Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/malvads/sqlmc

Official Kali Linux tool to check all urls of a domain for SQL injections :)
https://github.com/malvads/sqlmc

database pentest-tool pentesting python3 sql sqlinjection

Last synced: 26 days ago
JSON representation

Official Kali Linux tool to check all urls of a domain for SQL injections :)

Awesome Lists containing this project

README

        

# SQLMC - SQL Injection Massive Checker

## Demo
![Alt Text](./assets/demo.gif)

## Information
This tool is for educational purpose only, usage of SQLMC for attacking targets without prior mutual consent is illegal. Developers assume no liability and are not responsible for any misuse or damage cause by this program.

## Overview
SQLMC (SQL Injection Massive Checker) is a tool designed to scan a domain for SQL injection vulnerabilities. It crawls the given URL up to a specified depth, checks each link for SQL injection vulnerabilities, and reports its findings.

## Features
- Scans a domain for SQL injection vulnerabilities
- Crawls the given URL up to a specified depth
- Checks each link for SQL injection vulnerabilities in all GET params
- Reports vulnerabilities along with server information and depth

## Installation
1. Install the required dependencies:
```bash
pip3 install sqlmc
```

## Usage

Run `sqlmc` with the following command-line arguments:

- `-u, --url`: The URL to scan (required)
- `-d, --depth`: The depth to scan (required)
- `-o, --output`: The output file to save the results

Example usage:

```bash
sqlmc -u http://example.com -d 2
```

Replace http://example.com with the URL you want to scan and 3 with the desired depth of the scan. You can also specify an output file using the -o or --output flag followed by the desired filename.

The tool will then perform the scan and display the results.

## ToDo
~~- Check for multiple GET params~~ - Done in [#3](https://github.com/malvads/sqlmc/pull/3)
- Better injection checker trigger methods
- Allow to use cookies like sessions to auth requests

## Credits

- Developed by [Miguel Álvarez](https://github.com/malvads)

## License

This project is licensed under the [GNU Affero General Public License v3.0](LICENSE).