joswr1ght/heinous-shell-sqli-scanner.sh

## heinous-shell-sqli-scanner.sh
# This heinous command searches for SQL injection vulnerable code:
# 1. Use awk to convert multiline strings into a single line
# 2. Fix things up with sed to make line endings normal again
# 3. Search for SQL-related statements
# 4. Search for lines where there are two or more $ variable indicators
#
# This is a hack. Please don't let this be my legacy.
#
awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' *.php | sed 's/;/;\n/g;s/}/}\n/g' | grep -iE "select|insert|update|delete" | grep -E "\\$.*\\$"
	# This heinous command searches for SQL injection vulnerable code:
	# 1. Use awk to convert multiline strings into a single line
	# 2. Fix things up with sed to make line endings normal again
	# 3. Search for SQL-related statements
	# 4. Search for lines where there are two or more $ variable indicators
	#
	# This is a hack. Please don't let this be my legacy.
	#
	awk -F"\"" '!$NF{ print; next }{ printf("%s ", $0) }' .php \| sed 's/;/;\n/g;s/}/}\n/g' \| grep -iE "select\|insert\|update\|delete" \| grep -E "\\$.\\$"