I would like to develop a SQL injection vulnerbility scanner.
However, i dont know how to develop it, It is any module in python
could help me develop this app?

My app requirement
User able to input the target URL and apply SQL injection scanning on target URL
After that, the scanner itself would launch SQL injection attacks on the target URL
And then the scanner would analyze the respond of the webpage on the SQL injection attack

4 Years
Discussion Span
Last Post by ryantroop

You could probably look into the unittest module, and make tests based on the various injection types you are trying to test against.

The user would input their database/table and username/password (or, check for their proper setup of a database/table user privelege by spoofing an anonymous query), and use various asserts against the expected result. If any failures occur, then you have a vulnerability.

In truth, you may just want to look into what assert does, and you may not even need unittest, but unittest gives a lot of built in tools to setup and remove all the actions you take.

Of course, if youre making a unittest, you will also need to write a script that will do the actual testing of the things you want to test (assuming you do things "right")... so basically, your first steps should be:

1) Know SQL and all its flavors (Oracle, MySQL, etc...), and their particular differences in structure.
2) Know the different injection practices and how to exploit them
3) Know the particular vulnerabilities that poor SQL admins will make
4) Know how to use unittest, mysql.connect within python
5) Know how to write injections using python.

And that will get you started.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.