Giters

5up3rc / ScanQLi

SQLi scanner to detect SQL vulns

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ScanQLi License Python 2|3 Twitter

Screenshot

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested on Debian 9

Features

  • Classic

  • Blind

  • Time based

  • GBK (soon)

  • Recursive scan (follow all hrefs of the scanned web site)

  • Cookies integration

  • Adjustable wait delay between requests

  • Ignore given URLs

Prerequisites

1. Install git tool

apt update
apt install git

2. Clone the repo.

git clone https://github.com/bambish/ScanQLi

3. Install python required libs

apt install python-pip
cd ScanQLi
pip install -r requirements.txt

For python3 please install python3-pip and use pip3

Usage

./scanqli -u [URL] [OPTIONS]

Examples

Simple url scan with output file

python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning with cookies

python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

About

SQLi scanner to detect SQL vulns

License:GNU General Public License v3.0

Languages

Language:Python 100.0%