Tuesday, 10 October 2017
4 comments

SQLiv Massive SQL Injection Vulnerability Scanner

(SQLiv) Massive SQL Injection Vulnerability Scanner

(SQLiv) Massive SQL Injection Vulnerability Scanner


Features

  • Multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
  • Targetted scanning by providing specific domain (with crawling)
  • Reverse domain scanning

Installation

  • git clone https://github.com/Hadesy2k/sqlivulscan.git
  • sudo python2 setup.py -i

Dependencies

  • bs4
  • termcolor
  • google

Pre-installed Systems


Quick Tutorial

1. Multiple domain scanning with SQLi dork

It simply search multiple websites from given dork and scan the results one by one

  • python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
  • python sqliv.py -d "inurl:index.php?id=" -e google  

2. Targetted scanning

  • can provide only domain name or specifc url with query params
  • if only domain name is provided, it will crawl and get urls with query
  • then scan the urls one by one

python sqliv.py -t <URL>  
python sqliv.py -t www.example.com  
python sqliv.py -t www.example.com/index.php?id=1 

3. Reverse domain and scanning

do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r

View help

python sqliv.py --help

usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]

optional arguments:
  -h, --help  show this help message and exit
  -d D        SQL injection dork
  -e E        search engine [Google only for now]
  -p P        number of websites to look for in search engine
  -t T        scan target website
  -r          reverse domain

Screenshots



Contribution
Coding Format
  1. Please put a space between function/class documentation and code
  2. camelCase for functions and CamelCase for classes
  3. local variables must be with variable_with_underscore
  4. global variables must be all UPPERCASE_VARIABLE

Pull Request
  1. alpha branch is to test new features and functions
  2. always send the pull request to alpha

TODO
  1. Duckduckgo search engine
  2. POST form SQLi vulnerability testing

4 comments:

  1. nice tutorial!!! Tutorial pattern is almost same like me

    ReplyDelete

  2. Confront your cheating spouse with evidence, I was able to spy on my cheating ex phone without finding out.....it really helped me.. contact hotcyberlord at gmail dot com or call and text +1 5402277725 for spying and hacking social networks, school servers, icloud and much more, viber chats hack,retrieving deleted texts of any kind. Facebook messages and yahoo messenger, calls log and spy call recording, monitoring SMS text messages remotely, cell phone GPS location tracking, spy on Whats app Messages.
    Email: hotcyberlord at gmail dot com
    text num:+15402277725
    what's app:+254797118868
    tell him jane referred you.

    ReplyDelete

 
Toggle Footer
Top