(SQLiv) Massive SQL Injection Vulnerability Scanner
Features
- Multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
- Targetted scanning by providing specific domain (with crawling)
- Reverse domain scanning
Installation
- git clone https://github.com/Hadesy2k/sqlivulscan.git
- sudo python2 setup.py -i
Dependencies
- bs4
- termcolor
Pre-installed Systems
Quick Tutorial
1. Multiple domain scanning with SQLi dorkIt simply search multiple websites from given dork and scan the results one by one
- python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>
- python sqliv.py -d "inurl:index.php?id=" -e google
2. Targetted scanning
- can provide only domain name or specifc url with query params
- if only domain name is provided, it will crawl and get urls with query
- then scan the urls one by one
python sqliv.py -t <URL>
python sqliv.py -t www.example.com python sqliv.py -t www.example.com/index.php?id=1
3. Reverse domain and scanning
do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r
View help
python sqliv.py --help
usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]
optional arguments:
-h, --help show this help message and exit
-d D SQL injection dork
-e E search engine [Google only for now]
-p P number of websites to look for in search engine
-t T scan target website
-r reverse domain
Screenshots
Contribution
Coding Format
- Please put a space between function/class documentation and code
- camelCase for functions and CamelCase for classes
- local variables must be with variable_with_underscore
- global variables must be all UPPERCASE_VARIABLE
Pull Request
- alpha branch is to test new features and functions
- always send the pull request to alpha
TODO
- Duckduckgo search engine
- POST form SQLi vulnerability testing