🚀 Barcha

Barcha is your Swiss‑Army knife for SQL Injection reconnaissance 🔍. Written in Go, it automates:

• Shodan enumeration of SSL hosts 🕵️‍♂️
• Liveness & redirect checks (ignores bad certs) 🔄
• Automated Ghauri tests for each host 🛡️
• SQLite logging of every scan 🔖

---

🌟 Features

• 📡 Shodan Dork: hostname:"*.example.com" -403 -503 -http.title:"Invalid URL" -302 -404

• 🖧 Reverse DNS: IP → hostname, skips amazonaws NAT addresses

• 🔀 Redirect Handling: Follows HTTP ↔ HTTPS transparently

• 🔐 TLS Flexibility: Ignores expired/self‑signed certs

• 🛠️ Ghauri Integration: ghauri -u --random-agent --confirm --force-ssl --level=3 --dbs --dump --batch

• 📊 History: Logs into barcha_history.db

📸 Screenshots

Figure 1. Per‑host SQLi testing via Ghauri.

Figure 2. Live host detection & redirect checks.

📋 Requirements

• Go 1.18+
• Ghauri installed & on PATH
• A Shodan API key in SHODAN_API_KEY

⚡ Installation

go install github.com/S1N6H/Barcha@latest

🏃 Usage Export your Shodan key

export SHODAN_API_KEY="YOUR_SHODAN_API_KEY" Run Barcha

./barcha

Enter your target domain when prompted (e.g. example.com)

Watch it go! 🎉