sqlmc Scanned 0 URLs

Hello Developers,

I am facing a similar issue. When I first ran the script on my WSL, it worked fine for the first scan. It displayed the test results and even showed that the URL was vulnerable. However, when I try scanning the same URL again, it shows "0 URLs scanned" and I encounter the following error:

FO:sqlmc.lib.scanner:[2025-04-21 06:02:36.025800] Scanned: http://testphp.vulnweb.com/cart.php, Vulnerable: False, Database: None INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.026069] Scanned: http://testphp.vulnweb.com/guestbook.php, Vulnerable: False, Database: None INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.029254] Scanned: http://testphp.vulnweb.com/categories.php, Vulnerable: False, Database: None INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.029521] Scanned: http://testphp.vulnweb.com/AJAX/index.php, Vulnerable: False, Database: None Traceback (most recent call last): File "/home/unknone/.local/bin/sqlmc", line 8, in sys.exit(main()) ^^^^^^ File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/sqlmc.py", line 41, in main sqlscanner = scanner.Scanner(url, depth) ^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 24, in init asyncio.run(self.scan(url, depth)) File "/usr/lib/python3.12/asyncio/runners.py", line 194, in run return runner.run(main) ^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/asyncio/runners.py", line 118, in run return self._loop.run_until_complete(task) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/asyncio/base_events.py", line 687, in run_until_complete return future.result() ^^^^^^^^^^^^^^^ File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan await asyncio.gather(*tasks) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link await self.scan(href, depth - 1) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan await asyncio.gather(*tasks) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link await self.scan(href, depth - 1) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan await asyncio.gather(*tasks) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link await self.scan(href, depth - 1) File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 45, in scan html = await self.fetch_html(url) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 39, in fetch_html return await response.text() ^^^^^^^^^^^^^^^^^^^^^

File "/home/unknone/.local/lib/python3.12/site-packages/aiohttp/client_reqrep.py", line 1265, in text return self._body.decode(encoding, errors=errors) # type: ignore[union-attr] ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte It seems like the issue arises when trying to decode the response text from the URL. Any advice on how to resolve this issue?

Thank you!

Apr 21 '25 06:04 kishwordulal1234

┌──(root㉿kali)-[/home/kali] └─# sqlmc -u "https://www.cipred.org.np/content/6" -d 5

/ | / _ | | | / |/ | _ | | | | | | |/| | |
) | || | || | | | | |/ ___|| ||___|

Version: 1.1.0 Author: Miguel Álvarez Scanning https://www.cipred.org.np/content/6 with depth 5 INFO:sqlmc.lib.scanner:[2025-04-21 03:45:54.235219] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:45:57.138490] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:00.546534] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:03.451824] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:06.348779] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL +--------------------------------------+----------+---------+--------------+-------------+
| url | server | depth | vulnerable | db server |
+======================================+==========+=========+==============+=============+
| https://www.cipred.org.np/content/6# | Apache | 0 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 1 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 2 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 3 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 4 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
Scanned 5 URLs

┌──(root㉿kali)-[/home/kali] └─# ┌──(root㉿kali)-[/home/kali] └─# sqlmc -u "https://www.cipred.org.np/content/6" -d 5

/ | / _ | | | / |/ | _ | | | | | | |/| | |
) | || | || | | | | |/ ___|| ||___|

Version: 1.1.0 Author: Miguel Álvarez Scanning https://www.cipred.org.np/content/6 with depth 5 INFO:sqlmc.lib.scanner:[2025-04-21 03:45:54.235219] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:45:57.138490] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:00.546534] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:03.451824] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL INFO:sqlmc.lib.scanner:[2025-04-21 03:46:06.348779] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL +--------------------------------------+----------+---------+--------------+-------------+
| url | server | depth | vulnerable | db server |
+======================================+==========+=========+==============+=============+
| https://www.cipred.org.np/content/6# | Apache | 0 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 1 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 2 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 3 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 4 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
Scanned 5 URLs

see now it working in freshly install linux

Apr 21 '25 07:04 kishwordulal1234

Maybe for http://testphp.vulnweb.com/ you need a cookie to log-in and be able to scan URLs, sinceyou are not logged in you would not be able to scan anything, it should be a feature to add

Apr 21 '25 09:04 malvads

i would test later and release a fix for this issues

Apr 21 '25 09:04 malvads

Hello Folks. this sqlmc -u "http://testphp.vulnweb.com/" -d 2 works fine but sqlmc -u "http://testphp.vulnweb.com" -d 2 gives Scanned 0 URLs etc... which means: / differs.

after some testing, i realized that the tool expects file path if the URL not ending with / like: http://testphp.vulnweb.com/listproducts.php and the best case: is to pass the domain name (with its tld) followed by / and prefixed with http schemas (both http & https separately), this will work fine, and gives more results. Thanks.

Jun 18 '25 09:06 beta0x01