Today I am releasing my Simple SQL Injection Vulnerability Scanner (version 0.3, not 1.0 since it contains not many features).
The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work.
– Scan a single URL
– Detect SQL injection vulnerabilities
– User agent for web requests
– User friendly (easy to use, everything is automated)
– Error handling for http requests
– Display a short scan report
– Check if the provided URL is reachable
Written in Python (less than 400 lines).
python sqli_scanner.py -u “http://target/index.php?var1=x&var2=y″
This tool was written for educational and penetration testing purposes. Only check websites you are allowed to test, e.g. your own or one of your customers/friends. I am not responsible for any damage you or my script could cause. Please know and respect your local laws.
Sometimes the target webserver throws back specific errors (403, 500 etc.). The Simple SQL Injection Vulnerability Scanner then fails to find SQL injection vulnerabilities.