Advanced SQL Injection scanner with built-in tamper payloads and WAF bypass tricks.
- Built-in tamper payload list
- Reflected error detection (MySQL, syntax, SQL keywords)
- WAF bypass payloads (sleep, union, obfuscation)
- Multi-threaded scanning for URL lists
- Automatic logging of vulnerable URLs
- Python 3
- requests
Install:
pip install requests
Usage:
Single URL: python3 sql_morph.py -u "https://target.com/page.php?id=1"
Bulk Mode:
python3 sql_morph.py -l urls.txt
Output:
All results saved to:
sql_morph_output_<timestamp>/vulnerable.txt
Author:
Muhammad Habib
https://www.linkedin.com/in/muhammad-habib-65b2131a0/
Medium https://medium.com/@m.habibgpi