Necessary Tools
Kali Linux
Highly Recommended for hacking and cracking. If you don’t already have a Kali VM, I’ve provided a download link.
V3n0m
Awesome Dork scanning tool. I’ve provided the link to the Github page and a setup tutorial.(v3n0m tutorial)
Sqlmap
Usually comes preinstalled on Kali Linux, however, I’ve provided a Github link.
Scanning Tutorial
Firstly, you need to have dorks, and if you want HQ combo lists, you need HQ dorks, which you can get any time using Dorker4.
Once you have your Dorks you need to get those over to Kali Linux.
Now you have to setup v3n0m, hopefully, you downloaded all the prerequisites and you can setup v3n0m. To setup v3n0m you have to first open a terminal window and cd into the V3n0m-Scanner folder. Now enter these commands:
Code:
python3.5 setup.py build
###WAIT UNTIL IT SAYS ITS FINISHED###
python3.5 setup.py install
Assuming you set everything up correctly you need to open the Kali File Manager and go to the V3n0m-Scanner/src/static folder.
In there you will see a text document called d0rks.txt you need to open that file and paste in your dorks. Don’t use the included dorks, they’re not that great.
After you have pasted your dorks in now you have to open a terminal window and you have to cd into V3n0m-Scanner/src you want to now start the scanner. Use the command:
Code:
python3.5 v3n0m.py
Now you should be ready to use v3n0m. You should see a menu. Press 1 on your keyboard and then enter once more, then I usually type 0 for max efficiency but, it’s up to you how many dorks you wish to use. Then for threads, I max out at 500, for max efficiency. Then type 20 and enter. Then watch v3n0m scan. v3n0m will scan and then eventually it will say its finished, you want to choose 1, SQL Testing, this will print injectable sites, which is exactly what we need.
Dumping Tutorial
Now that you have found a site from v3n0m that you want to dump you want to use sqlmap. Here is a sqlmap tutorial. YouTube
Once you have dumped your list you may be noticed that sqlmap saved it as a CSV and instead of username:password it saved as username, password. To fix this I go to
This Site I divide the list using the delimiter, and then put the list back together with the delimiter.
Happy Learning
Regards, SaM