- Joined
- Jan 8, 2019
- Messages
- 56,618
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,700
6 Years of Service
76%
Simple python script supported with BurpBouty profile that helps you to detect SQL injection “Error based” by sending multiple requests with 14 payloads and checking for 152 regex patterns for different databases.
How does it work?
It’s very simple, just organize your steps as follows
Use your subdomain grabber script or tools.
Pass all collected subdomains to httpx or httprobe to get only live subs.
Use your links and URLs tools to grab all waybackurls like waybackurls, gau, gauplus, etc.
Use URO tool to filter them and reduce the noise.
Grep to get all the links that contain parameters only. You can use Grep or GF tool.
Pass the final URLs file to the tool, and it will test them.
The final schema of URLs that you will pass to the tool must be like this one
https://aykalam.com?x=test&y=fortest
http://test.com?parameter=ayhaga