Scanqli - Scanner To Let On Sql Injection Vulnerabilities

ScanQLi is a elementary SQL injection scanner amongst somes additionals features. This tool can't exploit the SQLi, it simply uncovering them. Tested on Debian 9

Features

• Classic
  
• Blind
  
• Time based
  
• GBK (soon)
  
• Recursive scan (follow all hrefs of the scanned spider web site)
  
• Cookies integration
  
• Adjustable aspect delay betwixt requests
  
• Ignore given URLs

Prerequisites
1. Install git tool

apt update apt install git

2. Clone the repo.

git clone https://github.com/bambish/ScanQLi

3. Install python required libs

apt install python-pip cd ScanQLi pip install -r requirements.txt

For python3 delight install python3-pip together with role pip3

Usage

./scanqli -u [URL] [OPTIONS]

Examples
Simple url scan amongst output file

python scanqli.py -u 'http://127.0.0.1/test/?p=news' -o output.log

Recursive URL scanning amongst cookies

python scanqli.py -u 'https://127.0.0.1/test/' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

Download ScanQLi