Python-based Automated SQL Injection Tool Development

Information technology and globalization is highly developed today.The world is increasingly inseparable from the Internet.Productivity 、 economic and social development are deeply connected with the Internet too.From countries to organizations,even for individuals,they have become accustomed to enjoy the convenience of the Internet.At the same time,there are huge security risks behind the complex Internet applications.Cybersecurity Ventures predicts that the losses caused by network attacks will reach $6 trillion in 2021.Network security is not only important to social economy,but also has become a major factor related to national and people’s security.SQL injection vulnerabilities rank first in the list of network security vulnerabilities in calendar years.How to guard against and resolve SQL injection vulnerabilities and ensure the information security of individuals,organizations and even the country has become an important issue in the field of network security.At the same time,we should note that it is of considerable theoretical and practical significance to study the detection and utilization technology of SQL vulnerabilities to help network security practitioners to more specifically prevent SQL injection attacks.From the key view of maintaining network security,the primary work of this paper is as follows:(1)First,the threats posed by SQL injection vulnerabilities on the Web side and even on the overall Internet security are introduced,and the problems faced by network security practitioners are analyzed.(2)Introduce and study the generation principle and common use ways of SQL injection vulnerability,enumerate the methods of SQL injection,analyze and study the process and main functions of SQL automatic injection tool.(3)Automated injection tool SQLReveal is implemented using Python layered design,which integrates the existing methods of SQL injection vulnerability detection and injection.(4)Rewrite and build a shooting range based on Sqli-Labs vulnerability source,test the SQLReveal locally,and compare it horizontally with other injection tools to summarize the advantages and disadvantages of each software performance.(5)Reduce the threshold for safety testing,while freeing experienced practitioners from complex manual testing,and be more flexible in the face of complex and changing conditions in penetration testing.