Skip to content
/ blackSQL Public

blackSQL – Automate SQL Injection detection with ease! Scan, exploit, and bypass WAFs. Ethical hacking made simple.

License

MIT license
13 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

sharafdin/blackSQL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

13 Commits
lib
lib
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
blacksql.py
blacksql.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

blackSQL

An advanced SQL Injection scanner with support for Error-Based, Union-Based, Boolean-Based, and Time-Based detection techniques.

Features

  • Multiple SQL injection detection techniques:
    • Error-Based SQL Injection
    • Boolean-Based SQL Injection
    • Time-Based SQL Injection
    • Union-Based SQL Injection
  • Multi-threaded scanning for faster results
  • Database type detection (MySQL, PostgreSQL, MSSQL, Oracle, SQLite)
  • Database enumeration (tables, columns, data)
  • Colorized CLI output
  • Structured logging (JSON/CSV)
  • WAF bypass techniques

Installation

git clone https://github.com/sharafdin/blackSQL.git
cd blackSQL
pip install -r requirements.txt

Usage

Basic usage:

python blacksql.py -u "http://example.com/page.php?id=1"

Advanced options:

python blacksql.py -u "http://example.com/page.php?id=1" --level 3 --threads 10 --dump

Command Line Arguments

Option Description
-u, --url Target URL (e.g., http://example.com/page.php?id=1)
-p, --params Specify parameters to scan (e.g., 'id,page')
--data POST data (e.g., 'id=1&page=2')
-c, --cookies HTTP cookies (e.g., 'PHPSESSID=value; admin=0')
-t, --threads Number of threads (default: 5)
--timeout Connection timeout in seconds (default: 10.0)
--proxy Use a proxy (e.g., 'http://127.0.0.1:8080')
--level Scan level (1-3, higher = more tests)
--dump Attempt to dump database tables when vulnerable
--batch Never ask for user input, use the default behavior
-o, --output Save scan results to a file (CSV/JSON)

Examples

Scan a URL with a specific parameter:

python blacksql.py -u "http://example.com/page.php?id=1" -p "id"

Scan with POST data:

python blacksql.py -u "http://example.com/login.php" --data "username=admin&password=test"

Use a proxy and increase scan level:

python blacksql.py -u "http://example.com/page.php?id=1" --proxy "http://127.0.0.1:8080" --level 3

Dump database when vulnerabilities are found:

python blacksql.py -u "http://example.com/page.php?id=1" --dump

Disclaimer

This tool is intended for legal security testing and educational purposes only. Do not use it against any website or system without proper authorization. The author is not responsible for any misuse or damage caused by this tool.

License

blackSQL is an open-source package licensed under the MIT License

About

blackSQL – Automate SQL Injection detection with ease! Scan, exploit, and bypass WAFs. Ethical hacking made simple.

Topics

hacking sqli sql-injection blacksql

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

1 watching

Forks

1 fork
Report repository

Languages