SQL Injection is one of the most dangerous vulnerabilities in web applications. This scanner attempts to find such vulnerabilities by injecting malicious SQL payloads into parameters and analyzing the responses. The goal of this tool is to provide an automated, lightweight, and easy-to-use solution to detect potential SQL injection flaws early in development or during security assessments.
- Detects both GET and POST-based SQL injection vulnerabilities
- Uses time-based, error-based, and boolean-based payloads
- Supports custom payload lists
- Proxy support (for Burp Suite, etc.)
- Generates a detailed vulnerability report
- Configurable timeout and delay
- Does not use external databases or third-party APIs
- The scanner takes a target URL or POST data and identifies injectable parameters.
- It injects various SQL payloads to test how the server responds.
- It analyzes the HTTP response for signs of a successful SQL injection:
- SQL error messages
- Differences in response content or length
- Delays (for time-based injections)
- If a vulnerability is found, the tool reports the type, parameter, and payload used.