sqlmap_scan
Detect SQL injection vulnerabilities in web applications by testing target URLs with optional POST data and session cookies for authorized security assessments.
Instructions
Test for SQL injection vulnerabilities
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| cookie | No | Session cookie (optional) | |
| data | No | POST data (optional) | |
| url | Yes | Target URL |
Input Schema (JSON Schema)
{
"properties": {
"cookie": {
"description": "Session cookie (optional)",
"type": "string"
},
"data": {
"description": "POST data (optional)",
"type": "string"
},
"url": {
"description": "Target URL",
"type": "string"
}
},
"required": [
"url"
],
"type": "object"
}
Implementation Reference
- src/tools/vulnscan.ts:133-177 (handler)The main handler function that executes sqlmap CLI tool with safety flags, parses the output using helper method, and returns structured ScanResult.async sqlmapScan(url: string, data?: string, cookie?: string): Promise<ScanResult> { try { let command = `sqlmap -u "${url}" --batch --risk=1 --level=1`; if (data) { command += ` --data="${data}"`; } if (cookie) { command += ` --cookie="${cookie}"`; } // Add safety flags command += ' --answers="extending=N,follow=N,other=N" --timeout=10 --retries=1'; console.error(`Executing: ${command}`); const { stdout, stderr } = await execAsync(command, { timeout: 600000 // 10 min timeout }); const sqlInjectionResults = this.parseSqlmapOutput(stdout, url); return { target: url, timestamp: new Date().toISOString(), tool: 'sqlmap', results: { sql_injection_points: sqlInjectionResults, total_found: sqlInjectionResults.length, raw_output: stdout }, status: 'success' }; } catch (error) { return { target: url, timestamp: new Date().toISOString(), tool: 'sqlmap', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/index.ts:161-173 (registration)Tool registration in the MCP server's listTools handler, defining name, description, and input schema.{ name: "sqlmap_scan", description: "Test for SQL injection vulnerabilities", inputSchema: { type: "object", properties: { url: { type: "string", description: "Target URL" }, data: { type: "string", description: "POST data (optional)" }, cookie: { type: "string", description: "Session cookie (optional)" } }, required: ["url"] } },
- src/index.ts:164-172 (schema)Input schema definition for the sqlmap_scan tool, specifying parameters and validation.inputSchema: { type: "object", properties: { url: { type: "string", description: "Target URL" }, data: { type: "string", description: "POST data (optional)" }, cookie: { type: "string", description: "Session cookie (optional)" } }, required: ["url"] }
- src/tools/vulnscan.ts:262-296 (helper)Helper method to parse sqlmap output and extract vulnerability details into structured format.private parseSqlmapOutput(output: string, target: string): VulnerabilityResult[] { const vulnerabilities: VulnerabilityResult[] = []; if (output.toLowerCase().includes('injectable') || output.toLowerCase().includes('sql injection')) { const lines = output.split('\n'); let currentPayload = ''; let currentParameter = ''; for (const line of lines) { if (line.includes('Parameter:')) { currentParameter = line.split('Parameter:')[1]?.trim() || ''; } if (line.includes('Type:') || line.includes('Payload:')) { currentPayload = line.trim(); } if (line.toLowerCase().includes('injectable')) { vulnerabilities.push({ id: `sqlmap-${vulnerabilities.length + 1}`, name: 'SQL Injection', severity: 'high', description: `SQL injection vulnerability found in parameter: ${currentParameter}. ${currentPayload}`, solution: 'Use parameterized queries and input validation', affected_url: target, cve: 'CWE-89' }); } } } return vulnerabilities; }