Hello all, as we know that what is sql injection and it’s security impacts. If you don’t have any idea about it you can refer owasp top 10 https://owasp.org/www-community/attacks/SQL_Injection
Finding all parameter and test for sql injection or any other attack like xss is time consuming task, as everyone wants easy as well as automated stuff now a days. So for that here we have a tool called as sqliv.
SQLiv is Massive SQL injection scanner which is written in python2, it’s helpful for automated stuff. It contains some of the interesting features like It work with dorks and find as well as scan multiple domain for sqli. For single target it crawl domain and scan it for sqli, as well as it able to perform reverse domain for the particular sever where our target website hosted.
To clone it from the github and run follow the steps given below.
git clone https://github.com/the-robot/sqliv.git cd sqliv pip install -r requirements.txt //to install all necessary requirements python sqliv.py //Run sqliv from anywhere
Let’s dig into some of the example of sqliv, which is going to work with dork to find multiple random target and then specific target.
python sqliv.py -d "php?id=" -e bing
python sqliv.py -t http://example.com