← Back to Skills Marketplace
snipercat69

Sql Injection Scanner

by snipercat69 · GitHub ↗ · v1.4.0 · MIT-0
cross-platform ✓ Security Clean
108
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install edgeiq-sql-injection-scanner
Description
Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting.
README (SKILL.md)

SQL Injection Scanner

Skill Name: sql-injection-scanner
Version: 1.0.0
Category: Security / Vulnerability Assessment
Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently)
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib + urllib, WSL + Linux

What It Does

Detects SQL injection vulnerabilities in web application parameters using multiple detection techniques: boolean-based blind injection, time-based blind injection, and UNION SELECT extraction. Designed for security professionals and developers auditing their own applications.

⚠️ Legal Notice: Only scan domains you own or have explicit written authorization to test. Unauthorized scanning is illegal.

Features

  • Boolean-based blind injection — infer SQL truth from page response differences
  • Time-based blind injection — use SLEEP() delays to confirm injection
  • UNION SELECT extraction — pull database version, user, and schema via UNION payloads
  • Auto-detection — automatically identifies which parameter types are injectable
  • Parameter scanner — test multiple parameters in a single run
  • JSON export — structured results for reporting and integration

Tier Comparison

Feature Free Lifetime ($39) Optional Monthly ($7/mo)
Single URL + parameter test
Boolean blind detection
Time-based detection
UNION SELECT extraction
Multiple parameter scan ✅ (unlimited) ✅ (unlimited) ✅ (unlimited)
JSON export
Custom payload wordlist

Installation

cp -r /home/guy/.openclaw/workspace/apps/sql-injection-scanner ~/.openclaw/skills/sql-injection-scanner

Usage

Basic scan (free tier)

python3 sql_scanner.py --url "https://example.com/product?id=1"

Pro scan (time-based + UNION + multiple params)

[email protected] python3 sql_scanner.py \
  --url "https://example.com/product?id=1&category=2&search=test" \
  --pro

Test specific parameter only

python3 sql_scanner.py --url "https://example.com/search?q=test" --param q

Full bundle scan with JSON export

[email protected] python3 sql_scanner.py \
  --url "https://example.com/api/user?id=1" \
  --bundle --output report.json

As OpenClaw Discord Command

In #edgeiq-support channel:

!sqli https://example.com/product?id=1
!sqli https://example.com/search?q=test --pro
!sqli https://example.com/api?id=1&uid=2 --bundle

Parameters

Flag Type Default Description
--url string Target URL with parameter(s)
--param string all Specific parameter to test
--pro flag False Enable Pro features
--bundle flag False Enable Bundle features
--output string Write JSON report to file
--delay float 1.0 Delay between requests (seconds)
--timeout int 10 Request timeout (seconds)

Output Example

=== SQL Injection Scanner ===
Target: https://example.com/product?id=1

  [1mParameter: id — INJECTABLE 🔴[0m
    Method:     Boolean Blind
    Payload:    ' OR 1=1 --
    True resp:  1423 bytes / 200 OK
    False resp: 0 bytes / 302 redirect
    Confidence: HIGH

  [1mParameter: category — SAFE ✅[0m
    Method:     All checks passed
    Response:   1244 bytes / 200 OK

  Database: MySQL 8.0.23 (via UNION)
  User:     app_user@localhost

  Threat Level: CRITICAL — 1 injectable parameter found

Pro Upgrade

Boolean blind + time-based + UNION SELECT + multiple parameters:

👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo

Support

Open a ticket in #edgeiq-support or email [email protected]

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
  • 📸 Screenshot API — URL-to-screenshot API for developers
  • 🔔 uptime.check — URL uptime monitoring with alerts
  • 🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

Usage Guidance
This is a coherent SQL injection scanner: it issues HTTP requests to target URLs, so only run it against domains you own or explicitly have permission to test. Note the code and docs optionally use EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY, and ~/.edgeiq/license.key to unlock Pro features — these environment variables and the license file are not declared in the registry metadata but are referenced in the files. If you install/run this skill: (1) review the two Python files yourself (they are included) before executing, (2) avoid scanning third‑party sites without authorization, (3) be aware that Pro/Bundle unlocking is based on local files/env and a hardcoded example email in the code, and (4) check the payment/upgrade links independently before following them.
Capability Analysis
Type: OpenClaw Skill Name: edgeiq-sql-injection-scanner Version: 1.4.0 The bundle contains a functional SQL injection scanner (sql_scanner.py) that uses standard Python libraries to perform boolean-based, time-based, and UNION-based detection. The licensing logic (edgeiq_licensing.py) is transparent, checking for local license files or environment variables, and includes a hardcoded developer email for internal access. There is no evidence of data exfiltration, unauthorized remote execution, or prompt injection attempts within the SKILL.md or code files. The tool's behavior is entirely consistent with its stated purpose as a security auditing utility.
Capability Tags
cryptocan-make-purchases
Capability Assessment
Purpose & Capability
Name, description, and code align: the package contains a Python scanner that issues HTTP requests with boolean, time, and UNION payloads and produces local JSON output. Nothing in the files requires unrelated cloud credentials or system-level access.
Instruction Scope
Runtime instructions focus on running the scanner against target URLs (including examples for using EDGEIQ_EMAIL to enable Pro features). The SKILL.md explicitly warns about authorized testing. The code performs arbitrary HTTP requests to targets provided by the user — this is expected for the tool but is a capability that can be misused if run against systems you don't own.
Install Mechanism
There is no install spec; the skill is instruction-only (plus included Python files). No remote downloads or archive extraction are used, so nothing will be pulled from arbitrary URLs during install.
Credentials
The manifest declares no required env vars, but the SKILL.md and code optionally use EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and read ~/.edgeiq/license.key (and a stripe_licenses.json path). These are used only for unlocking Pro/Bundle features; the presence of these checks is proportionate to the monetization/licensing behavior but should have been declared in the manifest.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not persist beyond reading/writing the vendor license file in the user's home directory.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install edgeiq-sql-injection-scanner
  3. After installation, invoke the skill by name or use /edgeiq-sql-injection-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.4.0
v1.4.0: URGENT FIX — corrected Stripe Payment Link URLs (no suffixes, correct live URLs)
v1.3.0
v1.3.0: CRITICAL FIX — replaced placeholder Stripe URLs with real working Payment Link checkout URLs
v1.2.0
v1.2.0: Dual pricing — Lifetime as primary purchase option with optional monthly. Updated Stripe checkout URLs.
v1.0.0
Initial release: boolean blind, time-based blind, UNION SELECT detection, auto-parameter scanning.
Metadata
Slug edgeiq-sql-injection-scanner
Version 1.4.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 4
Frequently Asked Questions

What is Sql Injection Scanner?

Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting. It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.

How do I install Sql Injection Scanner?

Run "/install edgeiq-sql-injection-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Sql Injection Scanner free?

Yes, Sql Injection Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Sql Injection Scanner support?

Sql Injection Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Sql Injection Scanner?

It is built and maintained by snipercat69 (@snipercat69); the current version is v1.4.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments