It contains all the features from the first released version 0.3 and now contains – in addition – a column fuzzer. Simply start a scan by using python sqli_scanner.py -u “target” and then start fuzzing by using the parameter -fuzz “exploit url”. The exploit url will be provided by the scanner (when a vulnerability was found).

Description
The Simple SQL Injection Vulnerability Scanner helps you to find SQL injection vulnerabilities within your website. Simply provide an URL and let the tool do all the work.

Features
- Scan a single URL
- Detect SQL injection vulnerabilities
- User agent for web requests
- User friendly (easy to use, everything is automated)
- Error handling for http requests
- Display a short scan report
- Check if the provided URL is reachable

Additional information
Written in Python (less than 400 lines).

Usage
python sqli_scanner.py -u “http://target/index.php?var1=x&var2=y″

Disclaimer
This tool was written for educational and penetration testing purposes. Only check websites you are allowed to test, e.g. your own or one of your customers/friends. I am not responsible for any damage you or my script could cause. Please know and respect your local laws.

Known issue
Sometimes the target webserver throws back specific errors (403, 500 etc.). The Simple SQL Injection Vulnerability Scanner then fails to find SQL injection vulnerabilities.

Screenshot

Simple SQL Injection Vulnerability Scanner - sample output