sqlmap_scan
Detect SQL injection vulnerabilities in web applications by testing target URLs with optional POST data and session cookies for authorized security assessments.
Instructions
Test for SQL injection vulnerabilities
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| url | Yes | Target URL | |
| data | No | POST data (optional) | |
| cookie | No | Session cookie (optional) |
Implementation Reference
- src/tools/vulnscan.ts:133-177 (handler)Core handler function that executes sqlmap CLI command, handles parameters (url, data, cookie), parses output, and returns structured ScanResult.async sqlmapScan(url: string, data?: string, cookie?: string): Promise<ScanResult> { try { let command = `sqlmap -u "${url}" --batch --risk=1 --level=1`; if (data) { command += ` --data="${data}"`; } if (cookie) { command += ` --cookie="${cookie}"`; } // Add safety flags command += ' --answers="extending=N,follow=N,other=N" --timeout=10 --retries=1'; console.error(`Executing: ${command}`); const { stdout, stderr } = await execAsync(command, { timeout: 600000 // 10 min timeout }); const sqlInjectionResults = this.parseSqlmapOutput(stdout, url); return { target: url, timestamp: new Date().toISOString(), tool: 'sqlmap', results: { sql_injection_points: sqlInjectionResults, total_found: sqlInjectionResults.length, raw_output: stdout }, status: 'success' }; } catch (error) { return { target: url, timestamp: new Date().toISOString(), tool: 'sqlmap', results: {}, status: 'error', error: error instanceof Error ? error.message : String(error) }; } }
- src/tools/vulnscan.ts:262-296 (helper)Helper function to parse sqlmap output and extract SQL injection vulnerabilities into structured format.private parseSqlmapOutput(output: string, target: string): VulnerabilityResult[] { const vulnerabilities: VulnerabilityResult[] = []; if (output.toLowerCase().includes('injectable') || output.toLowerCase().includes('sql injection')) { const lines = output.split('\n'); let currentPayload = ''; let currentParameter = ''; for (const line of lines) { if (line.includes('Parameter:')) { currentParameter = line.split('Parameter:')[1]?.trim() || ''; } if (line.includes('Type:') || line.includes('Payload:')) { currentPayload = line.trim(); } if (line.toLowerCase().includes('injectable')) { vulnerabilities.push({ id: `sqlmap-${vulnerabilities.length + 1}`, name: 'SQL Injection', severity: 'high', description: `SQL injection vulnerability found in parameter: ${currentParameter}. ${currentPayload}`, solution: 'Use parameterized queries and input validation', affected_url: target, cve: 'CWE-89' }); } } } return vulnerabilities; }
- src/index.ts:162-173 (schema)MCP tool schema definition including input parameters and descriptions for validation.name: "sqlmap_scan", description: "Test for SQL injection vulnerabilities", inputSchema: { type: "object", properties: { url: { type: "string", description: "Target URL" }, data: { type: "string", description: "POST data (optional)" }, cookie: { type: "string", description: "Session cookie (optional)" } }, required: ["url"] } },
- src/index.ts:524-525 (registration)Tool dispatch/registration in the main switch handler that maps tool call to VulnScanTools.sqlmapScan execution.case "sqlmap_scan": return respond(await this.vulnScanTools.sqlmapScan(args.url, args.data, args.cookie));
- src/utils/validation.ts:299-301 (helper)Validation whitelist including sqlmap_scan for allowed tool execution.'nmap_scan', 'subdomain_enum', 'tech_detection', 'directory_bruteforce', 'nuclei_scan', 'nikto_scan', 'sqlmap_scan', 'metasploit_search', 'exploit_attempt', 'auto_pentest', 'suggest_next_steps', 'generate_report'