🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Sql Injection Scanner

by @edgeiq-labs

Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting.

TERMINAL
clawhub install edgeiq-sql-injection-scanner

πŸ“– About This Skill

SQL Injection Scanner

Skill Name: sql-injection-scanner Version: 1.0.0 Category: Security / Vulnerability Assessment Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently) Author: EdgeIQ Labs OpenClaw Compatible: Yes β€” Python 3, pure stdlib + urllib, WSL + Linux


What It Does

Detects SQL injection vulnerabilities in web application parameters using multiple detection techniques: boolean-based blind injection, time-based blind injection, and UNION SELECT extraction. Designed for security professionals and developers auditing their own applications.

> ⚠️ Legal Notice: Only scan domains you own or have explicit written authorization to test. Unauthorized scanning is illegal.


Features

  • Boolean-based blind injection β€” infer SQL truth from page response differences
  • Time-based blind injection β€” use SLEEP() delays to confirm injection
  • UNION SELECT extraction β€” pull database version, user, and schema via UNION payloads
  • Auto-detection β€” automatically identifies which parameter types are injectable
  • Parameter scanner β€” test multiple parameters in a single run
  • JSON export β€” structured results for reporting and integration

  • Tier Comparison

    | Feature | Free | Lifetime ($39) | Optional Monthly ($7/mo) | |---------|------|----------------|----------------------| | Single URL + parameter test | βœ… | βœ… | βœ… | | Boolean blind detection | βœ… | βœ… | βœ… | | Time-based detection | βœ… | βœ… | βœ… | | UNION SELECT extraction | βœ… | βœ… | βœ… | | Multiple parameter scan | βœ… (unlimited) | βœ… (unlimited) | βœ… (unlimited) | | JSON export | βœ… | βœ… | βœ… | | Custom payload wordlist | βœ… | βœ… | βœ… |


    Installation

    cp -r /home/guy/.openclaw/workspace/apps/sql-injection-scanner ~/.openclaw/skills/sql-injection-scanner
    


    Usage

    Basic scan (free tier)

    python3 sql_scanner.py --url "https://example.com/product?id=1"
    

    Pro scan (time-based + UNION + multiple params)

    EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
      --url "https://example.com/product?id=1&category=2&search=test" \
      --pro
    

    Test specific parameter only

    python3 sql_scanner.py --url "https://example.com/search?q=test" --param q
    

    Full bundle scan with JSON export

    EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
      --url "https://example.com/api/user?id=1" \
      --bundle --output report.json
    

    As OpenClaw Discord Command

    In #edgeiq-support channel:

    !sqli https://example.com/product?id=1
    !sqli https://example.com/search?q=test --pro
    !sqli https://example.com/api?id=1&uid=2 --bundle
    


    Parameters

    | Flag | Type | Default | Description | |------|------|---------|-------------| | --url | string | β€” | Target URL with parameter(s) | | --param | string | all | Specific parameter to test | | --pro | flag | False | Enable Pro features | | --bundle | flag | False | Enable Bundle features | | --output | string | β€” | Write JSON report to file | | --delay | float | 1.0 | Delay between requests (seconds) | | --timeout | int | 10 | Request timeout (seconds) |


    Output Example

    === SQL Injection Scanner ===
    Target: https://example.com/product?id=1

    1mParameter: id β€” INJECTABLE πŸ”΄[0m Method: Boolean Blind Payload: ' OR 1=1 -- True resp: 1423 bytes / 200 OK False resp: 0 bytes / 302 redirect Confidence: HIGH

    [1mParameter: category β€” SAFE βœ…[0m Method: All checks passed Response: 1244 bytes / 200 OK

    Database: MySQL 8.0.23 (via UNION) User: app_user@localhost

    Threat Level: CRITICAL β€” 1 injectable parameter found


    Pro Upgrade

    Boolean blind + time-based + UNION SELECT + multiple parameters:

    πŸ‘‰ [Buy Lifetime β€” $39 πŸ‘‰ Subscribe Monthly β€” $7/mo


    Support

    Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com


    πŸ”— More from EdgeIQ Labs

    edgeiqlabs.com β€” Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • πŸ› οΈ Subdomain Hunter β€” Passive subdomain enumeration via Certificate Transparency
  • πŸ“Έ Screenshot API β€” URL-to-screenshot API for developers
  • πŸ”” uptime.check β€” URL uptime monitoring with alerts
  • πŸ›‘οΈ headers.check β€” HTTP security headers analyzer
  • πŸ‘‰ Visit edgeiqlabs.com β†’

    πŸ’‘ Examples

    Basic scan (free tier)

    python3 sql_scanner.py --url "https://example.com/product?id=1"
    

    Pro scan (time-based + UNION + multiple params)

    EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
      --url "https://example.com/product?id=1&category=2&search=test" \
      --pro
    

    Test specific parameter only

    python3 sql_scanner.py --url "https://example.com/search?q=test" --param q
    

    Full bundle scan with JSON export

    EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
      --url "https://example.com/api/user?id=1" \
      --bundle --output report.json
    

    As OpenClaw Discord Command

    In #edgeiq-support channel:

    !sqli https://example.com/product?id=1
    !sqli https://example.com/search?q=test --pro
    !sqli https://example.com/api?id=1&uid=2 --bundle