SQLInjection is the big thing in breaching the security of different websites and servers. But how to check if a website is vulnerable to SQL or not. Learn how to create SQL vulnerability checker using Python.
In this tutorial, you will learn how to create a simple SQL vulnerability checker tool in Python. It’s very simple tool that will check a given website for SQL loopholes and will let you know if it’s vulnerable to SQL or not. Just go ahead and create your first vulnerability checker tool and start analyzing the websites for SQL vulnerabilities. It’ll work only on websites GET parameters.
Note: This is just a simple program to learn about Python. It doesn’t do any in depth SQL vulnerability scanning.
In order to create, you need the following things to get started.
- Python 3.4
- Stable connection to internet
- SQL vulnerable website
- Machine with Windows or Linux OS
You can download the Python from their official website: https://www.python.org/downloads/
So, how to create SQL vulnerability checker using Python?
Password : EHT or BreachSec
You will find all the step by step instructions how to create SQL vulnerability checker using Python below.
- Before staring, make sure to install the Python.
- First of all create a new file and name it as sqli.py.
- Import the following required libraries in file we created, import sys, urllib, urllib.request or import sys, import urllib and import urllib.request. Just type as shown in the screenshot below.
- Now we need to print on the screen to ask the user to enter a vulnerable website to test. It’s very simple. Just follow the below screenshot. Use fullurl = input(“Enter a website to check: “). Input is the Python keyword for printing anything on the screen.
- Next step is to specify the arguments to apply on a specified website by the user. Just use this code given below. You can follow how to do it through the following screenshot.
for carg in sys.argv:
if carg == “-w”:
argnum = sys.argv.index(carg)
argnum += 1
fullurl = sys.argv[argnum]
- Here comes a important part to code the program to make a web request.
resp = urllib.request.urlopen(fullurl + “=1\’ or \’1\’ = \’1\””)
body = resp.read()
fullbody = body.decode(‘utf-8’)
- After a response, the following code to check if it’s SQL vulnerable or not.
if “You have an error in your SQL syntax” in fullbody:
print (“The website is SQL injection vulnerable!”)
print (“The website is not classic SQL injection vulnerable!”)
- You’re done creating it. Now it’s time to run and test your program. To run, just type in cmd, python sqli.py. It will ask for website to scan. Just put a website and hit enter.
That’s all how to create your very own Python program. Hope it will work for you.
Note: Use Virtual Machine and scan on VirusTotal before downloading any program on Host Machine for your privacy.