python基于搜索引擎批量sql搜索和注入

https://github.com/Shadowshusky/sqlivulscan.

推荐命令

python sqliv.py -d "inurl:index.php?id=" -e 查看支持的搜索引擎
*** 强烈建议python sqliv.py -d "inurl:index.php?id=" -e bing  开始挖掘漏洞地址

SQLiv

Massive SQL injection scanner

old project (sqlivulscan)

Features

  1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
  2. targetted scanning by providing specific domain (with crawling)
  3. reverse domain scanning

both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls

quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom


Installation

  1. git clone https://github.com/Hadesy2k/sqlivulscan.git
  2. sudo python2 setup.py -i

Dependencies

Pre-installed Systems


Quick Tutorial

1. Multiple domain scanning with SQLi dork

  • it simply search multiple websites from given dork and scan the results one by one
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
python sqliv.py -d "inurl:index.php?id=" -e google

2. Targetted scanning

  • can provide only domain name or specifc url with query params
  • if only domain name is provided, it will crawl and get urls with query
  • then scan the urls one by one
python sqliv.py -t <URL>  
python sqliv.py -t www.example.com  
python sqliv.py -t www.example.com/index.php?id=1

3. Reverse domain and scanning

  • do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r
本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud

您是第8239951 位访客, 您的IP是:[3.230.1.126]