ScanQLi - Scanner To Detect SQL Injection Vulnerabilities

ScanQLi is a simple SQL injection scanner with somes additionals features. This tool can't exploit the SQLi, it just detect them. Tested on Debian 9

  • Classic
  • Blind
  • Time based
  • GBK (soon)
  • Recursive scan (follow all hrefs of the scanned web site)
  • Cookies integration
  • Adjustable wait delay between requests
  • Ignore given URLs

1. Install git tool
apt update
apt install git
2. Clone the repo.
git clone https://github.com/bambish/ScanQLi
3. Install python required libs
apt install python-pip
cd ScanQLi
pip install -r requirements.txt
For python3 please install python3-pip and use pip3

./scanqli -u [URL] [OPTIONS]

Simple url scan with output file
python scanqli.py -u '' -o output.log
Recursive URL scanning with cookies
python scanqli.py -u '' -r -c '{"PHPSESSID":"4bn7uro8qq62ol4o667bejbqo3" , "Session":"Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU="}'

Disqus Comments