This Python project is an educational tool designed to scrape URLs that may be vulnerable to SQL injection. It uses Google search to find relevant URLs based on provided dorks and keywords and then checks if these URLs have query parameters (e.g., ?id=1) which can potentially be exploited through SQL injection attacks.

This project is intended for educational purposes only. It should not be used for any malicious activities or unauthorized penetration testing.

To run the SQL injection URL scraper, you need the following libraries installed:

• requests: To make HTTP requests and fetch search results.
• beautifulsoup4: To parse and extract information from HTML.
• urllib3: To suppress SSL certificate warnings.
• threading: To utilize multi-threading for efficient scraping.

You can install these libraries using the following command:

pip install requests beautifulsoup4 urllib3

1. Clone the repository or download the script.

2. Create the necessary files:

   • useragents.txt: This file should contain a list of user-agent strings that the scraper will use randomly for each request.
   • dork//domain.txt: This file should contain a list of target domains to search for.
   • dork//keywords.txt: This file should contain a list of keywords to use for generating dorks.
   • dork//pageext.txt: This file should contain a list of page extensions to use for generating dorks.
   • dork//pagetypes.txt: This file should contain a list of page types to use for generating dorks.

3. Modify the http_proxy variable with your proxy settings if needed. If you don't use a proxy, you can leave it as an empty string.

4. Set the MAX_URLS_TO_SCRAPE variable to control the maximum number of URLs to scrape.

To start the URL scraping process, simply run the script:

python bot.py

The script will start searching Google using generated dorks and keywords, and collect potential URLs vulnerable to SQL injection. It will display the progress of URLs scraped during the process.

Once the process is complete, the scraped URLs will be saved in a file named scraped.txt.

• This project is not intended for any malicious use or unauthorized penetration testing.
• Use this tool responsibly and only on systems you own or have explicit permission to test.
• SQL injection is a serious security vulnerability, and exploiting it without permission is illegal and unethical.
• Respect the terms of service of any website you are scraping and avoid sending too many requests in a short period to prevent IP bans.

The author of this project is not responsible for any misuse, damage, or legal consequences that may arise from the use of this tool. Use it at your own risk and responsibility. Always follow ethical guidelines and obtain appropriate permissions before performing any security assessments on websites or systems.