VLNlist is a specialized repository featuring wordlists designed for testing SQL injection vulnerabilities related to parameters and integers.
-
Requirements:
- Gobuster installed on your system. If not installed, download it from Gobuster GitHub repository.
- VLNlist repository cloned or downloaded to your local machine. Ensure you have the necessary wordlists specific to SQL injection parameters and integers.
-
Setting Up:
-
Clone or download the VLNlist repository from SecWordVault GitHub repository.
Clone Using HTTPS (recommended):
git clone https://github.com/temno18/VLNlist.git
Clone Using SSH (if SSH keys are set up):
git clone git@github.com:temno18/VLNlist.git
Download ZIP:
- Download and extract the ZIP archive from VLNlist GitHub page.
-
-
Running Gobuster with VLNlist:
-
Open your terminal or command prompt.
-
Navigate to the directory where Gobuster is installed or extracted.
-
Use the following command structure to run Gobuster with VLNlist wordlists:
gobuster sql -u <TARGET_URL> -w <PATH_TO_WORDLIST>
Replace
<TARGET_URL>with the URL of the target website or application where you want to test for SQL injection vulnerabilities.Replace
<PATH_TO_WORDLIST>with the path to the specific SQL injection wordlist from VLNlist included in your cloned repository. For example:gobuster sql -u http://example.com -w /path/to/secwordvault/sql_injection_wordlist.txt
-
-
Analyzing Results:
- Gobuster will begin scanning the specified URL with each payload from the SQL injection wordlist.
- Monitor the terminal for any indications of successful injections or vulnerabilities detected.
- Note down any URLs or parameters that return abnormal responses, as these may indicate potential vulnerabilities.
Feel free to contribute new wordlists or improvements to existing ones by forking this repository, making your changes, and submitting a pull request.
This project is licensed under the MIT License.