Tools ScanQLi | Scanner SQL Injection Vulnerability

Tools ScanQLi | Scanner SQL Injection Vulnerability

 Nelo.F4 - ScanQLi adalah pemindai injeksi SQL sederhana dengan beberapa fitur tambahan. Alat ini tidak dapat mengeksploitasi SQLi, hanya mendeteksi mereka. (Tested on Debian 9) 

Features

• Classic
• Blind
• Time based
• GBK (soon)
• Recursive scan (follow all hrefs of the scanned web site)
• Cookies integration
• Adjustable wait delay between requests
• Ignore given URLs

installation

1. Install git tools   

• $ apt update
• $ apt install git

2. Clone Repo

• $ git clone https://github.com/bambish/ScanQLi

3. Install python required libs

• $ apt install python-pip
• $ cd ScanQLi
• $ pip install -r requirements.txt
• NOTE: for python 3 please install python3-pip and use pip3

Usage

• $ python scanqli -u [URL] [OPTIONS]

Example

Simple URL scan with output file:

$ python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning with cookies:

$ python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

Warning
ScanQLi was created to perform pentest or others legal stuffs (like bug bounty). Using ScanQLi against web site without authorization is forbidden.

I'm not responsible of your usage of ScanQLi. At your own risk

Author by bambish 
Thanks to bambish - kitploit 

GOODLUCK! HAVE A NICE DAY - NELO.F4.

THERE A PROBLEM? GOOGLE YOUR FRIENDS!

Bagikan Artikel ini