americo / sqlifinder Goto Github PK

SQL Injection Vulnerability Scanner made with Python

Python 100.00%

sql sql-injection sql-injection-attacks web-hacking security scanner hacking vulnerability

sqlifinder's Introduction

SQL Injection scanner made with python.

sqlifinder is a tool with the function of detecting GET-based sql injection vulnerabilities in web applications using waybackurls, web crawlers and sql injection payloads.

Features

Fast and powerful scanner
Include web crawler and waybackurls

Usage

python3 sqlifinder.py -h

This will display help for the tool. Here are all the switches it supports.

Installation

Sqlifinder requires:

python3
huepy
requests
tqdm

To install run these comands:

▶ sudo apt install git

▶ git clone https://github.com/americo/sqlifinder

▶ cd sqlifinder
▶ pip3 install -r requirements.txt

Running Sqlifinder

To run the tool on a target, just use the following command.

▶ python3 sqlifinder.py -d example.com

The -s command can be used to test sql injection in subdomains of the target.

▶ python3 sqlifinder -d example.com -s

License

sqlifinder is made with 🖤 by the americo.

sqlifinder's People

Contributors

Stargazers

Watchers

sqlifinder's Issues

It only parses domain url .com, .net, is there any way to modify part of the code so that it parses other domains of government sites, such as (edu.pe, gob.pe, .org) ??? It would help me a lot, you can support me.

skid

really copying code?

clearing and system commands suggestion

i have something i use alot in my own scripts to save the time writing os.system commands so, here it is
change this

def clear():
    if 'linux' in sys.platform:
        os.system('clear')
    elif 'darwin' in sys.platform:
        os.system('clear')
    else:
        os.system('cls')

to this

def clear():
    print("\x1b[H\x1b[2J\x1b[3J")

this will clear every terminal, on any system no matter if its UNIX, Linux, Windows, MACOS, Iphone, Android, whatever. helps alot dont it? ;o

System Commands

So I’m not going to really “ complain “ about this more than I am helping out, I notice you use the if system == to use a clear command, well there is a very simple solution to this, this works for all platforms and systems but instead of taking up extra lines you could always do this

‘’’python

if name == “main”:
print(“ \x1b[H\x1b[2J\x1b[3J”)
banner()
main()
‘’’

It took me a special someone to come along and teach me this but this is a very simple thing to both understand while optimizing code for cross platform applications, it will do the same thing clear and CLs will do but instead chomp down say the 7-8 lines the if system == whatever os, and this also works in any language and platform, it’s highly suggested to use it cause even I have found out in other languages when executing OS commands, windows will usually error out and say “ cls “ or “ CLS “ is not an executable path, so it just prevents a lot of heard ache working with cross platform applications

Happy coding! :D

UnboundLocalError: local variable 'links' referenced before assignment

running on Linux kali 5.16.0-kali5-amd64 #1 SMP PREEMPT Debian 5.16.14-1kali1 (2022-03-15) x86_64 GNU/Linux

ran it against a local vuln app and i got this error

        ___ ____         __

___ ___ / () ()__ / / ____
(-</ _ `/ / / / / _ / _ / -) /
//_, /////////_,/_//
/_/ ~ by @americo v1.0

Traceback (most recent call last):
File "/home/kali/Downloads/sqlifinder/sqlifinder.py", line 93, in
main()
File "/home/kali/Downloads/sqlifinder/sqlifinder.py", line 61, in main
crawled_urls = crawler.spider(f"http://{args.domain}", 10)
File "/home/kali/Downloads/sqlifinder/core/crawler.py", line 39, in spider
return links
UnboundLocalError: local variable 'links' referenced before assignment

Script doesnt give any info or status while is running. i add it but i dont know how to use github very well so here is the code

Add url list support

Hi there, it's a really nice tool
Can you add url list support? So we can scan from a text file