Sql-Drive-By - New software for finding sql vulnerable sites
I just finished version 1.0.0 of a program I am calling sql drive by. This program was created when I was teaching a friend about website vulnerabilities and was finding it difficult to find an sql injection vulnerable website to show how to test for the vulnerability. I wanted a program that not only made it easier to find these sites but also emphasizes how many sites out these are still vulnerable to SQLi and why people should be paying more attention to fixing these issues.
A quick description of its use would be like this:
python3 sqldriveby.py --term=index.php?id=
The term can be any dork you can think of and the program will then run through and return a list of pages that look to be possibly vulnerable.
You can change the depth of search and choose between search engines. Currently yahoo and bing. It also includes an admin page finder.
You can find my git here:
Thank you for the feedback.
I find that the specific term you are using is probably the most common so its usually the one that is patched the quickest. I have just tested with term "user.php?id=" and it fetched results with a depth of 3. Obviously the higher depth the more results you will return.
I have started taking notes for the added features for the next versions so I will be sure to add a verbose mode.