SQLi Hunter is a tool designed to find potential SQL injection vulnerabilities by fetching URLs from the Wayback Machine and checking for common SQLi patterns. It supports integration with proxychains
for enhanced anonymity and security during network requests.
- Fetches URLs for a given domain (including subdomains) from the Wayback Machine.
- Checks for potential SQL injection vulnerabilities.
- Supports rate limiting to avoid connection issues.
- Integration with
proxychains
for anonymized network requests.
-
Clone the repository:
git clone https://github.com/Acorzo1983/SQLiHunter.git cd sqlihunter
-
Install the required Python packages:
pip install -r requirements.txt
-
Ensure
subfinder
,proxychains
, andsqlmap
are installed and configured correctly on your system.
-
Run without proxychains:
subfinder -d testphp.vulnweb.com -all -silent | python3 sqlihunter.py -o sqliurls.txt -r 1
-
Run with a file:
python3 sqlihunter.py -f domains.txt -o sqliurls.txt -r 2
-
Combined with sqlmap:
subfinder -d testphp.vulnweb.com -all -silent | python3 sqlihunter.py -o sqliurls.txt; sqlmap -m sqliurls.txt --batch --dbs --risk 2 --level 5 --random-agent | tee -a sqli.txt
-
Start Proxychains:
sudo service tor start
Test Proxychains:
proxychains curl -I https://www.google.com
We wait for 200 ok
-
Run with proxychains:
proxychains subfinder -d testphp.vulnweb.com -all -silent | proxychains python3 sqlihunter.py -o sqliurls.txt -r 1 --use-proxychains
-
Run with proxychains and combined with sqlmap:
proxychains subfinder -d testphp.vulnweb.com -all -silent | proxychains python3 sqlihunter.py -o sqliurls.txt -r 1 --use-proxychains ; sqlmap -m sqliurls.txt --batch --dbs --risk 2 --level 5 --random-agent | tee -a sqli.txt
Increasing the rate limit may cause the Wayback Machine to close the connection. A recommended rate limit is between 1 and 2 seconds.
Tool made with love by Albert C.