sqlscan is quick web scanner for find an sql inject point

Related tags

Security android php framework sql clean-code fuzzy-search hacking penetration-testing sql-injection cli-app pentesting geektool pentest pentest-tool scanner-web defacement dorker dorking deface-tools
Overview

ForTheBadge built-by-developers

GitHub license GitHub release PRs Welcome CodeFactor serps

sqlscan

sqlscan is quick web scanner for find an sql inject point. not for educational, this is for hacking.

use sitemap for best result sqlscan images

  • Simple to use
  • Multi platform
  • Fast af
  • Cool af

Installation

requires php to run.

PHP Depencies

  • ext-bz2
  • ext-curl
  • ext-mbstring

see composer.json for more information

For PC Linux debian based environments.

$ sudo apt install php php-bz2 php-curl php-mbstring curl
$ sudo curl https://raw.githubusercontent.com/Cvar1984/sqlscan/dev/build/main.phar --output /usr/local/bin/sqlscan
$ chmod +x /usr/local/bin/sqlscan
$ sqlscan http://example.gov --scan
$ sqlscan list_url.txt --scan

For Android Termux environments

$ apt install php curl
$ curl https://raw.githubusercontent.com/Cvar1984/sqlscan/dev/build/main.phar --output $PREFIX/bin/sqlscan
$ chmod +x $PREFIX/bin/sqlscan
$ sqlscan http://example.gov --scan
$ sqlscan list_url.txt --scan

build phar from source

download Box

$ composer install
$ box build

Todo

  • Quick shell code injector
  • Bypass waf
  • Url from json
  • report csv/xml/html/pdf/db ( composer dependcies )
  • multi threads ( pthread )

License

Copyright (c) 2019

Licensed unter the Apache License, Version 2.0 or the MIT license, at your option.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

You might also like...
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.
A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote URL.

Simple PHP Web Backdoor A simple PHP web backdoor allows you to retrieve directory/file contents and upload file(s) from the local machine or remote U

Aqhmal Hafizi 15 Oct 7, 2022
The new generation of famous WSO web shell. With perks included

wso-ng New generation of famous WSO web shell. With perks included default password is "root" changes can now hook password when loaded via stub ?php

0xbadad 12 Oct 5, 2022
The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
Web page performance/seo/security/accessibility analysis, browser-less for PHP

Web page performance/seo/security/accessibility analysis, browser-less for PHP

Lightship 5 Dec 15, 2022
Open Source Point of Sale is a web based point of sale application written in PHP using CodeIgniter framework.

Open Source Point of Sale is a web based point of sale application written in PHP using CodeIgniter framework. It uses MySQL as the data back end and has a Bootstrap 3 based user interface.

opensourcepos 2.7k Jan 2, 2023
Official repository for Find A PR. Find A PR is a platform that curates a list of issues around Laravel based project.

About Find A PR This is the official repository for Find A PR. Find A PR is a platform that curates a list of issues around Laravel based project. Req

Ash Allen 33 Dec 15, 2022
Shade/Inject composer dependencies into PocketMine-MP plugins.

ComposerShader README for v0.2.0-dev Important Note: This is not perfect, nor will it ever be, with several checks for common uses of certain function

Jack Honour 8 Aug 17, 2022
Assets Manager for
Assets Manager for "Vitewind" Theme, will inject CSS and JS assets for "Vitewind" theme to work properly with viteJS in development and production

Vitewind Manager plugin 💨 Windi CSS and ⚡️ Vite, for 🍂 OctoberCMS & ❄️ WinterCMS Introduction This is a helper plugin for 💨 Vitewind theme, don't i

Adil Chehabi 4 May 29, 2022
A WordPress plugin that provides a programmatic interface to register data providers and display (inject) the data in templates asynchronously

A WordPress plugin that provides a programmatic interface to register data providers and display (inject) the data in templates asynchronously

Martins Luters 3 Jun 26, 2022
WebVulScan - a web application vulnerability scanner
WebVulScan - a web application vulnerability scanner

WebVulScan is a web application vulnerability scanner. It is a web application itself written in PHP and can be used to test remote, or local, web applications for security vulnerabilities.

