Skip to content

ghostnetworksec-hub/SQLInject

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 
sqlinject.py
sqlinject.py
 
 

Repository files navigation

Sqlinject 💉

Advanced SQL Injection Scanner with WAF Bypass

Detects error-based, boolean-blind, time-based blind, union-based, header injection. Supports GET, POST, JSON body, HTTP headers. Built-in WAF detection + bypass.

⚡ Setup

pip3 install rich
python3 sqlinject.py -u "https://example.com/page?id=1"

Zero external dependencies beyond rich.

🚀 Commands

# Scan GET parameter
python3 sqlinject.py -u "https://example.com/page?id=1"

# Scan POST login form
python3 sqlinject.py -u "https://example.com/login" \
  --method POST --data "user=admin&pass=test"

# Scan JSON API endpoint
python3 sqlinject.py -u "https://api.example.com/user" \
  --json '{"id": 1}'

# Level 3 — time-based blind + advanced payloads
python3 sqlinject.py -u "https://example.com/page?id=1" --level 3

# WAF bypass mode
python3 sqlinject.py -u "https://example.com/page?id=1" --waf-bypass

# Also test HTTP headers (X-Forwarded-For, Referer, etc.)
python3 sqlinject.py -u "https://example.com/page?id=1" --scan-headers

# With auth token
python3 sqlinject.py -u "https://api.example.com/data?id=1" \
  --headers "Authorization: Bearer YOUR_TOKEN"

# With cookies
python3 sqlinject.py -u "https://example.com/page?id=1" \
  --cookies "session=abc123; token=xyz"

# Scan a list of URLs
python3 sqlinject.py --list urls.txt

# Verbose output
python3 sqlinject.py -u "https://example.com/page?id=1" --verbose

🎯 Detection Methods

Type How It Works
Error-based Injects ' and similar — detects DB error messages
Boolean-based Blind Compares OR 1=1 vs OR 1=2 responses
Time-based Blind Uses SLEEP(3) / WAITFOR DELAY — measures response time
Union-based Tests UNION SELECT column count matching
Header Injection Tests X-Forwarded-For, Referer, User-Agent, Cookie
JSON Injection Tests each key in JSON request body

🛡️ WAF Bypass Techniques (--waf-bypass)

  • Case variation (SeLeCt instead of SELECT)
  • URL encoding / double URL encoding
  • Comment injection (SE/**/LECT)
  • Whitespace variation (SELECT\n)
  • Null byte injection
  • Plus sign space bypass
  • Inline comment obfuscation

🗄️ Database Detection

Detects: MySQL, PostgreSQL, MSSQL, Oracle, SQLite

📊 Scan Levels

Level Payloads Best For
--level 1 Basic ', ", \\ Quick check
--level 2 + Boolean, Union (default) Standard scan
--level 3 + Time-based, Advanced Deep / blind injection

📁 Output Files

sqlinject_output/
├── sqli_findings.json    ← Structured findings
└── SQLI_REPORT.md        ← Full report with evidence + remediation

⚠️ Legal Notice

Only test applications you own or have written authorization to test.

About

Detects error-based, boolean-blind, time-based blind, union-based, header injection. Supports GET, POST, JSON body, HTTP headers. Built-in WAF detection + bypass.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages