White Hat Institute

Vulnerability Assessment using SQLiv

SQLiv is a scanning tool written in Python which uses Google, Bing, or Yahoo for targeted scanning, concentrated on uncovering pages with SQL Injection vulnerabilities. It uses known dorks to find vulnerable URLs.

To download SQLiv, visit the https://github.com/the-robot/sqliv” page.

vulnerability assessment, sqliv 1

Copy the downloadable link and clone it to the “/opt” directory.

Ex: ([email protected]:/opt# git clone https://github.com/the-robot/sqliv.git).

Then navigate to the “sqliv” folder and install the requirements.

Ex: ([email protected]:/opt/sqliv# pip install -r requirements.txt).

Once everything is complete, you can execute the tool with the python command and view the help page by adding the “ – – help” operator at the end.

Ex: ([email protected]:/opt/sqliv# python sqliv.py  – -help).

sqliv 2

Let’s try to find any vulnerabilities using SQL injection dork (-d) and search for sites that contain “php?id=” in their URLs. For this, we are going to use the Google search engine (-e), and display a maximum of 20 vulnerable websites.

Ex: ([email protected]:/opt/sqliv# python sqliv.py -d “php?id=” -e google -p 20).

sqliv 3