Which integrations are available for this server?

Allows routing scan traffic through Burp Suite to integrate with existing web security testing workflows and proxy analysis. Provides specialized testing and detection for SQL injection vulnerabilities in MySQL database systems. Provides specialized testing and detection for SQL injection vulnerabilities in PostgreSQL database systems. Provides specialized testing and detection for SQL injection vulnerabilities in SQLite database systems. Utilizes Unicode encoding as a bypass technique to circumvent Web Application Firewalls (WAF) during security testing.

How do I use SQL Injection MCP Server?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@SQL Injection MCP Server scan http://testsite.com/products.php?id=10 for SQL injection vulnerabilities" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

SQL Injection MCP Server

A Model Context Protocol (MCP) server for discovering SQL injection vulnerabilities in web applications.

Features

Multiple Injection Types: Error-based, Time-based, Boolean-based, Union-based, Blind SQL injection
Database Support: MySQL, MSSQL, PostgreSQL, Oracle, SQLite
HTTP Methods: GET and POST parameter testing
Authentication: Custom headers, cookies, Bearer tokens
Proxy Support: Route traffic through Burp Suite or other proxies
WAF Bypass: URL encoding, Hex encoding, Unicode, Case swapping, Comment injection
Custom Payloads: Load payloads from external files

Installation

# Using uv (recommended)
cd SQLinjector_MCP
uv sync

# Using pip
pip install -e .

Usage

Running the Server

# Using uv
uv run sqli-mcp

# Or directly
python -m sqli_mcp.server

MCP Client Configuration

Claude Desktop / Claude Code

Add to your MCP configuration:

{
  "mcpServers": {
    "sqli-scanner": {
      "command": "uv",
      "args": ["--directory", "C:/path/to/SQLinjector_MCP", "run", "sqli-mcp"]
    }
  }
}

LM Studio / Cursor

Configure the server URL after starting with HTTP transport:

uv run python -c "from sqli_mcp.server import mcp; mcp.run(transport='streamable-http')"

Then connect to http://localhost:8000/mcp

Available Tools

Tool	Description
`scan_url`	Full URL scan for SQLi in all detected parameters
`scan_get_parameter`	Test specific GET parameter
`scan_post_parameter`	Test specific POST parameter
`test_payload`	Test a single payload against a target
`list_payloads`	List available built-in payloads
`load_custom_payloads_from_file`	Load payloads from external file
`get_waf_bypass_payloads`	Get WAF bypass variants of a payload
`get_scan_result`	Retrieve previous scan results
Bulk Scanning
`scan_urls_batch`	Scan multiple URLs (newline-separated, up to 500)
`scan_urls_from_file`	Scan URLs from a file (one per line)
`get_batch_result`	Retrieve batch scan results
`get_vulnerable_urls`	Get only vulnerable URLs from batch

Examples

Basic GET Parameter Scan

Use scan_url with:
- target_url: "http://vulnerable-site.com/page?id=1"

Authenticated POST Scan

Use scan_post_parameter with:
- target_url: "http://site.com/login"
- post_data: "username=admin&password=test"
- parameter: "username"
- cookies: "session=abc123"
- bearer_token: "your-jwt-token"

Using Burp Suite Proxy

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- proxy_url: "http://127.0.0.1:8080"
- verify_ssl: false

WAF Bypass

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- waf_bypass: "comment_injection"

Bulk URL Scanning

Scan multiple URLs from a list:

Use scan_urls_batch with:
- urls: "http://site1.com/page?id=1
http://site2.com/search?q=test
http://site3.com/user?uid=5"
- concurrency: 10
- waf_bypass: "url_encode"

Scan URLs from a file:

Use scan_urls_from_file with:
- file_path: "C:/path/to/urls.txt"
- concurrency: 5
- proxy_url: "http://127.0.0.1:8080"

Get vulnerable URLs only:

Use get_vulnerable_urls with:
- batch_id: "abc12345"

Custom Payloads

Create a text file with one payload per line:

# my_payloads.txt
' OR '1'='1
" OR "1"="1
' UNION SELECT NULL--

Then load with:

Use load_custom_payloads_from_file with:
- file_path: "C:/path/to/my_payloads.txt"
- injection_type: "union_based"
- name: "my_custom"

Security Notice

⚠️ This tool is intended for authorized security testing only. Always obtain proper authorization before testing any system for vulnerabilities. Unauthorized access to computer systems is illegal.

License

MIT

This server cannot be installed

-

security - not tested

F

license - not found

-

quality - not tested

How are these scores calculated?

Resources

GitHub Repository

Need Help?

Report Issue

Related Servers

Unclaimed servers have limited discoverability.

Looking for Admin?

If you are the server author, to access and configure the admin panel.

SQL Injection MCP Server

SQL Injection MCP Server

Features

Installation

Usage

Running the Server

MCP Client Configuration

Claude Desktop / Claude Code

LM Studio / Cursor

Available Tools

Examples

Basic GET Parameter Scan

Authenticated POST Scan

Using Burp Suite Proxy

WAF Bypass

Bulk URL Scanning

Custom Payloads

Security Notice

License

Resources

Looking for Admin?

Latest Blog Posts

MCP directory API