{"id":16971636,"url":"https://github.com/thomastjdev/katana_findsqlinj","last_synced_at":"2025-03-21T20:16:29.606Z","repository":{"id":87656959,"uuid":"79670884","full_name":"ThomasTJdev/katana_findsqlinj","owner":"ThomasTJdev","description":"KatanaFramework module - Find websites vuln for SQL injection.","archived":false,"fork":false,"pushed_at":"2017-01-21T20:27:52.000Z","size":7,"stargazers_count":1,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-26T14:48:38.435Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ThomasTJdev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-01-21T20:27:45.000Z","updated_at":"2023-12-29T04:47:53.000Z","dependencies_parsed_at":"2023-03-10T17:30:18.517Z","dependency_job_id":null,"html_url":"https://github.com/ThomasTJdev/katana_findsqlinj","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2Fkatana_findsqlinj","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2Fkatana_findsqlinj/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2Fkatana_findsqlinj/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ThomasTJdev%2Fkatana_findsqlinj/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ThomasTJdev","download_url":"https://codeload.github.com/ThomasTJdev/katana_findsqlinj/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244860611,"owners_count":20522466,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-14T00:53:11.813Z","updated_at":"2025-03-21T20:16:29.596Z","avatar_url":"https://github.com/ThomasTJdev.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"mcs/gd.sql module for Katana\n========================================\n\nModule for finding website vuln for SQL injections\n\nKatana/modules/mcs/prone_to_sql.py\n\n This python script is developed to show, how many vulnerables websites,\n which are laying around on the web. The main focus of the script is to\n generate a list of vuln urls. Please use the script with causing and\n alert the webadmins of vulnerable pages. The SQLmap implementation is\n just for showcasing.\n\n## Requirements\n* python2 (developed for python3 - python3 is still included but comment out)\n* BeautifulSoup from bs4\n* (optional) sqlmap\n* [Katana](https://github.com/PowerScript/Katana)\n\n## The script\n The script is divided into 3 main sections.\n \n### Section 1\n   In this section you have to provide a search string, which 'connects' to\n   the websites database, e.g. 'php?id='. The script then crawls\n   Bing or Google for urls containing it. \n   (Please be aware that you might get banned for crawling to fast, remember \n   an appropriate break/sleep between request).\n   *Example of searches: php?bookid=, php?idproduct=, php?bookid=, php?catid=,*\n                       *php?action=, php?cart_id=, php?title=, php?itemid=*\n\n### Section 2\n   This section adds a qoute ' to the websites url. If the website is\n   prone to SQL injection, we'll catch this with some predefined error\n   messages. The script will not add websites for blind SQL injections,\n   due to the predefined error messages.\n\n### Section 3\n   This is just an activation of sqlmap with the bulk argument and no\n   user interaction for validation of SQL injection.\n\nLicense\n-------\n\nMIT, 2016 Thomas TJ (TTJ)\n\nOther\n-----\n\nWant to try it without Katana? Test it with python3 here [findsqlinj](https://gitlab.com/ThomasTJ/find_sql_injection)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomastjdev%2Fkatana_findsqlinj","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fthomastjdev%2Fkatana_findsqlinj","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fthomastjdev%2Fkatana_findsqlinj/lists"}