Hello all, as we know that what is sql injection and it’s security impacts. If you don’t have any idea about it you can refer owasp top 10 https://owasp.org/www-community/attacks/SQL_Injection

Finding all parameter and test for sql injection or any other attack like xss is time consuming task, as everyone wants easy as well as automated stuff now a days. So for that here we have a tool called as sqliv.

SQLiv is Massive SQL injection scanner which is written in python2, it’s helpful for automated stuff. It contains some of the interesting features like It work with dorks and find as well as scan multiple domain for sqli. For single target it crawl domain and scan it for sqli, as well as it able to perform reverse domain for the particular sever where our target website hosted.

To clone it from the github and run follow the steps given below.

git clone https://github.com/the-robot/sqliv.git
cd sqliv
pip install -r requirements.txt //to install all necessary requirements
python sqliv.py //Run sqliv from anywhere  

Let’s dig into some of the example of sqliv, which is going to work with dork to find multiple random target and then specific target.

python sqliv.py -d "php?id=" -e bing
Above example shows about scan sqli vulnerable targets using dorks
python sqliv.py -t http://example.com
Above example shows single target as well as can try with reverse option

Learn Virtually

LEAVE A REPLY

Please enter your comment!
Please enter your name here