Sql Injection Scanner
by @edgeiq-labs
Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting.
clawhub install edgeiq-sql-injection-scannerπ About This Skill
SQL Injection Scanner
Skill Name: sql-injection-scanner
Version: 1.0.0
Category: Security / Vulnerability Assessment
Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently)
Author: EdgeIQ Labs
OpenClaw Compatible: Yes β Python 3, pure stdlib + urllib, WSL + Linux
What It Does
Detects SQL injection vulnerabilities in web application parameters using multiple detection techniques: boolean-based blind injection, time-based blind injection, and UNION SELECT extraction. Designed for security professionals and developers auditing their own applications.
> β οΈ Legal Notice: Only scan domains you own or have explicit written authorization to test. Unauthorized scanning is illegal.
Features
SLEEP() delays to confirm injectionTier Comparison
| Feature | Free | Lifetime ($39) | Optional Monthly ($7/mo) | |---------|------|----------------|----------------------| | Single URL + parameter test | β | β | β | | Boolean blind detection | β | β | β | | Time-based detection | β | β | β | | UNION SELECT extraction | β | β | β | | Multiple parameter scan | β (unlimited) | β (unlimited) | β (unlimited) | | JSON export | β | β | β | | Custom payload wordlist | β | β | β |
Installation
cp -r /home/guy/.openclaw/workspace/apps/sql-injection-scanner ~/.openclaw/skills/sql-injection-scanner
Usage
Basic scan (free tier)
python3 sql_scanner.py --url "https://example.com/product?id=1"
Pro scan (time-based + UNION + multiple params)
EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
--url "https://example.com/product?id=1&category=2&search=test" \
--pro
Test specific parameter only
python3 sql_scanner.py --url "https://example.com/search?q=test" --param q
Full bundle scan with JSON export
EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
--url "https://example.com/api/user?id=1" \
--bundle --output report.json
As OpenClaw Discord Command
In #edgeiq-support channel:
!sqli https://example.com/product?id=1
!sqli https://example.com/search?q=test --pro
!sqli https://example.com/api?id=1&uid=2 --bundle
Parameters
| Flag | Type | Default | Description |
|------|------|---------|-------------|
| --url | string | β | Target URL with parameter(s) |
| --param | string | all | Specific parameter to test |
| --pro | flag | False | Enable Pro features |
| --bundle | flag | False | Enable Bundle features |
| --output | string | β | Write JSON report to file |
| --delay | float | 1.0 | Delay between requests (seconds) |
| --timeout | int | 10 | Request timeout (seconds) |
Output Example
=== SQL Injection Scanner ===
Target: https://example.com/product?id=1 [1mParameter: category β SAFE β
[0m
Method: All checks passed
Response: 1244 bytes / 200 OK
Database: MySQL 8.0.23 (via UNION)
User: app_user@localhost
Threat Level: CRITICAL β 1 injectable parameter found
Pro Upgrade
Boolean blind + time-based + UNION SELECT + multiple parameters:
π [Buy Lifetime β $39 π Subscribe Monthly β $7/mo
Support
Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com
π More from EdgeIQ Labs
edgeiqlabs.com β Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.
π‘ Examples
Basic scan (free tier)
python3 sql_scanner.py --url "https://example.com/product?id=1"
Pro scan (time-based + UNION + multiple params)
EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
--url "https://example.com/product?id=1&category=2&search=test" \
--pro
Test specific parameter only
python3 sql_scanner.py --url "https://example.com/search?q=test" --param q
Full bundle scan with JSON export
EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
--url "https://example.com/api/user?id=1" \
--bundle --output report.json
As OpenClaw Discord Command
In #edgeiq-support channel:
!sqli https://example.com/product?id=1
!sqli https://example.com/search?q=test --pro
!sqli https://example.com/api?id=1&uid=2 --bundle