web-vulnerability-scanner/sql_inject.py at main · sanjib2006/web-vulnerability-scanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
import requests

def load_payloads(filename="wordlist/sqlpld.txt"):
    try:
        with open(filename, "r") as file:
            return [line.strip() for line in file.readlines()]
    except FileNotFoundError:
        print(f"{filename} not found.")
        return []

def test_sql_injection(url, param_name):
    payloads = load_payloads()

    print(f"\nTesting SQL Injection on parameter: {param_name}\n")

    for payload in payloads:
        params = {param_name: payload}
        try:
            response = requests.post(url, data=params)
            print(f"Payload: {payload}")
            print(f"URL Tested: {response.url}")
            print(f"Status Code: {response.status_code}")
            if "error" in response.text.lower() or response.status_code == 500:
                print("[!] Possible SQL Injection vulnerability detected!\n")
            elif response.status_code == 200:
                print("[*] Payload was executed or sanitized.\n")
            else:
                print("[+] No obvious vulnerability detected with this payload.\n")
        except requests.exceptions.RequestException as e:
            print(f"[!] An error occurred: {e}")


def run_sql_injection():
    url = input("Enter the URL to test (e.g., http://google.com): ")
    param_name = input("Enter the input field ID to test for SQL injection: ")
    test_sql_injection(url, param_name)

if __name__ == "__main__":
    run_sql_injection()