Pentesting Tools
SQL Injection (SQLi) Scanner
SQLS (SQLSCANNER) is an powerful SQL Injection (SQLi) scanner.
Overview
SQLS (SQLSCANNER) is a powerful tool that employs five distinct techniques to identify Full and Blind (Time-based & Out-of-Band) SQL injection vulnerabilities. Powered by SQLMap, it offers comprehensive coverage for detecting CWE-89 issues. SQL injection is typically classified as a high-severity vulnerability due to its potential for unauthorized data access, modification, or deletion, which can severely impact the target system’s integrity and confidentiality.Usage Examples
You can specify a list of target URLs for SQLS to check for SQL Injection vulnerabilities. Optionally, you may configure any settings you’d like. Afterward, simply click on Scan to launch your scan. Shortly after your scan has been launched, you will be redirected to the page to view your pending scan.
You must provide a list of target URLs to scan for vulnerabilities, not base URLs or root domains. A few examples:Correct:
https://example.com/path/to/scan?param1=xyz¶m2=xyz https://api.example.com/path/to/scan2Incorrect: https://example.com/ https://app.example.com/Scanner settings
This scanner accepts the following optional parameters:Scan mode
To help you quickly scan targets with a pre-set configuration, we’ve decided to introduce Scan Modes. The following 3 scan modes are available:Quick
The Quick Scan Mode provides basic SQL injection detection capabilities, such as Time-based & Error-based SQL injections only. This scan mode is also the fastest scan configuration.Default
The Default Scan Mode provides SQL injection detection capabilities for the most common SQL injection types, such as Time-based, Boolean-based & Error-based SQL injections.Advanced
The Advanced Scan Mode provides SQL injection detection capabilities for all SQL injection types, such as Time-based, Boolean-based, Error-based, Union Query-based, Out-of-Band (Blind) & Stacked Query SQL injections SQL injections.CAUTION! This scan mode can take up to 10 min to scan a single injection point!
Capabilities
SQLS is an powerful SQL Injection (SQLi) scanner equipped with the following capabilities:SQL Injection (SQLi) Detection
SQL Injection (SQLi) Detection
SQLS is an advanced tool to help you detect Time-based, Boolean-based, Error-based, Union Query-based, Out-of-Band (Blind) & Stacked Query SQL Injection (SQLi) vulnerabilities.
Powered by SQLMap Project
Powered by SQLMap Project
SQLS is powered by SQLMap, a trusted tool used by thousands of penetration testers.
Blind SQL Injection Detection
Blind SQL Injection Detection
The scanner attempts to inject various blind SQL injection payloads with your custom OAST Server payload.
Advanced Payloads With WAF Bypasses
Advanced Payloads With WAF Bypasses
Advanced Payloads with Web Application Firewall (WAF) bypasses for popular firewalls like Cloudflare, Akamai, etc.