python基于搜索引擎批量sql搜索和注入
https://github.com/Shadowshusky/sqlivulscan.
推荐命令
python sqliv.py -d "inurl:index.php?id=" -e 查看支持的搜索引擎 *** 强烈建议python sqliv.py -d "inurl:index.php?id=" -e bing 开始挖掘漏洞地址
SQLiv
Massive SQL injection scanner
old project (sqlivulscan)
Features
- multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
- targetted scanning by providing specific domain (with crawling)
- reverse domain scanning
both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls
quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom
Installation
- git clone https://github.com/Hadesy2k/sqlivulscan.git
- sudo python2 setup.py -i
Dependencies
Pre-installed Systems
Quick Tutorial
1. Multiple domain scanning with SQLi dork
- it simply search multiple websites from given dork and scan the results one by one
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> python sqliv.py -d "inurl:index.php?id=" -e google2. Targetted scanning
- can provide only domain name or specifc url with query params
- if only domain name is provided, it will crawl and get urls with query
- then scan the urls one by one
python sqliv.py -t <URL> python sqliv.py -t www.example.com python sqliv.py -t www.example.com/index.php?id=13. Reverse domain and scanning
- do reverse domain and look for websites that hosted on same server as target url
python sqliv.py -t <URL> -r
