"SQL injections: where the database spills its secrets, one query at a time."
Vaccine is a command-line tool for detecting SQL injection vulnerabilities in web applications. It automates the process of testing URLs for various types of SQL Injection flaws, helping developers and security professionals pinpoint and mitigate risks in their systems. Vaccine offers a comprehensive suite of tests, including time-based, error-based, and union-based injections, and can identify the underlying database engine. If a vulnerability is found, Vaccine can extract valuable information such as vulnerable parameters, database names, table names, column names, and (planned) perform a complete database dump.
- Comprehensive Vulnerability Detection: Identifies SQL Injection vulnerabilities using multiple techniques.
- Union-Based Injection
- Error-Based Injection
- Time-Based Injection
- Boolean-Based Injection (for POST requests)
- Database Engine Identification: Automatically detects the database engine (MySQL, PostgreSQL, SQL Server, Oracle, SQLite) to tailor injection attempts.
- Detailed Vulnerability Reporting:
- Vulnerable parameters and payloads used
- Database names
- Table names
- Column names
- Complete database dump (planned)
- Flexible Request Methods: Supports both GET and POST HTTP request methods.
- Persistent Storage: Automatically stores scan results in a designated output file, creating it if it doesn't exist.
- Command-Line Options: Provides convenient command-line arguments for customizing scans.
- HTTP Method Support: Supports both GET and POST requests.
- Data Storage: Stores scan results in a specified or default archive file.
- Python 3.x
pip(Python package installer)make(for Makefile commands)- Docker (for setting up the SQLi-Labs environment)
- Required Python libraries:
requests,selenium,urllib.parse
-
Clone the repository:
git clone https://github.com/your-username/vaccine.git cd vaccine -
Install Python dependencies:
pip install -r requirements.txt
-
(Optional) Setup SQLi-Labs for Testing: This project includes a Makefile target to set up a local SQLi-Labs environment using Docker for safe, legal testing.
make labs
The get lab will be accessible at http://localhost:1338/. The post lab will be accessible at http://localhost:1338/.
By default, scan results are stored in a default file unless the -o option is specified. You can configure this file in utils/utils.py or core/main.py if needed.
Run Vaccine from the command line:
./vaccine [-o <archive_file>] [-X <request_type>] URLOptions:
-o <archive_file>: Output file for scan results (default:results.json)-X <request_type>: HTTP method (GETorPOST, default:GET)
Examples:
- Basic GET request scan:
./vaccine http://localhost:1338/
- Scan with POST method and custom output file:
./vaccine -X POST -o my_scan_results.json http://localhost:1338/
- Crawling: Performs a simple crawl to identify potential entry points or parameters within the provided URL.
- Database Detection: Identifies the underlying database engine by sending specific payloads and analyzing server responses (e.g., error messages, time delays).
- Injection Attempts:
- GET Requests: Iterates through identified parameters in the URL and attempts various SQL Injection techniques (e.g., UNION SELECT, error-based payloads, time-based delays).
- POST Requests: Parses forms on the target page, injects payloads into input fields, and analyzes the responses. Boolean-based injection is primarily used for POST.
- Result Analysis: Determines if a vulnerability exists based on server behavior (e.g., error messages, response times, content differences).
- Data Extraction: Extracts valuable information such as database version, schema, table names, and column names for vulnerable sites.
make labs: Set up SQLi-Labs Docker environmentmake clean_labs: Tear down SQLi-Labs Docker environmentmake run: Run the main script with a predefined URLmake clean: Remove Python bytecode and__pycache__make fclean: Clean project and labsmake re: Rebuild and restart everything
For educational and authorized penetration testing only.
Do not use this tool on systems without explicit permission. Unauthorized testing is illegal and unethical. The authors are not responsible for misuse or damage caused by this tool.