https://github.com/thomastjdev/python_gdork_sqli

This python script is developed to show, how many vulnerables websites, which are laying around on the web. 1) Scan net for urls prone to SQL injection 2) Check if urls is vulnerable 3) Exploit with sqlmap
https://github.com/thomastjdev/python_gdork_sqli

Last synced: about 1 year ago
JSON representation

This python script is developed to show, how many vulnerables websites, which are laying around on the web. 1) Scan net for urls prone to SQL injection 2) Check if urls is vulnerable 3) Exploit with sqlmap

• Host: GitHub
• URL: https://github.com/thomastjdev/python_gdork_sqli
• Owner: ThomasTJdev
• License: mit
• Created: 2017-01-21T20:43:18.000Z (over 9 years ago)
• Default Branch: master
• Last Pushed: 2017-01-21T20:43:26.000Z (over 9 years ago)
• Last Synced: 2025-03-18T12:01:41.717Z (about 1 year ago)
• Language: Python
• Homepage:
• Size: 16.6 KB
• Stars: 54
• Watchers: 11
• Forks: 27
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Find SQL injections

 This python script is developed to show, how many vulnerables websites,

 which are laying around on the web. The main focus of the script is to

 generate a list of vuln urls. Please use the script with causing and

 alert the webadmins of vulnerable pages. The SQLmap implementation is

 just for showcasing.

## Requirements

* python3

* BeautifulSoup from bs4

* (optional) sqlmap

## The script

 The script is divided into 3 main sections.

 

### Section 1

   In this section you'll have to provide a search string, which 'connects' to

   the websites database, e.g. 'php?id='. The script then crawls

   Bing or Google for urls containing it. All of the urls can then be saved

   into a file. (Please be aware that you might get banned for crawling to

   fast, remember an appropriate break/sleep between request).

   *Example of searchs: php?bookid=, php?idproduct=, php?bookid=, php?catid=,*

                       *php?action=, php?cart_id=, php?title=, php?itemid=*

### Section 2

   This section adds a qoute ' to the websites url. If the website is

   prone to SQL injection, we'll catch this with some predefined error

   messages. The script will not add websites for blind SQL injections,

   due to the predefined error messages.

### Section 3

   This is just an activation of sqlmap with the bulk argument and no

   user interaction for validation of SQL injection.

**Stay safe and help the vulnerables**