Jump to content

How to Find SQL Injection (SQLi) Vulnerabilities Using Nmap in Termux

abbalolucky
in Termux Tools & Commands

Featured Replies

Posted

πŸ”Ž How to Find SQL Injection (SQLi) Vulnerabilities Using Nmap in Termux

Do you want to check if a website is vulnerable to SQL injection using just your Android phone?

Good news! You can use the app called Termux, along with a tool called Nmap, to scan websites and look for possible SQLi vulnerabilities.

In this post, I’ll show you how to:

  • Use Termux on Android

  • Install Nmap

  • Run a special Nmap script to check for SQL injection

Let’s get started!

βœ… What You Need

Before we begin, make sure you have:

  • Termux installed (from F-Droid)

  • Internet connection

  • A target website (must be your own site or for learning only)

⚠️ Warning: Only test websites you own or have permission to scan. Hacking other websites is illegal.

πŸ› οΈ Step-by-Step Guide to Finding SQLi with Nmap

πŸ”Ή Step 1: Open Termux

Launch the Termux app on your Android device.

πŸ”Ή Step 2: Update Termux Packages

Always update first:

apt update && apt upgrade -y

πŸ”Ή Step 3: Install Nmap

Now install Nmap using this command:

pkg install nmap

Wait for it to finish installing.

πŸ”Ή Step 4: Use Nmap Script to Scan for SQL Injection

Nmap has built-in scripts that can check for SQLi.

Use this command:

nmap -p 80 --script http-sql-injection example.com

πŸ” Replace example.com with the website you want to test.

What this command does:

  • -p 80: scans port 80 (default web port)

  • --script http-sql-injection: uses the SQLi check script

πŸ§ͺ Example

nmap -p 80 --script http-sql-injection testphp.vulnweb.com

Output:
If the site is vulnerable, Nmap will show messages like:

Possible SQL injection found at /somepage.php?id=1

πŸ’‘ Optional: Scan Other Ports Too

Some websites run on other ports like 8080 or 443.
You can change the port like this:

nmap -p 8080 --script http-sql-injection example.com

Or scan multiple ports:

nmap -p 80,443 --script http-sql-injection example.com

πŸ›‘ Tips and Warnings

  • Always scan with permission

  • Don’t overuse the scan on live websites

  • Use safe test websites like:

    • testphp.vulnweb.com

    • demo.testfire.net

Using Nmap in Termux is a great way to learn cybersecurity and practice ethical hacking on your phone. The http-sql-injection script can help you find SQLi vulnerabilities on websites that are poorly secured.

This tool is powerful, but it must be used responsibly. Never scan or attack any website without permission.


    •
    • Like 1

    Create an account or sign in to comment

    Go to topic listing