OWASP – SQLiX Project – SQL Injection Scanner

Use Netsparker


SQLiX, coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn’t need to reverse engineer the original SQL request (using only function calls).

SQLiX is a SQL Injection scanner which attempts to fill the gap between what commercial software available on the market can do and what can really be done to detect and identify SQL injection.

Current injection methods used by commercial web assessment software are based on error generation or statement injections.

Error Generation

The error generation method is quite simple and is based on meta characters like single quotes or double quotes. By injecting these characters in the original SQL request, you generate a syntax error which could result in an SQL error message displayed in the HTTP reply. The main issue with this technique is the fact that it’s only based on pattern matching. There is no way to handle multiple languages or complex behaviors when the error message is filtered by the server-side scripts.

Statement Injection

The second method used is statement injection. Let’s look at an example:

The target URL

The scanner will try to compare the HTML content of the original request with the HTML content of

If the request (1) provides the same result as request (0) and request (2) doesn’t, the scanner will conclude that SQL injection is possible. This method works fine, but is very limited by the syntax of the original request. If the original request contains parentheses, store procedures or function calls, this method will rarely work. Worse, if the variable is used by multiple SQL requests, all with different syntaxes, there is no automatic way to make them all work simultaneously.

Another global issue concerning SQL injection is the fact that pen testers frequently conclude that a given SQL injection vulnerability can’t be exploited. By concluding this incorrect statement they are inviting their customers to not patch the vulnerability.

You can download here:

OWASP SQLiX v1.0

Documentation and examples are here:

OWASP SQLiX Project

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , ,


Latest Posts:


HTTP Security Considerations - An Introduction To HTTP Basics HTTP Security Considerations – An Introduction To HTTP Basics
HTTP is ubiquitous now with pretty much everything being powered by an API, a web application or some kind of cloud-based HTTP driven infrastructure. With that HTTP Security becomes paramount and to secure HTTP you have to understand it.
Cangibrina - Admin Dashboard Finder Tool Cangibrina – Admin Dashboard Finder Tool
Cangibrina is a Python-based multi platform admin dashboard finder tool which aims to obtain the location of website dashboards by using brute-force, wordlists etc.
Enumall - Subdomain Discovery Using Recon-ng & AltDNS Enumall – Subdomain Discovery Using Recon-ng & AltDNS
Enumall is a Python-based tool that helps you do subdomain discovery using only one command by combining the abilities of Recon-ng and AltDNS.
RidRelay - SMB Relay Attack For Username Enumeration RidRelay – SMB Relay Attack For Username Enumeration
RidRelay is a Python-based tool to enumerate usernames on a domain where you have no credentials by using a SMB Relay Attack with low privileges.
NetBScanner - NetBIOS Network Scanner NetBScanner – NetBIOS Network Scanner
NetBScanner is a NetBIOS network scanner tool that scans all computers in the IP addresses range you choose, using the NetBIOS protocol.
Metta - Information Security Adversarial Simulation Tool Metta – Information Security Adversarial Simulation Tool
Metta is an information security preparedness tool in Python to help with adversarial simulation and assess security defense preparation and alerts.


2 Responses to OWASP – SQLiX Project – SQL Injection Scanner

  1. Sandeep Nain July 31, 2007 at 11:37 pm #

    nice tool…. just finished pen testing of a website using this tool and got the results as expected.

    works well with MySQL as well as PostgreSQL

    and offers a lot of command line switches to give you flexibility to choose the attack vectors depending on the target.

    Highly recommended…

  2. backbone August 1, 2007 at 3:39 am #

    darknet try and upload a pack with perl modules, because I have installed the newset active perl version and this won’t work…