VOOZH about

URL: https://www.geeksforgeeks.org/python/how-to-build-a-sql-injection-scanner-in-python/

⇱ How to Build a SQL Injection Scanner in Python? - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

How to Build a SQL Injection Scanner in Python?

Last Updated : 24 Jul, 2025

In general terms, SQLi is the most prevalent and dangerous code insertion technique.  An SQLi attack is meant to send malicious SQL commands to the database server. The most common attack goal is bulk extraction of knowledge. Attackers can dump database tables with many thousands of customer records. Depending on the environment, SQL injection also can be exploited to switch or delete data, execute arbitrary OS commands, or launch denial-of-service (DoS) attacks.

Building SQL Injection Scanner in Python

Using the below approach we will extract the web forms first because SQL injection is carried through user input. Then, we will check whether a web page has SQL errors in it, this will be useful when checking for SQL injection attacks and finally, we will test it on HTML forms.

For this, we will require requests and BeautifulSoup package.

Approach:

  1. Import Modules:
    • Use requests for HTTP requests, BeautifulSoup for parsing HTML, and urljoin to handle relative URLs.
  2. Initialize Session:
    • Create a session with requests.Session() and set a User-Agent header to mimic a real browser.
  3. Extract Forms:
    • Fetch all forms from the page using BeautifulSoup and return a list of form tags.
  4. Extract Form Details:
    • Get form action (submission URL), method (POST/GET), and inputs (name, type, and value).
  5. Check for Vulnerabilities:
    • Search for common SQL error messages in the response (e.g., "quoted string not properly terminated").
  6. Test SQL Injection:
    • For each form, inject special characters ('") into the inputs and submit the form.
    • Check if the response contains SQL errors indicating a vulnerability.
  7. Submit Data & Detect:
    • Use POST or GET to submit the form data and check if it’s vulnerable to SQL injection based on the response errors.
  8. Run Script:
    • Pass the URL as an argument and scan for SQL injection vulnerabilities on the page.

Program:

Output:

[+] Detected 2 forms on https://www.geeksforgeeks.org/python/python-programming-language-tutorial/
No SQL Injection vulnerability detected
No SQL Injection vulnerability detected
No SQL Injection vulnerability detected
No SQL Injection vulnerability detected
Comment
Article Tags:
Article Tags: