A Python-based lightweight scanner to identify SQL Injection vulnerabilities in web applications using GET or POST requests. Designed for learning, testing, and demo purposes β ideal for bug bounty practice, local testing (like DVWA/bWAPP), or cybersecurity portfolios.
- β Accepts dynamic target URLs via CLI
- β Supports both GET and POST methods
- β
Injects multiple SQL payloads from
payloads.txt - β Detects possible injection by keyword-based response analysis
- β
Extracts
<title>from responses for better context - β
Colorized terminal output using
colorama - β
Logs vulnerable payloads to a
results.txtfile - β Generates structured JSON report with timestamp
- β
CLI flags via
argparsefor flexibility
pip install requests colorama
πΉ 2. Run the Scanner
python scanner.py --url "http://target.com/page.php?id=" --method GET --payloads payloads.txt
β
Replace the URL with your own
β
Use POST if scanning login forms
βοΈ Command-Line Flags
Flag Description
--url Target URL (required)
--method GET or POST (default: GET)
--payloads Path to payloads file (default: payloads.txt)
π Output
β
results.txt β Plain-text log of successful payloads
β
sqli_report_YYYYMMDD_HHSS.json β Full scan summary
π§ͺ Example Use (with DVWA)
python scanner.py --url "http://localhost/dvwa/vulnerabilities/sqli/?id=" --method GET --payloads payloads.txt
π File Structure
SQLi-Scanner/
βββ scanner.py # Main script
βββ payloads.txt # SQL payloads
βββ README.md # This file
β οΈ Legal Disclaimer
This tool is intended for educational and authorized testing only.
Do NOT use on websites you don't own or have explicit permission to test.
π Credits
Made by raza360ahmed
Inspired by hands-on cybersecurity learning π»π