Making a SQL Scanner In Python

SQL injection is a code injection technique that is used to execute SQL queries via the user input data to the vulnerable web application. It is one of the most common and dangerous web hacking techniques.

A successful SQL injection exploit can cause a lot of harmful damage to the database and web application in general. For example, it can read sensitive data such as user passwords from the database, insert, modify and even delete data.

In this tutorial, you will learn how to build a simple Python script to detect SQL injection vulnerability in web applications.

Let’s install the required libraries for this tutorial:

Let’s import the necessary modules:

We also initialized a requests session and set the user agent.

Since SQL injection is all about user inputs, we are going to need to extract web forms first, we gonna need the below functions:

get_all_forms() uses BeautifulSoup library to extract all form tags from HTML and returns them as a Python list, whereas get_form_details() the function gets a single form tag object as an argument and parses useful information about the form, such as action (the target URL), method (GET, POST, etc) and all input field attributes (type, name and value).

Next, we define a function that tells us whether a web page has SQL errors in it, this will be handy when checking for SQL injection vulnerability:

I can’t define errors for all database servers, for more reliable checking, you need to use regular expressions to find error matches, check this XML file which has a lot of them (used by sqlmap utility).

Now that we have all the tools, let’s define the main function that searches for all forms on the web page and tries to place quote and double quote characters in input fields:

Before extracting forms and submitting them, the above function checks for the vulnerability in the URL first, as the URL itself may be vulnerable, this is simply done by appending a quote character to the URL.

We then make the request using the requests library and check whether the response content has the errors that we’re searching for.

After that, we parse the forms and make submissions with quote characters on each form found, here is my run after testing on a known vulnerable web page:

Output:

As you can see, this was vulnerable in the URL itself, but after I tested this on my local vulnerable server (DVWA), I got this output:

Note: If you want to test the script on local vulnerable web applications like DVWA, you need to log in first.

Conclusion

Note that I’ve tested this script on many vulnerable websites and it works just fine. However, if you want a more reliable SQL injection tool, consider using sqlmap, it is written in Python language as well, and it automates the process of detecting as well as exploiting SQL injection flaws.

You can extend this code by adding an exploitation feature, this cheat sheet can help you use the right SQL commands. Or you may want to extract all website links and check for the vulnerability on all site pages, you can do it as well!

Here is the source code of the article:-

https://github.com/KoderKumar/SQL-Scanner

Thank you for reading my article

And if you like it give me a follow.

https://www.instagram.com/coder_kumar/