SQL-Injection-Detection-tool/detector.py at main · rifatsh3ikh/SQL-Injection-Detection-tool · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
import requests
import time
from colorama import Fore, Style
from payloads import SAFE_PAYLOADS
from severity import classify
from utils import get_parameters

def scan_url(url):
    print(Fore.CYAN + f"[+] Target: {url}")

    try:
        base_resp = requests.get(url, timeout=10)
        baseline_len = len(base_resp.text)

        params = get_parameters(url)

        if not params:
            print(Fore.YELLOW + "[!] No parameters found to test")
            return

        for param in params:
            for payload in SAFE_PAYLOADS:
                test_params = params.copy()
                test_params[param] = payload

                start = time.time()
                r = requests.get(url, params=test_params, timeout=10)
                delay = time.time() - start

                # Boolean-based detection
                if len(r.text) != baseline_len:
                    level = classify("boolean")
                    print(Fore.YELLOW +
                          f"[!] {param} → Possible SQLi ({level})")

                # Time-based detection
                if delay > 5:
                    level = classify("time")
                    print(Fore.RED +
                          f"[!] {param} → Possible Blind SQLi ({level})")

        print(Fore.GREEN + "[✓] Scan completed")

    except requests.exceptions.RequestException as e:
        print(Fore.RED + f"[X] Network error: {e}")

    finally:
        print(Style.RESET_ALL)