View Full Version : Sql-Drive-By - New software for finding sql vulnerable sites

2016-10-05, 13:03
Afternoon guys

I just finished version 1.0.0 of a program I am calling sql drive by. This program was created when I was teaching a friend about website vulnerabilities and was finding it difficult to find an sql injection vulnerable website to show how to test for the vulnerability. I wanted a program that not only made it easier to find these sites but also emphasizes how many sites out these are still vulnerable to SQLi and why people should be paying more attention to fixing these issues.

A quick description of its use would be like this:

python3 sqldriveby.py --term=index.php?id=

The term can be any dork you can think of and the program will then run through and return a list of pages that look to be possibly vulnerable.

You can change the depth of search and choose between search engines. Currently yahoo and bing. It also includes an admin page finder.

You can find my git here:




2016-12-06, 01:56
Hey Dosk3n,

Thank you for writing this and sharing with everybody. I've just downloaded and am running some now so thought I'd offer a review :)

> Raspberry Pi 2
> Internet @ ~250KBps
> Ethernet - eth0
> Kali 2 Rolling ARM

Incredibly easy, just follow the instructions on Github. No errors and downloaded fine. Dependencies installed ok.

Very easy to use, straightforward and simple UI that's easy to understand.

Unfortunately, I've not yet found any SQL vulnerable websites with the program. Either a good sign of IT security in general or a bad sign for usage - more testing is required. So far, I've tried a depth of up to 3 on both search engines with the term "index.php?id=" (if I get any results after posting, I'll edit / update).

Tested "find-admin" on a few of my sites and all were found :)

Would be nice to have a verbose mode to see a little bit of what is happening in the background but not overly needed if you understand the theory (or look at the source). No other suggestions :)


2016-12-08, 16:24
Thank you for the feedback.

I find that the specific term you are using is probably the most common so its usually the one that is patched the quickest. I have just tested with term "user.php?id=" and it fetched results with a depth of 3. Obviously the higher depth the more results you will return.

I have started taking notes for the added features for the next versions so I will be sure to add a verbose mode.