Dermot Blair 145 Nov 20, 2022
The light version of NexoPOS 4.x, which is a web-Based Point Of Sale (POS) System build with Laravel, TailwindCSS, and Vue.Js.
The light version of NexoPOS 4.x, which is a web-Based Point Of Sale (POS) System build with Laravel, TailwindCSS, and Vue.Js.

About NexoPOS 4.x NexoPOS 4 is a free point of sale system build using Laravel, TailwindCSS, Vue and other open-source resources. This POS System focu

Blair Jersyer 402 Jan 7, 2023
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
Parse: A Static Security Scanner

Parse: A PHP Security Scanner PLEASE NOTE: This tool is still in a very early stage. The work continues... The Parse scanner is a static scanning tool

psec.io 342 Jan 2, 2023
A PHP dependency vulnerabilities scanner based on the Security Advisories Database.

Enlightn Security Checker The Enlightn Security Checker is a command line tool that checks if your application uses dependencies with known security v

Enlightn 242 Dec 26, 2022
Scanner, signatures and the largest collection of Magento malware
Scanner, signatures and the largest collection of Magento malware

Improved malware scanner now available Good news: our opensource malware scanner "mwscan" has been succeeded by a much better one called eComscan. It

Willem de Groot 651 Dec 6, 2022
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
PHP code scanner to use with gettext/gettext

PHP code scanner to use with gettext/gettext

Gettext 12 Nov 11, 2022
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
Comments
  • [PHP] Progress Bar Fatal Error

    [PHP] Progress Bar Fatal Error

    After [#] Total available urls : (any number) It runs the progress bar (https://packagist.org/packages/guiguiboy/php-cli-progress-bar).

    However, results in fatal error (mb_strlen)

    Should make this issue more visible.

    PHP Fatal error:  Uncaught Error: Call to undefined function ProgressBar\mb_strlen() in phar:///usr/local/bin/sqlscan/vendor/guiguiboy/php-cli-progress-bar/ProgressBar/Manager.php:186
Stack trace:
#0 phar:///usr/local/bin/sqlscan/vendor/guiguiboy/php-cli-progress-bar/ProgressBar/Manager.php(169): ProgressBar\Manager->clearRightCharacters()
#1 phar:///usr/local/bin/sqlscan/vendor/guiguiboy/php-cli-progress-bar/ProgressBar/Manager.php(219): ProgressBar\Manager->display()
#2 phar:///usr/local/bin/sqlscan/vendor/guiguiboy/php-cli-progress-bar/ProgressBar/Manager.php(227): ProgressBar\Manager->update()
#3 phar:///usr/local/bin/sqlscan/src/SqlScan.php(55): ProgressBar\Manager->advance()
#4 phar:///usr/local/bin/sqlscan/main.php(24): Cvar1984\SqlScan\SqlScan->scan()
#5 /usr/local/bin/sqlscan(10): require('phar:///usr/loc...')
#6 {main}
  thrown in phar:///usr/local/bin/sqlscan/vendor/guiguiboy/php-cli-progress-bar/ProgressBar/Manager.php on line 186
    bug 
    opened by ghost 3
  • PHP Fatal error

    PHP Fatal error

    Hello.

    I set all as described in the Kali and error appears:

    root@kali:~# sqlscan http://demo.testfire.net PHP Fatal error: Uncaught PharException: bz2 extension is required for bzip2 compressed .phar file "/usr/local/bin/sqlscan" in /usr/local/bin/sqlscan:9 Stack trace: #0 /usr/local/bin/sqlscan(9): Phar::webPhar(NULL, 'index.php') #1 {main} thrown in /usr/local/bin/sqlscan on line 9

    123

    documentation question 
    opened by mobius07 2
  • Hello, I am a Chinese hacker. I saw your tool on github. I would like to exchange hacking techniques with you and learn from each other. I want to know how Chinese hackers and American hackers carry out infiltration attacks on targets, thank you

    Hello, I am a Chinese hacker. I saw your tool on github. I would like to exchange hacking techniques with you and learn from each other. I want to know how Chinese hackers and American hackers carry out infiltration attacks on targets, thank you

    Describe the bug A clear and concise description of what the bug is.

