Jeeves is made for looking to Time-Based Blind SQLInjection through recon.

– Installation & Requirements:

> go install[email protected]


> git clone

> cd Jeeves

> go build jeeves.go

> chmod +x jeeves

> ./jeeves -h

– Usage & Explanation:

  • In Your recon process, you may find endpoints that can be vulnerable to sql injection,

    Jeeves reads from stdin:

    echo '' | jeeves --payload-time time_payload

    In –payload-time you must use the time mentioned in payload.

    You can use a file containing a list of targets as well:

    cat targets | jeeves --payload-time 5

  • You are able to use of Jeeves with other tools, such as gau, gauplus, waybackurls, qsreplace and bhedak, mastering his strenght

    • Another examples of usage:

       --payload-time,      The time from payload
       --proxy              Send traffic to a proxy
       -H, --headers        Custom Headers
       -h                   Show This Help Message

    Ex 1 – echo "" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5

    Ex 2 – echo "" | qsreplace "(select(0)from(select(sleep(10)))v)" | jeeves --payload-time 10

    Ex 3 – echo "" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy ""

    Ex 4 – echo "" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy "" -H "User-Agent: xxxx"

    You can specify more than one header, OBS: Be careful, the syntax must be exact the same, Ex:

    Ex 5 – echo "" | qsreplace "(select(0)from(select(sleep(5)))v)" | jeeves --payload-time 5 --proxy -H "Testing: testing;OtherHeader: Value;Other2: Value"


    Using with sql payloads wordlist cat sql_wordlist.txt | while read payload;do echo | qsreplace $payload | jeeves --payload-time 5;done

This project is for educational and bug bounty porposes only! I do not support any illegal activities!.

If any error in the program, talk to me immediatly.


View Github