ScanQLi: SQLi scanner to detect SQL vulns
ScanQLi
ScanQLi is a simple SQL injection scanner with some additionals features. This tool can’t exploit the SQLi, it just detects them.
Tested on Debian 9
Features
- Classic
- Blind
- Time-based
- GBK (soon)
- Recursive scan (follow all hrefs of the scanned web site)
- Cookies integration
- Adjustable wait delay between requests
- Ignore given URLs
Install
git clone https://github.com/bambish/ScanQLi
cd ScanQLi
pip install -r requirements.txt
Usage
python scanqli -u [URL] [OPTIONS]
Example
Simple URL scan with output file:
python scanqli.py -u ‘http://127.0.0.1/test/?p=news’ -o output.log
Recursive URL scanning with cookies:
python scanqli.py -u ‘https://127.0.0.1/test/’ -r -c ‘{“PHPSESSID”:”4bn7uro8qq62ol4o667bejbqo3″ , “Session”:”Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU=”}’
Copyright (C) 2019 bambish
Source: https://github.com/bambish/
