Open In App

SQLiv – Massive SQL Injection Scanner

Last Updated : 03 Jun, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

SQL Injection is one of the trending and high impactful attacks on the web application. We can perform the scanning process of SQL Injection through automated tools like SQLMap etc. But, there is one of the best tools known as SQLiv tool which is a massive SQL Injection Scanner that can also find the vulnerable SQL Websites via Google Dorks. SQLiv tool is written in the Python language and it is also available on the Github platform, so we can download and use it for free.

Note: Before installing the tool make sure you have Python installed on your system, as SQLiv is a python-based tool. Click to get the installation process of Python on Linux – Python Installation Steps on Linux

Installation of SQLiv Tool on Kali Linux OS

Step 1: In this step, we will get the SQLiv tool repository from GitHub open-source platform.

git clone https://github.com/xchopath/pathprober.git

 

Step 2: Use the below cd command to navigate to the SQLiv tool directory or folder.

cd pathprober

 

Step 3: We are in the directory of  SQLiv. Now execute the below command to download all the Python dependencies and requirements which are associated with the tool.

sudo pip3 install -r requirements.txt

 

Step 4: Run the below command in the terminal to view and understand the usage of the SQLiv tool.

./sqliv.py -h

 

Working with SQLiv Tool on Kali Linux OS

Example 1: Multiple domain scanning with SQLi dork

sqliv -d "php?id=" -e bing -p 40

Here, we are scanning for multiple domains bypassing the Google Dork query. We have specified the search engine as bing.

 

We have got the results of our scan. All the returned URLs match the Google Dork query.

 

Example 2: Targeted scanning

sqliv -t www.example.com/index.php?id=1

In this example, we are scanning for a specific target domain. We have specified the target domain in the -t flag.

 

Example 3: Dumping scanned result

sqliv -d “inurl:index?id=” -e google -p 40 -o result.jso

In this example, we are storing the results in the results.json file.

 

We have given the dork query and the scanning process is been started.

 

We have got the results of vulnerable domains through the dork query.

 

In the below screenshots, results are been saved in the results.json file and we have simply displayed the contents using the cat command.

 


Like Article
Suggest improvement
Previous
Create Custom Wordlists Using Crunch in Kali Linux
Next
XIRA - XSS Vulnerablity Scanner
Share your thoughts in the comments

Similar Reads

Evilscan - Massive IP Port Scanner
GONET-Scanner - Golang Network Scanner With Arp Discovery And Own Parser
CRLF Injection Attack
Commix - OS Command Injection and Exploitation Tool
Tplmap - Tool For Automatic Server Side Template Injection Exploitation
XSS-Freak - XSS Scanner Fully Written in Kali Linux
Knock - Subdomain Scanner Tool in Kali Linux
Optiva Framework - Web Application Vulnerabilities Scanner
Nuclei - Fast and Customizable Vulnerability Scanner
Fuxploider - File Upload Vulnerability Scanner And Exploitation Tool

A
abhishekgandal324
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox