loading
loading
Vulnerabilities
Damn Small SQLi Scanner: a SQL injection vulnerability scanner in under 100 lines of code.
overview
dsss, the Damn Small SQLi Scanner, is a Python SQL injection scanner that tests a single target URL's GET and POST parameters for injectable flaws. Written in under 100 lines of code, it trades the breadth of a heavyweight scanner for a tiny, predictable footprint you can drop into a focused check.
Despite its size it covers the practical needs of a real request: route traffic through an HTTP proxy, set Cookie, Referer, and User-Agent headers to reach authenticated or filtered endpoints, and supply POST data to test form parameters. That is enough to confirm an injection point on a URL you already suspect.
On Trickest, dsss is a Vulnerabilities node that takes a target URL and writes a folder and a file of results. Run it as a fast confirmation step against a specific endpoint, or fan it across a curated list of parameterized URLs from an earlier discovery stage.
source github.com/stamparm/dsss
use cases
Point dsss at a single parameterized URL to verify whether a GET or POST parameter is injectable, without spinning up a heavy scanner.
Set the Cookie, Referer, and User-Agent headers so dsss reaches pages behind a session or a basic filter and tests the parameters there.
Send traffic through an HTTP proxy with --proxy to log every request for review or to chain dsss behind a tool that rewrites traffic.
Fan dsss across URLs collected by an earlier crawling or discovery stage to flag which endpoints deserve a deeper look with sqlmap.
reference
| Name | Type | Flag | Description |
|---|---|---|---|
| url | STRING | -u | Target URL, e.g. http://www.target.com/page.php?id=1. |
| post-data | STRING | --data | POST data to test, e.g. query=test. |
| cookie | STRING | --cookie | HTTP Cookie header value. |
| user-agent | STRING | --user-agent | HTTP User-Agent header value. |
| referer | STRING | --referer | HTTP Referer header value. |
| proxy | STRING | --proxy | HTTP proxy address, e.g. http://127.0.0.1:8080. |
Showing key inputs. dsss exposes 6 inputs in total.
example
# confirm a GET parameter is injectable, routed through a local proxypython dsss.py -u "http://example.com/item.php?id=42" --cookie "PHPSESSID=8f2b1c" --proxy "http://127.0.0.1:8080"Damn Small SQLi Scanner (DSSS) < 100 LOC (Lines of Code) #v0.4c by Miroslav Stampar (@stamparm) * scanning GET parameter 'id'(i) GET parameter 'id' could be error SQLi injectable (possible DBMS: 'MySQL')* scanning GET parameter 'ref'* scanning POST parameter 'query'(i) POST parameter 'query' could be blind SQLi injectableguidance
Use dsss for a fast, lightweight SQL injection check on a specific URL with known parameters. For the cross-site scripting equivalent, run its sibling dsxs. For deep, exploitation-grade SQLi with database takeover, reach for a full scanner like sqlmap instead.
The sibling damn-small scanner for cross-site scripting. Same minimal design, different vulnerability class.
Full-featured SQLi tool with exploitation and database takeover. dsss is a tiny confirmation check by comparison.
faq
related
A Go script for bypassing 403 forbidden responses.
An open-source tool that automates detecting and exploiting command injection.
Detect and abuse vulnerable implementations of stateless sessions.
A Python tool to find Cross-Origin Resource Sharing misconfigurations.
A tool to find HTTP splitting vulnerabilities.
Multi-threaded, IPv6-aware username enumeration via CVE-2018-15473.
A target URL feeds dsss, which tests its GET and POST parameters for SQL injection and writes the findings as a queryable output.
Facts on this page come from the live Trickest tool library.