MCP 服务器

SQL Injection MCP Server

An MCP server for identifying SQL injection vulnerabilities in web applications using various techniques like error-based, time-based, and union-based scanning. It supports bulk URL processing, WAF bypass strategies, and authenticated testing across multiple database systems.

README

SQL Injection MCP Server

A Model Context Protocol (MCP) server for discovering SQL injection vulnerabilities in web applications.

Features

Multiple Injection Types: Error-based, Time-based, Boolean-based, Union-based, Blind SQL injection
Database Support: MySQL, MSSQL, PostgreSQL, Oracle, SQLite
HTTP Methods: GET and POST parameter testing
Authentication: Custom headers, cookies, Bearer tokens
Proxy Support: Route traffic through Burp Suite or other proxies
WAF Bypass: URL encoding, Hex encoding, Unicode, Case swapping, Comment injection
Custom Payloads: Load payloads from external files

Installation

# Using uv (recommended)
cd SQLinjector_MCP
uv sync

# Using pip
pip install -e .

Usage

Running the Server

# Using uv
uv run sqli-mcp

# Or directly
python -m sqli_mcp.server

MCP Client Configuration

Claude Desktop / Claude Code

Add to your MCP configuration:

{
  "mcpServers": {
    "sqli-scanner": {
      "command": "uv",
      "args": ["--directory", "C:/path/to/SQLinjector_MCP", "run", "sqli-mcp"]
    }
  }
}

LM Studio / Cursor

Configure the server URL after starting with HTTP transport:

uv run python -c "from sqli_mcp.server import mcp; mcp.run(transport='streamable-http')"

Then connect to http://localhost:8000/mcp

Available Tools

Tool	Description
`scan_url`	Full URL scan for SQLi in all detected parameters
`scan_get_parameter`	Test specific GET parameter
`scan_post_parameter`	Test specific POST parameter
`test_payload`	Test a single payload against a target
`list_payloads`	List available built-in payloads
`load_custom_payloads_from_file`	Load payloads from external file
`get_waf_bypass_payloads`	Get WAF bypass variants of a payload
`get_scan_result`	Retrieve previous scan results
Bulk Scanning
`scan_urls_batch`	Scan multiple URLs (newline-separated, up to 500)
`scan_urls_from_file`	Scan URLs from a file (one per line)
`get_batch_result`	Retrieve batch scan results
`get_vulnerable_urls`	Get only vulnerable URLs from batch

Examples

Basic GET Parameter Scan

Use scan_url with:
- target_url: "http://vulnerable-site.com/page?id=1"

Authenticated POST Scan

Use scan_post_parameter with:
- target_url: "http://site.com/login"
- post_data: "username=admin&password=test"
- parameter: "username"
- cookies: "session=abc123"
- bearer_token: "your-jwt-token"

Using Burp Suite Proxy

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- proxy_url: "http://127.0.0.1:8080"
- verify_ssl: false

WAF Bypass

Use scan_url with:
- target_url: "http://target.com/page?id=1"
- waf_bypass: "comment_injection"

Bulk URL Scanning

Scan multiple URLs from a list:

Use scan_urls_batch with:
- urls: "http://site1.com/page?id=1
http://site2.com/search?q=test
http://site3.com/user?uid=5"
- concurrency: 10
- waf_bypass: "url_encode"

Scan URLs from a file:

Use scan_urls_from_file with:
- file_path: "C:/path/to/urls.txt"
- concurrency: 5
- proxy_url: "http://127.0.0.1:8080"

Get vulnerable URLs only:

Use get_vulnerable_urls with:
- batch_id: "abc12345"

Custom Payloads

Create a text file with one payload per line:

# my_payloads.txt
' OR '1'='1
" OR "1"="1
' UNION SELECT NULL--

Then load with:

Use load_custom_payloads_from_file with:
- file_path: "C:/path/to/my_payloads.txt"
- injection_type: "union_based"
- name: "my_custom"

Security Notice

⚠️ This tool is intended for authorized security testing only. Always obtain proper authorization before testing any system for vulnerabilities. Unauthorized access to computer systems is illegal.