SQL Hunter v1 is a URL SQL injection checker for multiple pages at once!
On Linux distribution, Windows 10 and 11, Android (Termux App or any app that runs python files) and IPhone (Pythonista)
NOTE: DO NOT ADD MANY UNCHECKABLE LINKS IN THE TESTING PROCESS, THIS WILL LEAD TO HIGH CPU AND EVEN CRASHING YOUR SOFTWARE.
An example of a checkable page: http://www.example.org/article.php?id=9
An example of a UNcheckable page: http://example.org
The program has two modes:
Check pages' vulnerability
(Check if the page gets an error if you try and change the SQL query in the URL)Check pages' existence
(Check if the page is alive 'exists' on the internet)
- Clone the repository using
git clone
or copy the code if you prefer - Download the wanted libraries in the
requirements.txt
- Open the terminal or the command prompt and navigate to the folder you downloaded the repo
- Make sure you have python 3 installed and run this command
python "SQL Hunter v1.py"
It's better to NOT use proxies if you don't have paid ones. The program works perfectly without proxies.
In this mode the program simply adds an apostrophe (') in the end of the URL and checks if the page responses with an error or not. If the page responses with an error then the program sends another request to the original page without the apostrophe, if there's no error in the page the program counts the page as vulnerable.NOTE: You can get pages for a specific domain using other programs like GAU or Hakrawler and when you find an injectable page it's recommended to use sqlmap to enumerate and dump the database
In this mode the program sends a single request to the URL and if the status code was 200 it counts it as it exists.