← 返回 Skills 市场

Sql Injection Scanner

Name: Sql Injection Scanner
Author: snipercat69

作者 snipercat69 · GitHub ↗ · v1.4.0 · MIT-0

cross-platform ✓ 安全检测通过

108

总下载

当前安装

版本数

在 OpenClaw 中安装

/install edgeiq-sql-injection-scanner

功能描述

Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting.

使用说明 (SKILL.md)

SQL Injection Scanner

Skill Name: sql-injection-scanner
Version: 1.0.0
Category: Security / Vulnerability Assessment
Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently)
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib + urllib, WSL + Linux

What It Does

Detects SQL injection vulnerabilities in web application parameters using multiple detection techniques: boolean-based blind injection, time-based blind injection, and UNION SELECT extraction. Designed for security professionals and developers auditing their own applications.

⚠️ Legal Notice: Only scan domains you own or have explicit written authorization to test. Unauthorized scanning is illegal.

Features

Boolean-based blind injection — infer SQL truth from page response differences
Time-based blind injection — use SLEEP() delays to confirm injection
UNION SELECT extraction — pull database version, user, and schema via UNION payloads
Auto-detection — automatically identifies which parameter types are injectable
Parameter scanner — test multiple parameters in a single run
JSON export — structured results for reporting and integration

Tier Comparison

Feature	Free	Lifetime ($39)	Optional Monthly ($7/mo)
Single URL + parameter test	✅	✅	✅
Boolean blind detection	✅	✅	✅
Time-based detection	✅	✅	✅
UNION SELECT extraction	✅	✅	✅
Multiple parameter scan	✅ (unlimited)	✅ (unlimited)	✅ (unlimited)
JSON export	✅	✅	✅
Custom payload wordlist	✅	✅	✅

Installation

cp -r /home/guy/.openclaw/workspace/apps/sql-injection-scanner ~/.openclaw/skills/sql-injection-scanner

Usage

Basic scan (free tier)

python3 sql_scanner.py --url "https://example.com/product?id=1"

Pro scan (time-based + UNION + multiple params)

[email protected] python3 sql_scanner.py \
  --url "https://example.com/product?id=1&category=2&search=test" \
  --pro

Test specific parameter only

python3 sql_scanner.py --url "https://example.com/search?q=test" --param q

Full bundle scan with JSON export

[email protected] python3 sql_scanner.py \
  --url "https://example.com/api/user?id=1" \
  --bundle --output report.json

As OpenClaw Discord Command

In #edgeiq-support channel:

!sqli https://example.com/product?id=1
!sqli https://example.com/search?q=test --pro
!sqli https://example.com/api?id=1&uid=2 --bundle

Parameters

Flag	Type	Default	Description
`--url`	string	—	Target URL with parameter(s)
`--param`	string	all	Specific parameter to test
`--pro`	flag	False	Enable Pro features
`--bundle`	flag	False	Enable Bundle features
`--output`	string	—	Write JSON report to file
`--delay`	float	1.0	Delay between requests (seconds)
`--timeout`	int	10	Request timeout (seconds)

Output Example

=== SQL Injection Scanner ===
Target: https://example.com/product?id=1

  [1mParameter: id — INJECTABLE 🔴[0m
    Method:     Boolean Blind
    Payload:    ' OR 1=1 --
    True resp:  1423 bytes / 200 OK
    False resp: 0 bytes / 302 redirect
    Confidence: HIGH

  [1mParameter: category — SAFE ✅[0m
    Method:     All checks passed
    Response:   1244 bytes / 200 OK

  Database: MySQL 8.0.23 (via UNION)
  User:     app_user@localhost

  Threat Level: CRITICAL — 1 injectable parameter found

Pro Upgrade

Boolean blind + time-based + UNION SELECT + multiple parameters:

👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo

Support

Open a ticket in #edgeiq-support or email [email protected]

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
📸 Screenshot API — URL-to-screenshot API for developers
🔔 uptime.check — URL uptime monitoring with alerts
🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

安全使用建议

This is a coherent SQL injection scanner: it issues HTTP requests to target URLs, so only run it against domains you own or explicitly have permission to test. Note the code and docs optionally use EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY, and ~/.edgeiq/license.key to unlock Pro features — these environment variables and the license file are not declared in the registry metadata but are referenced in the files. If you install/run this skill: (1) review the two Python files yourself (they are included) before executing, (2) avoid scanning third‑party sites without authorization, (3) be aware that Pro/Bundle unlocking is based on local files/env and a hardcoded example email in the code, and (4) check the payment/upgrade links independently before following them.

功能分析

Type: OpenClaw Skill Name: edgeiq-sql-injection-scanner Version: 1.4.0 The bundle contains a functional SQL injection scanner (sql_scanner.py) that uses standard Python libraries to perform boolean-based, time-based, and UNION-based detection. The licensing logic (edgeiq_licensing.py) is transparent, checking for local license files or environment variables, and includes a hardcoded developer email for internal access. There is no evidence of data exfiltration, unauthorized remote execution, or prompt injection attempts within the SKILL.md or code files. The tool's behavior is entirely consistent with its stated purpose as a security auditing utility.

能力标签

cryptocan-make-purchases

能力评估

✓ Purpose & Capability

Name, description, and code align: the package contains a Python scanner that issues HTTP requests with boolean, time, and UNION payloads and produces local JSON output. Nothing in the files requires unrelated cloud credentials or system-level access.

ℹ Instruction Scope

Runtime instructions focus on running the scanner against target URLs (including examples for using EDGEIQ_EMAIL to enable Pro features). The SKILL.md explicitly warns about authorized testing. The code performs arbitrary HTTP requests to targets provided by the user — this is expected for the tool but is a capability that can be misused if run against systems you don't own.

✓ Install Mechanism

There is no install spec; the skill is instruction-only (plus included Python files). No remote downloads or archive extraction are used, so nothing will be pulled from arbitrary URLs during install.

ℹ Credentials

The manifest declares no required env vars, but the SKILL.md and code optionally use EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and read ~/.edgeiq/license.key (and a stripe_licenses.json path). These are used only for unlocking Pro/Bundle features; the presence of these checks is proportionate to the monetization/licensing behavior but should have been declared in the manifest.

✓ Persistence & Privilege

The skill does not request always:true, does not modify other skills or system-wide settings, and does not persist beyond reading/writing the vendor license file in the user's home directory.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install edgeiq-sql-injection-scanner
安装完成后，直接呼叫该 Skill 的名称或使用 /edgeiq-sql-injection-scanner 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.4.0

v1.4.0: URGENT FIX — corrected Stripe Payment Link URLs (no suffixes, correct live URLs)

v1.3.0

v1.3.0: CRITICAL FIX — replaced placeholder Stripe URLs with real working Payment Link checkout URLs

v1.2.0

v1.2.0: Dual pricing — Lifetime as primary purchase option with optional monthly. Updated Stripe checkout URLs.

v1.0.0

Initial release: boolean blind, time-based blind, UNION SELECT detection, auto-parameter scanning.

元数据

Slug edgeiq-sql-injection-scanner

版本 1.4.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题