Skip to content

kimocoder/ScanQLi

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits
.screenshots
.screenshots
 
 
LICENSE.md
LICENSE.md
 
 
README.md
README.md
 
 
config.py
config.py
 
 
function.py
function.py
 
 
logo.py
logo.py
 
 
progressbar.py
progressbar.py
 
 
requirements.txt
requirements.txt
 
 
scanqli.py
scanqli.py
 
 

Repository files navigation

ScanQLi License Python 2|3 Twitter

Screenshot

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them.

Tested on Debian 9

Features

  • Classic

  • Blind

  • Time based

  • GBK (soon)

  • Recursive scan (follow all hrefs of the scanned web site)

  • Cookies integration

  • Adjustable wait delay between requests

  • Ignore given URLs

Prerequisites

1. Install git tool

apt update
apt install git

2. Clone the repo.

git clone https://github.com/bambish/ScanQLi

3. Install python required libs

apt install python-pip
cd ScanQLi
pip install -r requirements.txt

For python3 please install python3-pip and use pip3

Usage

./scanqli -u [URL] [OPTIONS]

Examples

Simple url scan with output file

python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning with cookies

python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

Warning

ScanQLi was created to perform pentest or others legal stuffs (like bug bounty). Using ScanQLi against web site without authorization is forbidden.

I'm not responsable of your usage of ScanQLi. At your own risk.

About

SQLi scanner to detect SQL vulns

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%