BlackSQL
blackSQL – Automate SQL Injection detection with ease! Scan, exploit, and bypass WAFs. Ethical hacking made simple.
Install / Use
/learn @sharafdin/BlackSQLREADME
blackSQL
An advanced SQL Injection scanner with support for Error-Based, Union-Based, Boolean-Based, and Time-Based detection techniques.
The Rust implementation is the main version. The original Python implementation is kept in legacy/ for reference.
Features
- Multiple SQL injection detection techniques:
- Error-Based SQL Injection
- Boolean-Based SQL Injection
- Time-Based SQL Injection
- Union-Based SQL Injection
- Multi-threaded scanning for faster results
- Database type detection (MySQL, PostgreSQL, MSSQL, Oracle, SQLite)
- Database enumeration (tables, columns, data) with
--dump - Colorized CLI output
- File logging (
-oorlogs/blacksql_<timestamp>.log) and JSON/CSV export tooutput/ - WAF detection and bypass techniques
Installation
From source (recommended):
git clone https://github.com/sharafdin/blackSQL.git
cd blackSQL
cargo build --release
Install the binary (after building):
cargo install --path .
# Then run from anywhere:
blacksql -u "http://example.com/page.php?id=1"
Legacy Python version:
cd legacy
pip install -r requirements.txt
Usage (Rust)
Basic scan:
./target/release/blacksql -u "http://example.com/page.php?id=1"
With options:
./target/release/blacksql -u "http://example.com/page.php?id=1" \
--level 3 \
--threads 10 \
--dump \
-o /path/to/scan.log
| Option | Description |
|-------------------|-------------|
| -u, --url | Target URL (required). |
| -p, --params | Parameters to scan (e.g. id,page). Default: from URL or --data. |
| --data | POST body (e.g. id=1&page=2) for POST-based scanning. |
| -c, --cookies | Cookie string (e.g. PHPSESSID=value; admin=0). |
| -t, --threads | Number of threads (default: 5). |
| --timeout | Request timeout in seconds (default: 10.0). |
| --proxy | Proxy URL (e.g. http://127.0.0.1:8080). |
| --level | Scan depth 1–3 (default: 1). Higher = more payloads. |
| --dump | When a parameter is vulnerable, enumerate DBs/tables/columns and include in results. |
| --batch | Non-interactive (no prompts). |
| -o, --output | Log file path. All scan messages are written here. If omitted, uses logs/blacksql_<timestamp>.log. JSON/CSV results are always written to output/blacksql_results_<timestamp>.json and .csv when vulnerabilities are found. |
Output locations:
- Log file: Path from
-o, orlogs/blacksql_YYYYMMDD_HHMMSS.log. - JSON/CSV (when vulns found):
output/blacksql_results_YYYYMMDD_HHMMSS.jsonand.csv.
Examples (Rust)
Scan a specific parameter:
./target/release/blacksql -u "http://example.com/page.php?id=1" -p "id"
Scan with POST data:
./target/release/blacksql -u "http://example.com/login.php" --data "username=admin&password=test"
Use a proxy and higher level:
./target/release/blacksql -u "http://example.com/page.php?id=1" --proxy "http://127.0.0.1:8080" --level 3
Dump database info when vulnerable:
./target/release/blacksql -u "http://example.com/page.php?id=1" --dump
Legacy Python usage
cd legacy && python blacksql.py -u "http://example.com/page.php?id=1"
See the table above for the same options; -o is the log file path in both versions.
Disclaimer
This tool is intended for legal security testing and educational purposes only. Do not use it against any website or system without proper authorization. The author is not responsible for any misuse or damage caused by this tool.
License
blackSQL is open-source under the MIT License.
Related Skills
feishu-drive
349.0k|
things-mac
349.0kManage Things 3 via the `things` CLI on macOS (add/update projects+todos via URL scheme; read/search/list from the local Things database)
clawhub
349.0kUse the ClawHub CLI to search, install, update, and publish agent skills from clawhub.com
postkit
PostgreSQL-native identity, configuration, metering, and job queues. SQL functions that work with any language or driver
