SpecterSqli is a lab-focused SQL Injection analysis tool designed for academic projects, security labs, and controlled testing environments. It demonstrates how SQL injection vulnerabilities are detected, analyzed, reported, and explained using Python.
⚠️ Legal Notice This tool is intended only for systems you own or have explicit permission to test (CTFs, labs, training environments). Unauthorized use is illegal.
RH Shourav Security Learner | Python | Web Application Security GitHub: https://github.com/rhshourav
-
Automatic HTML form parameter discovery
-
Supports GET and POST endpoints
-
Boolean-based SQL injection detection
-
Time-based blind SQL injection detection
-
Blind character-by-character data extraction (lab use only)
-
Optional authenticated scanning (login form support)
-
Concurrent scanning of multiple targets
-
Multi-format reporting:
- HTML (default)
- JSON
- Markdown
- Plain Text
-
Detailed findings:
- Payload used
- Evidence
- Severity
- Impact
- Exploitation explanation (educational)
- Remediation guidance
SpecterSqli is built to help students understand:
- How SQL injection vulnerabilities arise
- Why boolean and time-based SQLi work
- How attackers infer data without error messages
- How proper defenses stop SQL injection
- How professional security reports are structured
It focuses on clarity and explanation, not aggressive exploitation.
- Python 3.8+
- Dependencies:
pip install requests beautifulsoup4specter_sqli.py
targets.txt # optional
specter_report.html # generated (default)
specter_report.json # optional
specter_report.md # optional
specter_report.txt # optional
python specter_sqli.py --helppython specter_sqli.py \
--target http://localhost/login.phppython specter_sqli.py \
--targets-file targets.txt \
--concurrency \
--workers 6SpecterSqli automatically extracts parameters from:
- HTML forms (
input,textarea,select) - Falls back to common parameters if none are found
This allows scanning even when parameter names are unknown.
Uses logical payloads such as:
' OR 1=1 -- -Detection is based on:
- Response length comparison
- Behavioral differences
- Reproducible response patterns
Detects blind SQL injection by measuring response delay.
Example:
python specter_sqli.py \
--target http://localhost/login.php \
--sleep 3If response time increases consistently, the parameter is flagged.
Extracts data one character at a time using timing inference.
Example (extract database name):
python specter_sqli.py \
--target http://localhost/login.php \
--blind "SELECT database()" \
--blind-param username \
--maxlen 20SpecterSqli can scan protected pages after login.
python specter_sqli.py \
--target http://localhost/dashboard.php \
--login-url http://localhost/login.php \
--login-user admin \
--login-pass password123 \
--login-user-field username \
--login-pass-field passwordChoose report format using --output-format:
| Format | Flag |
|---|---|
| HTML | html (default) |
| JSON | json |
| Markdown | md |
| Text | txt |
python specter_sqli.py --target http://localhost/login.php --output-format json
python specter_sqli.py --target http://localhost/login.php --output-format md
python specter_sqli.py --target http://localhost/login.php --output-format txtEach finding explains:
-
Why the vulnerability exists
-
How it can be abused (educational)
-
Real-world impact
-
How to fix it:
- Prepared statements
- Parameterized queries
- Input validation
- Least-privilege database access
This makes the report suitable for defensive security learning.
Allowed use:
✅ College projects ✅ Security labs (DVWA, Juice Shop, VulnHub) ✅ CTFs ✅ Systems you own
Not allowed:
🚫 Unauthorized scanning 🚫 Real-world blind extraction 🚫 Data theft or disruption
You are responsible for how you use this tool.
SpecterSqli is intentionally:
- Readable
- Modular
- Easy to extend
- Suitable for academic evaluation
It prioritizes learning, explanation, and responsible security testing.