This Python tool is designed to scan web applications for SQL Injection and Blind SQL Injection vulnerabilities. It supports scanning URLs provided via a text file and uses custom payloads to detect common SQLi vulnerabilities. The tool outputs vulnerable URLs both in the terminal and in a specified output file.
Features:
Installation:
Clone this repository:
Navigate to the project directory:
Install the required Python packages:
Running the Tool
Help
This Tool is intended for educational and ethical hacking purposes only. It should only be used to test systems you own or have explicit permission to test. Unauthorized use of third-party websites or systems without consent is illegal and unethical.
Features:
SQL Injection Detection: Detects error-based SQL Injection vulnerabilities.
Blind SQL Injection Detection: Uses time-based payloads to detect Blind SQL Injection vulnerabilities.
User-Agent Rotation: Rotates between Firefox and Chrome user-agents to avoid detection.
Line-by-Line Scanning: Outputs scanning results in real-time as each URL is processed.
Error Handling: Retries failed connections and prints errors in red for better visibility.
Blind SQL Injection Detection: Uses time-based payloads to detect Blind SQL Injection vulnerabilities.
User-Agent Rotation: Rotates between Firefox and Chrome user-agents to avoid detection.
Line-by-Line Scanning: Outputs scanning results in real-time as each URL is processed.
Error Handling: Retries failed connections and prints errors in red for better visibility.
Installation:
Clone this repository:
git clone https://github.com/aungsanoo-usa/sqli-scanner.git
Navigate to the project directory:
cd sqli-scanner
Install the required Python packages:
pip install -r requirements.txt
Running the Tool
python3 scanner.py -u <path-to-url-file> -p <path-to-sqli-payload-file> -b <path-to-blind-sqli-payload-file> -o <output-file>
python scanner.py -h
Warning
This Tool is intended for educational and ethical hacking purposes only. It should only be used to test systems you own or have explicit permission to test. Unauthorized use of third-party websites or systems without consent is illegal and unethical.
Tags:
Tools