SQL injection is one of the most prominent vulnerabilities for web-based applications. In last article, we’ve used viSQL through which we scanned the whole server for SQL Injection vulnerabilities with the help of Crawling and Reverse IP domain check feature.
Today we’ll discuss about SQLiv tool which is a massive SQL Injection scanner through which you can even find the vulnerable SQL websites using Google Dorks. SQLiv is pre-installed in BlackArch Linux distribution.
Features of SQLiv –
- Multiple domain scanning with SQL injection dork
- Targetted scanning by providing specific domain (with crawling)
- Reverse domain scanning
Installation of SQLiv in Kali Linux –
To install SQLiv, type “git clone https://github.com/Hadesy2k/sqlivulscan.git” in your Linux machine terminal.
To install all dependencies of SQLiv tool, type “python setup.py -i” which will install all dependencies i.e. bs4, termcolor, google.
After the complete installation of all dependencies, type “python sqliv.py” which will gives you the welcome screen of SQLiv tool and displays the usage and options.
To run SQLiv, type “python sqliv.py -d “inurl:index.php?id=” -e google” in your terminal.
Here -d stands for SQL Injection dork and -e stands for Search Engine.
It simply search multiple websites from given dork and scan the results one by one.
For Target scanning, you can use -t parameter, “python sqliv.py -t <http://www.example.com/index.php?id=15”
If only domain name is provided, it will crawl all URLs with query as shown below.
You can even use -r parameter for reverse IP lookup scanning just like the viSQL tool.