    To Reproduce Steps to reproduce the behavior:

    1. Go to '...'
    2. Click on '....'
    3. Scroll down to '....'
    4. See error

    Expected behavior A clear and concise description of what you expected to happen.

    Screenshots If applicable, add screenshots to help explain your problem.

    Desktop (please complete the following information):

    • OS: [e.g. iOS]
    • Browser [e.g. chrome, safari]
    • Version [e.g. 22]

    Smartphone (please complete the following information):

    • Device: [e.g. iPhone6]
    • OS: [e.g. iOS8.1]
    • Browser [e.g. stock browser, safari]
    • Version [e.g. 22]

    Additional context Add any other context about the problem here.

    opened by DanTiao7 1
  • Bump guzzlehttp/psr7 from 1.6.1 to 1.8.4

    Bump guzzlehttp/psr7 from 1.6.1 to 1.8.4

    Bumps guzzlehttp/psr7 from 1.6.1 to 1.8.4.

    Release notes

    Sourced from guzzlehttp/psr7's releases.

    1.8.4

    See change log for changes.

    1.8.3

    See change log for changes.

    1.8.2

    See change log for changes.

    1.8.1

    See change log for changes.

    1.8.0

    See change log for changes.

    1.7.0

    See change log for changes.

    Changelog

    Sourced from guzzlehttp/psr7's changelog.

    1.8.4 - 2022-03-20

    Fixed

    • Validate header values properly

    1.8.3 - 2021-10-05

    Fixed

    • Return null in caching stream size if remote size is null

    1.8.2 - 2021-04-26

    Fixed

    • Handle possibly unset url in stream_get_meta_data

    1.8.1 - 2021-03-21

    Fixed

    • Issue parsing IPv6 URLs
    • Issue modifying ServerRequest lost all its attributes

    1.8.0 - 2021-03-21

    Added

    • Locale independent URL parsing
    • Most classes got a @final annotation to prepare for 2.0

    Fixed

    • Issue when creating stream from php://input and curl-ext is not installed
    • Broken Utils::tryFopen() on PHP 8

    1.7.0 - 2020-09-30

    Added

    • Replaced functions by static methods

    Fixed

    • Converting a non-seekable stream to a string
    • Handle multiple Set-Cookie correctly
    • Ignore array keys in header values when merging
    • Allow multibyte characters to be parsed in Message:bodySummary()

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies 
    opened by dependabot[bot] 0
Releases(1.0.5)
Owner
Bellatrix Lugosi
Some kind of person that have nothing to do in his life
Bellatrix Lugosi
GitHub
A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

psec.io 1.5k Dec 5, 2022
Laravel Automated Vulnerability Scanner

Todo Laravel Fingerprint Laravel Leak .env Laravel Debug Mode Laravel CVE-2018-15133 Laravel Ignition CVE-2021-3129 Insecure Deserialization with APP_

Carlos Vieira 52 Dec 4, 2022
WPHunter A Wordpress Vulnerability Scanner

WPHunter Tool ☣ WPHunter A Wordpress Vulnerability Scanner You can use this tool on your wordpress website to check the security of your website by fi

Jamal Eddine 140 Dec 24, 2022
Javascript code scanner to use with gettext/gettext

Javascript code scanner to use with gettext/gettext

Gettext 4 Feb 14, 2022
Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Damn Vulnerable Web Services is an insecure web application with multiple vulnerable web service components that can be used to learn real world web service vulnerabilities.

Sam Sanoop 416 Dec 17, 2022
Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

sqlmapproject 25.7k Jan 5, 2023
PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

null 752 Jan 3, 2023
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

About SecLists SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected i

Daniel Miessler 44.1k Jan 7, 2023
Web Shells that can bypass system firewalls

No System Is Safe Summary Tsayou web shell is a backdoor built using the PHP programming language and designed to bypass multiple system firewalls on

22XploiterCrew 26 Jun 21, 2021
Web Application Firewall (WAF) package for Laravel

Web Application Firewall (WAF) package for Laravel This package intends to protect your Laravel app from different type of attacks such as XSS, SQLi,

Akaunting 681 Jan 3, 2023