SQL Injection Server

A Model Context Protocol (MCP) server for discovering SQL injection vulnerabilities in web applications.

Features

• Multiple Injection Types: Error-based, Time-based, Boolean-based, Union-based, Blind SQL injection
• Database Support: MySQL, MSSQL, PostgreSQL, Oracle, SQLite
• HTTP Methods: GET and POST parameter testing
• Authentication: Custom headers, cookies, Bearer tokens
• Proxy Support: Route traffic through Burp Suite or other proxies
• WAF Bypass: URL encoding, Hex encoding, Unicode, Case swapping, Comment injection
• Custom Payloads: Load payloads from external files

Installation

# Using uv (recommended)
cd SQLinjector_MCP
uv sync

# Using pip
pip install -e .

Usage

Running the Server

# Using uv
uv run sqli-mcp

# Or directly
python -m sqli_mcp.server

MCP Client Configuration

Claude Desktop / Claude Code

Add to your MCP configuration:

{
  "mcpServers": {
    "sqli-scanner": {
      "command": "uv",
      "args": ["--directory", "C:/path/to/SQLinjector_MCP", "run", "sqli-mcp"]
    }
  }
}

LM Studio / Cursor

Configure the server URL after starting with HTTP transport:

uv run python -c "from sqli_mcp.server import mcp; mcp.run(transport='streamable-http')"

Then connect to http://localhost:8000/mcp

Available Tools

Tool	Description
scan_url	Full URL scan for SQLi in all detected parameters
scan_get_parameter	Test specific GET parameter
scan_post_parameter	Test specific POST parameter
test_payload	Test a single payload against a target
list_payloads	List available built-in payloads
load_custom_payloads_from_file	Load payloads from external file
get_waf_bypass_payloads	Get WAF bypass variants of a payload
get_scan_result	Retrieve previous scan results
Bulk Scanning
scan_urls_batch	Scan multiple URLs (newline-separated, up to 500)
scan_urls_from_file	Scan URLs from a file (one per line)
get_batch_result	Retrieve batch scan results
get_vulnerable_urls	Get only vulnerable URLs from batch

Examples

Basic GET Parameter Scan

Use scan_url with:
- target_url: "http://vulnerable-site.com/page?id=1"

Authenticated POST Scan

Use scan_post_parameter with:
- target_url: "http://site.com/login"
- post_data: "username=admin&password=test"
- parameter: "username"
- cookies: "session=abc123"
- bearer_token: "your-jwt-token"

Using Burp Suite Proxy

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- proxy_url: "http://127.0.0.1:8080"
- verify_ssl: false

WAF Bypass

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- waf_bypass: "comment_injection"

Bulk URL Scanning

Scan multiple URLs from a list:

Use scan_urls_batch with:
- urls: "http://site1.com/page?id=1
http://site2.com/search?q=test
http://site3.com/user?uid=5"
- concurrency: 10
- waf_bypass: "url_encode"

Scan URLs from a file:

Use scan_urls_from_file with:
- file_path: "C:/path/to/urls.txt"
- concurrency: 5
- proxy_url: "http://127.0.0.1:8080"

Get vulnerable URLs only:

Use get_vulnerable_urls with:
- batch_id: "abc12345"

Custom Payloads

Create a text file with one payload per line:

# my_payloads.txt
' OR '1'='1
" OR "1"="1
' UNION SELECT NULL--

Then load with:

Use load_custom_payloads_from_file with:
- file_path: "C:/path/to/my_payloads.txt"
- injection_type: "union_based"
- name: "my_custom"

Security Notice

⚠️ This tool is intended for authorized security testing only. Always obtain proper authorization before testing any system for vulnerabilities. Unauthorized access to computer systems is illegal.

License

MIT