SQLiv SQL Injection
SQLiv SQL Injection
HackHackerskali linuxweb hacking

SQLiv SQL Injection

26th July 2020
0 78 2 minutes read

SQLiv Massive SQL injection scanner Features SQ Liv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted, multiple-domain or reverse …

Contents hide
1 Quick Tutorial
2 screenshots
3 Development

The tool is called SQ Liv (SQL injection Vulnerability Scanner). STEP 1 : INSTALL SQ Liv on KALI LINUX. Type commands below into your terminal to install SQLiv:.

  1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
  2. targetted scanning by providing specific domain (with crawling)
  3. reverse domain scanning

both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls

quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom

Installation

  1. git clone github .com/the-robot/sqliv.git
  2. sudo python2 setup.py -i

Dependencies

  • bs4
  • termcolor
  • google
  • nyawc

Pre-installed Systems

  • BlackArch Linux 

    Quick Tutorial

    1. Multiple domain scanning with SQLi dork

    • it simply search multiple websites from given dork and scan the results one by one
    python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
python sqliv.py -d "inurl:index.php?id=" -e google

    2. Targetted scanning

    • can provide only domain name or specifc url with query params
    • if only domain name is provided, it will crawl and get urls with query
    • then scan the urls one by one
    python sqliv.py -t <URL>  
python sqliv.py -t www.example .com  
python sqliv.py -t www.example .com/index.php?id=1

    3. Reverse domain and scanning

    • do reverse domain and look for websites that hosted on same server as target url
    python sqliv.py -t <URL> -r

    4. Dumping scanned result

    • you can dump the scanned results as json by giving this argument
    python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> -o result.json

    View help

    python sqliv.py --help

usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]

optional arguments:
  -h, --help  show this help message and exit
  -d D        SQL injection dork
  -e E        search engine [Google only for now]
  -p P        number of websites to look for in search engine
  -t T        scan target website
  -r          reverse domain

    screenshots

    SQLiv SQL Injection
    SQL Injection

    Development

    TODO

    1. POST form SQLi vulnerability testing

    SQLmap Tutorial Introduction Kali Linux – Mac

    Before we are doing the injection consult, of course we must ensure that the server or target has a database security hole. To find database security holes, there are several methods we can use. Among them, Google dorking, is used mostly by hacker and penetration testers. Luckily there is a tool that is able to do that automatically. But we have to install its tool first. The tool is called SQLiv (SQL injection Vulnerability Scanner).

    Install:

    git clone github .com/the-robot/sqliv.git

    Then run:

    sudo python2 setup.py -i

    Resolve some dependencies:

    python sqliv.py -d -e python sqliv.py -d “inurl:index.php?id=” -e google

    Finding SQL Injection Vulnerabilities:

    python sqliv.py -t python sqliv.py -t www. example .com python sqliv.py -t www. example .com/index.php?id=1

    Quick reference:

    python sqliv.py -t -r

    Reverse domain and scanning:

    – Do reverse domain and look for websites that hosted on same server as target url

26th July 2020
0 78 2 minutes read

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button