
SQLiv Massive SQL injection scanner Features SQ Liv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted, multiple-domain or reverse …
The tool is called SQ Liv (SQL injection Vulnerability Scanner). STEP 1 : INSTALL SQ Liv on KALI LINUX. Type commands below into your terminal to install SQLiv:.
- multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
- targetted scanning by providing specific domain (with crawling)
- reverse domain scanning
both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls
quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom
Installation
- git clone github .com/the-robot/sqliv.git
- sudo python2 setup.py -i
Dependencies
- bs4
- termcolor
- nyawc
Pre-installed Systems
- BlackArch Linux
Quick Tutorial
1. Multiple domain scanning with SQLi dork
- it simply search multiple websites from given dork and scan the results one by one
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> python sqliv.py -d "inurl:index.php?id=" -e google
2. Targetted scanning
- can provide only domain name or specifc url with query params
- if only domain name is provided, it will crawl and get urls with query
- then scan the urls one by one
python sqliv.py -t <URL> python sqliv.py -t www.example .com python sqliv.py -t www.example .com/index.php?id=1
3. Reverse domain and scanning
- do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r
4. Dumping scanned result
- you can dump the scanned results as json by giving this argument
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> -o result.json
View help
python sqliv.py --help usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r] optional arguments: -h, --help show this help message and exit -d D SQL injection dork -e E search engine [Google only for now] -p P number of websites to look for in search engine -t T scan target website -r reverse domain
screenshots
SQL Injection
Development
TODO
- POST form SQLi vulnerability testing
SQLmap Tutorial Introduction Kali Linux – Mac
Before we are doing the injection consult, of course we must ensure that the server or target has a database security hole. To find database security holes, there are several methods we can use. Among them, Google dorking, is used mostly by hacker and penetration testers. Luckily there is a tool that is able to do that automatically. But we have to install its tool first. The tool is called SQLiv (SQL injection Vulnerability Scanner).
Install:
git clone github .com/the-robot/sqliv.gitThen run:
sudo python2 setup.py -iResolve some dependencies:
python sqliv.py -d-e python sqliv.py -d “inurl:index.php?id=” -e google Finding SQL Injection Vulnerabilities:
python sqliv.py -tpython sqliv.py -t www. example .com python sqliv.py -t www. example .com/index.php?id=1 Quick reference:
python sqliv.py -t-r Reverse domain and scanning:
– Do reverse domain and look for websites that hosted on same server as target url