/feedback.html

@@ -0,0 +1,19 @@
+{% extends 'dbdex/base.html' %}
+{% load static %}
+{% load crispy_forms_tags %}
+
+{% block title %}feedback{% endblock title %}
+
+{% block content %}
+    <!-- FEEDBACK section -->
+    <section class='container'>
+        <div class="feedback">
+            <h2 class="text-white"> FEEDBACK</h2>
+            <p>your feedback is highly valuable...</p>
+            <form method="POST" >
+                {% csrf_token %}
+                {{ form|crispy  }}
+            <input style='margin-top: 15px;' type="submit" class="btn btn-primary" value='Submit' />
+        </div>
+    </section>
+{% endblock content %}

dbdex/templates/dbdex/formparameter.html

@@ -0,0 +1,73 @@
+{% extends 'dbdex/base.html' %}
+{% load static %}
+
+{% block title %}Form Parameter{% endblock title %}
+
+{% block content %}
+  <!-- Tabbar -->
+  {% include 'dbdex/nav/tabbar.html' %}
+
+  <!-- search component -->
+
+  <section class='container-fluid main' id='parameter'>
+    <div class='container'>
+      <div class="form-enter">
+        <h2>Form Parameter</h2>
+        <p>Please enter the url to be tested in the following format: <br />
+          http://www.example.com/login.php
+        </p>
+
+    {% include 'dbdex/forms.html' %}
+    </span>
+<div id="parameter">
+      {% if notvulnerable %}
+      <p><strong>RESULT</strong></p>
+      {{link}}{{getresult}}
+
+      {% endif %}
+
+      {% if vulnerable %}
+      <span style="color:black;"><strong>RESULT: </strong></span>
+      <span style="color: red;">{{link}}</span><span style="color:red; ">{{getresult}}</span>
+      <p style="text-align: center; color: black;"><strong>Vulnerability Description</strong></p>
+      <div class="table-responsive">
+        <table class="table" style="color:black;">
+          <thead>
+            <tr>
+              <th>Issue</th>
+              <th>Description</th>
+              <th>Suggested Remediation</th>
+            </tr>
+          </thead>
+          <tbody>
+            <tr>
+              <th>Input Validation</th>
+              <td>Even though an id will always be a number, the example above is not validating user input at all.</p>
+                <p>While validating user input is not a direct solution to SQL injection, it helps us control malicious
+                  user input into the database.
+              </td>
+              <td>Before even processing the SQL query, validate user input.</p>
+                <p>In this case, we need to check that the input is a number.
+              </td>
+            </tr>
+            <tr>
+              <th>Code allows for SQL injection</th>
+              <td>The example above is accepting user input (in this case, from a GET parameter), and including it
+                directly in the SQL statement.</p>
+                <p>This allows an attacker to inject SQL into the query, therefore tricking the application into
+                  sending a malformed query to the database.
+              </td>
+              <td>Use parameterized queries when dealing with SQL queries that contains user input.<p>A parameterized
+                  query allows the database to understand which parts of the SQL query should be considered as user
+                  input, therefore solving SQL injection.</li>
+                </p>
+              </td>
+            </tr>
+          </tbody>
+        </table>
+      </div>
+      {% endif %}
+</div>
+    </div>
+  </section>
+{% endblock content %}

dbdex/templates/dbdex/forms.html

@@ -0,0 +1,13 @@
+<!-- INput Form -->
+<form action="" method="POST" class="form-inline">
+    <fieldset>
+        {% csrf_token %}
+
+        <div class="input-group">
+            {{ form.url}}
+            <div class="input-group-prepend">
+                <input class="input-group-text" type="submit" value="TEST URL">
+            </div>
+        </div>
+    </fieldset>
+</form>

dbdex/templates/dbdex/header.html

@@ -0,0 +1,38 @@
+{% extends 'dbdex/base.html' %}
+{% load static %}
+
+{% block title %}HTTP Header Test{% endblock title %}
+
+{% block content %}
+  <!-- Tabbar -->
+  {% include 'dbdex/nav/tabbar.html' %}
+
+  <!-- search component -->
+
+  <section class='container-fluid main'>
+    <div class='container'>
+      <div class="form-enter">
+      <h2>Scan the http header</h2>
+      <p>Please enter the url to be tested in the following format: <br />
+        http://www.example.com/
+      </p>
+
+      <!-- Header form -->
+      {% include 'dbdex/forms.html' %}
+    </div>
+
+    <div id="outcome">
+      {% if httpheader %}
+      <p>result :</p>
+      <ul class="list-unstyled list-group">
+        {% for key,values in head.items %}
+          <li class="list-group-item ">
+            <span class="title"> {{key}} :</span> {{values}}
+          </li>
+        {% endfor %}
+      </ul>
+      {% endif %}
+    </div>
+    </div>
+  </section>
+{% endblock content %}