Installation Requirements
Create a requirements.txt file:
txt
requests=2.28.0
beautifulsoup4=4.11.0
tkinter # Usually comes with Python
colorama=0.4.0 # Optional for colored output
Installation and Usage
- Install dependencies:
bash
pip install -r requirements.txt
- Run the scanner:
bash
python sql_scanner.py
Features
1. Multiple Scanning Techniques:
- Boolean-based SQL injection
- Error-based SQL injection
- Time-based SQL injection
- Union-based SQL injection
- Blind SQL injection
2. Advanced GUI Features:
- Real-time results display
- Color-coded severity levels (CRITICAL, HIGH, MEDIUM, LOW)
- Progress tracking
- Export functionality (JSON/CSV)
- Custom headers and cookies support
3. Scanning Modes:
- Quick scan (basic payloads)
- Full scan (all payloads)
- Deep scan (extensive testing)
- Crawl mode (automatically discovers and tests pages)
4. Database Integration:
- SQLite database for storing results
- Persistent scan history
- Easy result retrieval
5. Additional Features:
- Multi-threaded scanning
- Web Application Firewall (WAF) detection
- Form auto-discovery
- Session management
- Custom payload support
Ethical Usage Warning
⚠️ IMPORTANT: This tool is for educational and authorized testing purposes only.
Legal Compliance:
- Only test systems you own or have written permission to test
- Unauthorized testing is illegal and unethical
- Comply with all applicable laws and regulations
- Respect robots.txt and terms of service
- Use only in controlled lab environments for learning
Recommended Test Environments:
- DVWA (Damn Vulnerable Web Application)
- bWAPP
- WebGoat
- Mutillidae
- Your own test applications
Extending the Tool
- Add More Payloads: Create a payloads.txt file with custom payloads
- Add Database Support: Extend to support MySQL, PostgreSQL payloads
- Add Reporting: Generate PDF/HTML reports
- Add Authentication: Handle login forms and sessions
- Add Proxy Support: Route traffic through proxies
Safety Features
- Rate limiting (to avoid DoS)
- Timeout handling
- Error recovery
- Session management
- Configurable delays between requests
Comments