ScanQLi is a simple SQL injection scanner with somes additional features. This tool can’t exploit the SQLi, it just detect them. Tested on Debian 9.
ScanQLi is a SQLi scanner to detect SQL vulns.


  • Classic
  • Blind
  • Time based
  • GBK (soon)
  • Recursive scan (follow all hrefs of the scanned web site)
  • Cookies integration
  • Adjustable wait delay between requests
  • Ignore given URLs


Install git tool

apt update
apt install git

Clone the repo.

git clone

Install python required libs

apt install python-pip
cd ScanQLi

pip install -r requirements.txt

For python3 please install python3-pip and use pip3

Also Read : ParamPamPam : Tool For Brute Discover Parameters


./scanqli -u [URL] [OPTIONS]


Simple URL scan with output file

python -u ‘’ -o output.log

Recursive URL scanning with cookies

python -u ‘’ -r -c ‘{“PHPSESSID”:”4bn7uro8qq62ol4o667bejbqo3″ , “Session”:”Mzo6YWMwZGRmOWU2NWQ1N2I2YTU2YjI0NTMzODZjZDVkYjU=”}’