cookie_vuln_scanner.py is a Python script that scans a web application's response to a GET request for cookies and automatically injects False and True SQL statements into those cookies. It supports the discovery of SQL Injection vulnerabilities using both Boolean-Based and Time-Based techniques.
To use the Cookie SQL Injection Vulnerability Scanner, run the script with the following command:
python cookie_vuln_scanner.py [OPTIONS] URL- URL: The target web application URL to scan for SQL Injection vulnerabilities.
- OPTIONS:
-v, --verbose: Use this flag for verbose output.
- Scan web applications for SQL Injection vulnerabilities in cookies.
- Support for both Boolean-Based and Time-Based SQL Injection techniques.
- Generate payloads for different SQL injection attacks.
- Compare responses to detect SQL Injection vulnerabilities.
-
Clone the repository:
git clone https://github.com/hogchild/SQLWasp.git cd SQLWasp -
Run the script with Python 3.12:
python cookie_vuln_scanner.py [OPTIONS] URL
The Cookie SQL Injection Vulnerability Scanner works by performing the following steps:
- Sends a GET request to the provided URL.
- Extracts cookies from the response.
- Injects False and True SQL statements into each cookie.
- Compares the responses to detect SQL Injection vulnerabilities.
- Provides verbose output to help with the analysis.
Contributions to this project are welcome. If you have suggestions, bug reports, or want to add new features, please open an issue or create a pull request.
This project is licensed under the MIT License - see the LICENSE file for details.