A Python-based command-line tool designed to detect potential SQL Injection vulnerabilities in web applications. This tool uses safe, non-exploit-based techniques to identify patterns indicative of SQLi flaws.
- Boolean-based Detection: Identifies vulnerabilities by checking for changes in the web page's response length.
- Time-based (Blind) Detection: Detects potential vulnerabilities by measuring response delays.
- Parameter Auto-Discovery: Automatically finds and tests GET parameters from the provided URL.
- Severity Classification: Classifies potential findings as HIGH, MEDIUM, or LOW based on the detection method.
- Colored CLI Output: Provides clear, color-coded feedback for easy result interpretation.
-
Clone the repository:
git clone https://github.com/rifatsh3ikh/sql-injection-detection-tool.git
-
Navigate to the project directory:
cd sql-injection-detection-tool -
Install the required dependencies:
pip install -r requirements.txt
To scan a URL, use the -u or --url flag followed by the target URL, including its parameters.
python scanner.py -u "http://testphp.vulnweb.com/listproducts.php?cat=1"
███████╗ ██████╗ ██╗ ██╗
██╔════╝██╔═══██╗██║ ██║
███████╗██║ ██║██║ ██║
╚════██║██║ ██║██║ ██║
███████║╚██████╔╝███████╗██║
╚══════╝ ╚═════╝ ╚══════╝╚═╝
SQL Injection Detection Tool
Authorized Testing Only
[+] Target: http://testphp.vulnweb.com/listproducts.php?cat=1
[!] cat → Possible SQLi (MEDIUM)
[!] cat → Possible SQLi (MEDIUM)
[✓] Scan completed
The tool operates by performing the following steps:
- Baseline Request: It sends an initial request to the target URL to establish a baseline for response length.
- Parameter Discovery: It parses the URL to identify all GET parameters to be tested.
- Payload Injection: For each parameter, it iterates through a list of safe, non-destructive SQL payloads (e.g.,
',",' OR '1'='1'). - Detection:
- Boolean-based: It compares the response length of the test request with the baseline. A significant difference suggests that the payload affected the page's content, indicating a potential boolean-based SQLi.
- Time-based: It measures the response time for each payload. A significant delay (e.g., >5 seconds) suggests the database is processing a time-based command, indicating a potential blind SQLi.
- Reporting: All potential vulnerabilities are printed to the console with a corresponding severity level.
Contributions are welcome! To contribute:
Fork the project
Create a feature branch (git checkout -b feature/your‑idea)
Commit your changes (git commit -m "Add feature")
Push to your branch (git push)
Open a Pull Request
Maintained by rifatsh3ikh
This project is licensed under the MIT License - see the LICENSE file for details.