Sign in or Sign up

SQLiv - Massive SQL Injection Vulnerability Scanner
Started by D1G174L


Rate this topic
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5


2 posts in this topic
[NS]D1G174L Offline
Pentester
***


NulledSystems
Posts: 95
Threads: 19
Joined: Fri Mar 2017
Reputation: 8

CZPoints: 14 CZP
ContributorDiamondBomb ContentDonator
10-30-2017, 06:08 PM -
#1
[Image: sqliv_2_1.png]

Massive SQL injection vulnerability scanner.


Features
  1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
  2. targetted scanning by providing specific domain (with crawling)
  3. reverse domain scanning
both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls

quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom


Installation

  1. git clone  https://github.com/Hadesy2k/sqlivulscan.git
  2. sudo python2 setup.py -i
Dependencies
  • bs4
  • termcolor
  • google
Pre-installed Systems
  • BlackArch Linux

Quick Tutorial

[b]1. Multiple domain scanning with SQLi dork
[/b]
  • it simply search multiple websites from given dork and scan the results one by one
Code:
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
python sqliv.py -d "inurl:index.php?id=" -e google  



2. Targetted scanning
  • can provide only domain name or specific url with query params
  • if only domain name is provided, it will crawl and get urls with query
  • then scan the urls one by one
python sqliv.py -t <URL>  
python sqliv.py -t http://www.example.com  
python sqliv.py -t http://www.example.com/index.php?id=1  



 Reverse domain and scanning
  • do reverse domain and look for websites that hosted on same server as target url
Code:
python sqliv.py -t <URL> -r


View help

Code:
python sqliv.py --help

usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]

optional arguments:
 -h, --help  show this help message and exit
 -d D        SQL injection dork
 -e E        search engine [Google only for now]
 -p P        number of websites to look for in search engine
 -t T        scan target website
 -r          reverse domain


Screen Shots 

[Image: sqliv_3_2.png]
[Image: sqliv_4_3.png]


Corruption Offline
Administrator
*******


Administrators
Posts: 291
Threads: 67
Joined: Fri Mar 2017

CZPoints: 119 CZP
10-30-2017, 06:12 PM -
#2
Awesome tutorial <3

Sparkles do look very nice on you.
[NS]D1G174L Offline
Pentester
***


NulledSystems
Posts: 95
Threads: 19
Joined: Fri Mar 2017
Reputation: 8

CZPoints: 14 CZP
ContributorDiamondBomb ContentDonator
10-30-2017, 06:12 PM -
#3
(10-30-2017, 06:12 PM)Corruption Wrote: Awesome tutorial <3

Sparkles do look very nice on you.

Lmao thanks






Users browsing this thread: 1 Guest(s)