Features

1. multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
2. targetted scanning by providing specific domain (with crawling)
3. reverse domain scanning

both SQLi scanning and domain info checking are done in multiprocessing
so the script is super fast at scanning many urls

quick tutorial & screenshots are shown at the bottom
project contribution tips at the bottom

Installation

1. git clone https://github.com/the-robot/sqliv.git
2. sudo python2 setup.py -i

Dependencies

• bs4
• termcolor
• google
• nyawc

Pre-installed Systems

• BlackArch Linux

1. Multiple domain scanning with SQLi dork

• it simply search multiple websites from given dork and scan the results one by one

pythonsqliv.py-d<SQLIDORK>-e<SEARCHENGINE>pythonsqliv.py-d"inurl:index.php?id="-egoogle

2. Targetted scanning

• can provide only domain name or specifc url with query params
• if only domain name is provided, it will crawl and get urls with query
• then scan the urls one by one

pythonsqliv.py-t<URL>pythonsqliv.py-twww.example.compythonsqliv.py-twww.example.com/index.php?id=1

3. Reverse domain and scanning

• do reverse domain and look for websites that hosted on same server as target url

pythonsqliv.py-t<URL>-r

4. Dumping scanned result

• you can dump the scanned results as json by giving this argument

pythonsqliv.py-d<SQLIDORK>-e<SEARCHENGINE>-oresult.json

View help

pythonsqliv.py--helpusage: sqliv.py [-h] [-dD] [-eE] [-pP] [-tT] [-r] optionalarguments: -h, --helpshowthishelpmessageandexit-dDSQLinjectiondork-eEsearchengine [Googleonlyfornow] -pPnumberofwebsitestolookforinsearchengine-tTscantargetwebsite-rreversedomain

TODO

1. POST form SQLi vulnerability testing