Next-generation SQL Injection detection powered by Ghauri Engine and Llama-3 AI Analysis.
Diploma Final Year Project
SQL Injection (SQLi) is a code injection technique where an attacker executes malicious SQL statements that control a web application's database server.
It is ranked as one of the most critical web application vulnerabilities by OWASP, allowing attackers to bypass authentication, access sensitive data, or delete entire databases.
SQLitar is designed to detect these common attack patterns
Uses the UNION operator to combine the results of two or more SELECT statements into a single result, leaking database data directly to the user interface.
Forces the database to generate an error message. The attacker analyzes these detailed error messages to learn about the database structure or version.
The most dangerous type. The application does not return data, so the attacker asks True/False questions (Boolean) or uses time delays (Time-based) to infer data.
Raw scan data can be difficult to interpret. SQLitar integrates with Groq's Llama-3 model to analyze the Ghauri scan logs.
This tool was developed as a Diploma Final Year Project. Your feedback is crucial for the "System Testing" and "Findings" chapter of my thesis.
Participate in Survey Launch Tool