SQLiv is a Python-based massive SQL Injection dork scanning tool which uses Google, Bing or Yahoo for targetted scanning, multiple-domain scanning or reverse domain scanning.
SQLiv Massive SQL Injection Scanner Features
Both the SQLi scanning and domain info checking are done in a multiprocess manner so the script is super fast at scanning a lot of URLs. It’s a fairly new tool and there are plans for more features and to add support for other search engines like DuckDuckGo.
- Multiple domain scanning with SQL injection dork by Bing, Google, or Yahoo
- Targetted scanning by providing specific domain (with crawling)
- Reverse domain scanning
Using SQLiv For SQL Injection Dorks Scanning
Multiple domain scanning with SQLi dork
Simply search multiple websites from given dork and scan the results one by one:
1 2 |
python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE> python sqliv.py -d "inurl:index.php?id=" -e google |
Targetted scanning
You can provide just the domain name or specific URLs with query parameters. If only the domain name is provided, it will crawl and get URLs with queries then scan the URLs one by one.
1 2 3 |
python sqliv.py -t <URL> python sqliv.py -t www.example.com python sqliv.py -t www.example.com/index.php?id=1 |
Reverse domain and scanning
Reverse domain scan and look for websites that are hosted on the same server as target URL.
1 |
python sqliv.py -t <URL> -r |
SQLiv Dork SQL Injection Tool Usage
1 2 3 4 5 6 7 8 9 10 11 |
python sqliv.py --help usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r] optional arguments: -h, --help show this help message and exit -d D SQL injection dork -e E search engine [Google only for now] -p P number of websites to look for in search engine -t T scan target website -r reverse domain |
There is nothing else exactly like this, there are tools for information gathering via dorks like:
– snitch – Information Gathering Tool Via Dorks
– dork-cli – Command-line Google Dork Tool
And SQL Injection tools like:
– jSQL – Automatic SQL Injection Tool In Java
– BSQLinjector – Blind SQL Injection Tool Download in Ruby
You can download SQLiv here:
Or read more here.
Virus23 says
Amazing, might try one of these some days, looking into learning Python after I grad. this Military Academy!
Darknet says
Totally recommend Python as a good way into infosec, plenty of tools to examine and a solid set of libraries.