ScanQLi: SQLi scanner to detect SQL vulns

by do son · Published · Updated

ScanQLi

ScanQLi is a simple SQL injection scanner with some additionals features. This tool can’t exploit the SQLi, it just detects them.

Tested on Debian 9

Features

  • Classic
  • Blind
  • Time-based
  • GBK (soon)
  • Recursive scan (follow all hrefs of the scanned web site)
  • Cookies integration
  • Adjustable wait delay between requests
  • Ignore given URLs

Install

git clone https://github.com/bambish/ScanQLi
cd ScanQLi
pip install -r requirements.txt

Usage

python scanqli -u [URL] [OPTIONS]

Example

Simple URL scan with output file:

python scanqli.py -u ‘http://127.0.0.1/test/?p=news’ -o output.log

Recursive URL scanning with cookies:

python scanqli.py -u ‘https://127.0.0.1/test/’ -r -c ‘{“PHPSESSID”:”4bn7uro8qq62ol4o667bejbqo3″ , “Session”:”Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU=”}’

Copyright (C) 2019 bambish

Source: https://github.com/bambish/

Tags: Scan SQLi