Scanned 0 URLs

[kishwordulal1234]

Hello Developers,

I am facing a similar issue. When I first ran the script on my WSL, it worked fine for the first scan. It displayed the test results and even showed that the URL was vulnerable. However, when I try scanning the same URL again, it shows "0 URLs scanned" and I encounter the following error:

FO:sqlmc.lib.scanner:[2025-04-21 06:02:36.025800] Scanned: http://testphp.vulnweb.com/cart.php, Vulnerable: False, Database: None
INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.026069] Scanned: http://testphp.vulnweb.com/guestbook.php, Vulnerable: False, Database: None
INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.029254] Scanned: http://testphp.vulnweb.com/categories.php, Vulnerable: False, Database: None
INFO:sqlmc.lib.scanner:[2025-04-21 06:02:36.029521] Scanned: http://testphp.vulnweb.com/AJAX/index.php, Vulnerable: False, Database: None
Traceback (most recent call last):
File "/home/unknone/.local/bin/sqlmc", line 8, in
sys.exit(main())
^^^^^^
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/sqlmc.py", line 41, in main
sqlscanner = scanner.Scanner(url, depth)
^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 24, in init
asyncio.run(self.scan(url, depth))
File "/usr/lib/python3.12/asyncio/runners.py", line 194, in run
return runner.run(main)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/asyncio/runners.py", line 118, in run
return self._loop.run_until_complete(task)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/asyncio/base_events.py", line 687, in run_until_complete
return future.result()
^^^^^^^^^^^^^^^
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan
await asyncio.gather(*tasks)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link
await self.scan(href, depth - 1)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan
await asyncio.gather(*tasks)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link
await self.scan(href, depth - 1)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 60, in scan
await asyncio.gather(*tasks)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 74, in scan_single_link
await self.scan(href, depth - 1)
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 45, in scan
html = await self.fetch_html(url)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/unknone/.local/lib/python3.12/site-packages/sqlmc/lib/scanner.py", line 39, in fetch_html
return await response.text()
^^^^^^^^^^^^^^^^^^^^^

File "/home/unknone/.local/lib/python3.12/site-packages/aiohttp/client_reqrep.py", line 1265, in text
return self._body.decode(encoding, errors=errors) # type: ignore[union-attr]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
UnicodeDecodeError: 'utf-8' codec can't decode byte 0xff in position 0: invalid start byte
It seems like the issue arises when trying to decode the response text from the URL. Any advice on how to resolve this issue?

Thank you!

[kishwordulal1234]

┌──(root㉿kali)-[/home/kali]
└─# sqlmc -u "https://www.cipred.org.np/content/6" -d 5

---

/ | / _ | | | / |/ |
_ | | | | | | |/| | |
) | || | || | | | |
|/ ___|| ||___|

Version: 1.1.0
Author: Miguel Álvarez
Scanning https://www.cipred.org.np/content/6 with depth 5
INFO:sqlmc.lib.scanner:[2025-04-21 03:45:54.235219] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:45:57.138490] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:00.546534] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:03.451824] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:06.348779] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
+--------------------------------------+----------+---------+--------------+-------------+
| url | server | depth | vulnerable | db server |
+======================================+==========+=========+==============+=============+
| https://www.cipred.org.np/content/6# | Apache | 0 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 1 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 2 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 3 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 4 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
Scanned 5 URLs

┌──(root㉿kali)-[/home/kali]
└─#
┌──(root㉿kali)-[/home/kali]
└─# sqlmc -u "https://www.cipred.org.np/content/6" -d 5

---

/ | / _ | | | / |/ |
_ | | | | | | |/| | |
) | || | || | | | |
|/ ___|| ||___|

Version: 1.1.0
Author: Miguel Álvarez
Scanning https://www.cipred.org.np/content/6 with depth 5
INFO:sqlmc.lib.scanner:[2025-04-21 03:45:54.235219] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:45:57.138490] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:00.546534] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:03.451824] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
INFO:sqlmc.lib.scanner:[2025-04-21 03:46:06.348779] Scanned: https://www.cipred.org.np/content/6#, Vulnerable: True, Database: MySQL
+--------------------------------------+----------+---------+--------------+-------------+
| url | server | depth | vulnerable | db server |
+======================================+==========+=========+==============+=============+
| https://www.cipred.org.np/content/6# | Apache | 0 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 1 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 2 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 3 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
| https://www.cipred.org.np/content/6# | Apache | 4 | Vulnerable | MySQL |
+--------------------------------------+----------+---------+--------------+-------------+
Scanned 5 URLs

see now it working in freshly install linux

[malvads]

Maybe for http://testphp.vulnweb.com/ you need a cookie to log-in and be able to scan URLs, sinceyou are not logged in you would not be able to scan anything, it should be a feature to add

[malvads]

i would test later and release a fix for this issues

[beta0x01]

Hello Folks.
this sqlmc -u "http://testphp.vulnweb.com/" -d 2 works fine
but sqlmc -u "http://testphp.vulnweb.com" -d 2 gives Scanned 0 URLs
etc...
which means: / differs.

---

after some testing, i realized that the tool expects file path if the URL not ending with / like: http://testphp.vulnweb.com/listproducts.php and the best case: is to pass the domain name (with its tld) followed by / and prefixed with http schemas (both http & https separately), this will work fine, and gives more results.
Thanks.