Metadata-Version: 2.4
Name: asqli
Version: 0.1.0
Summary: Async, parallel SQL injection scanner with DBMS-aware blind inference.
Author-email: Sarper AVCI <sarperavci20@gmail.com>
License: MIT
Project-URL: Homepage, https://github.com/sarperavci/asqli
Project-URL: Source, https://github.com/sarperavci/asqli
Project-URL: Issues, https://github.com/sarperavci/asqli/issues
Keywords: sqli,sql-injection,security,pentest,scanner,asyncio,aiohttp
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: MIT License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Security
Classifier: Topic :: Internet :: WWW/HTTP
Classifier: Topic :: Software Development :: Libraries :: Python Modules
Requires-Python: >=3.10
Description-Content-Type: text/markdown
Requires-Dist: aiohttp>=3.9
Requires-Dist: uaforger>=0.1.4
Provides-Extra: dev
Requires-Dist: pytest>=7; extra == "dev"
Requires-Dist: pytest-asyncio>=0.21; extra == "dev"
Requires-Dist: pytest-aiohttp>=1.0; extra == "dev"

# asqli — Async SQL Injector

A high-throughput SQL injection scanner built on `asyncio` + `aiohttp`.

## Install

```bash
pip install git+https://github.com/sarperavci/asqli.git
```

## Usage

```bash
asqli -u 'http://target/vuln.php?id=1' --batch --dump
asqli -u 'http://target/login' --data 'user=admin&pass=x' --level 3 --risk 3
asqli -r request.txt -p id --technique=BT -c 16
```

Common flags:

| Flag | Meaning |
|---|---|
| `-u URL` | Target URL |
| `-r FILE` | Burp/ZAP-style raw request file |
| `--data BODY` | POST body |
| `-p NAME[,NAME…]` | Restrict testing to these parameters |
| `--skip NAME[,…]` | Skip these parameters |
| `--level N` `--risk N` | Test breadth/aggressiveness (1–5 / 1–3) |
| `--technique=BEUSTQ` | Subset of B/E/U/S/T/Q techniques to try |
| `--tamper SCRIPT[,…]` | Apply tamper scripts |
| `-c N` `--concurrency N` | Total concurrent workers (default: 0 = unlimited) |
| `--max N` | Max concurrent probes per query / per parameter (default: 100) |
| `--per-host N` | Max concurrent requests per host (default: 32) |
| `--dbs` `--tables` `--columns` `--dump` | Enumerate / dump |
| `-D NAME` `-T NAME` | Restrict to a specific database / table |
| `--banner` `--current-user` `--current-db` `--hostname` | Pull a single fact |
| `--proxy URL` | HTTP/SOCKS proxy |
| `--random-agent` / `--no-random-agent` | Rotate UAs per request via UAForge (default: on) |
| `--batch` | Non-interactive mode |
| `-v 0..6` | Verbosity (3=payloads, 4=traffic-out, 5=traffic-in) |

## Legal

For authorised security testing only.
