sqliv: massive SQL injection vulnerability scanner


Massive SQL injection vulnerability scanner


  1. multiple domain scanning with SQL injection dork
  2. targetted scanning by providing specific domain (with crawling)
  3. reverse domain scanning

both SQLi scanning and domain info checking are done in multiprocessing so the script is super fast at scanning .many urls


  1. git clone https://github.com/the-robot/sqliv.git
  2. sudo python2 setup.py -i

Quick Tutorial

python sqliv.py --help

usage: sqliv.py [-h] [-d D] [-e E] [-p P] [-t T] [-r]

optional arguments:
-h, --help show this help message and exit
-d D SQL injection dork
-e E search engine [Google only for now]
-p P number of websites to look for in search engine
-t T scan target website
-r reverse domain

1. Multiple domain scanning with SQLi dork

  • it simply searches multiple websites from given dork and scans the results one by one
    python sqliv.py -d <SQLI DORK> -e <SEARCH ENGINE>  
    python sqliv.py -d "inurl:index.php?id=" -e google


2. Targetted scanning

  • can provide an only domain name or specific url with query params
  • if an only domain name is provided, it will crawl and get urls with query
  • then scan the urls one by one
    python sqliv.py -t <URL>  
    python sqliv.py -t www.example.com
    python sqliv.py -t www.example.com/index.php?id=1

3. Reverse domain and scanning

  • do reverse domain and look for websites that hosted on the same server as target url
    python sqliv.py -t <URL> -r

Source: https://github.com/the-robot/