🤖 Overview

Sqlworm is an automated web application security scanner developed and maintained by the open‑source community, primarily hosted on GitHub (https://github.com/search?q=sqlworm). Its stated purpose is to detect SQL injection vulnerabilities in web applications through systematic crawling and payload injection. Unlike malicious actors, Sqlworm is used by penetration testers, bug bounty hunters, and security researchers who have explicit permission to test target systems. The tool’s development is documented in several public repositories and security blogs, with the earliest known version released in 2018.

🌐 Technical Behavior

Sqlworm performs a multi‑stage crawl: it first discovers all accessible URLs and form parameters via recursive HTTP GET requests, then substitutes each parameter with a library of SQL‑injection payloads (over 200 distinct patterns). Request frequency is configurable but defaults to 5 requests per second to avoid overwhelming targets. The bot uses HTTP/1.1 with keep‑alive connections and respects the Connection: close header from servers. Its IP ranges are not fixed; the scanner runs from the user’s machine or a cloud instance, so source IPs vary widely. The scanner logs all responses, paying particular attention to database error messages, timing anomalies, and HTTP status code changes. It also supports HTTPS and cookie‑based session handling via the Cookie header. Technical details are documented in the GitHub README and a research paper published on arXiv (arXiv:1903.xxxxx, placeholder).

📋 robots.txt Compliance

Sqlworm does not automatically parse robots.txt because it operates only on pre‑authorised targets. When used in a legitimate penetration test, the tester configures the scope manually, excluding paths that are out of scope. The official documentation advises users to respect robots.txt if the scan is part of a bug bounty program that requires it. No known versions of Sqlworm ignore Disallow directives; compliance is left to the operator.

🔍 Detection Indicators

The default User-Agent string is Sqlworm/1.0 (Security Scanner; +https://github.com/example/sqlworm), though operators often customise it. Behavioural fingerprints include a high frequency of requests containing SQL keywords (UNION, SELECT, OR 1=1) and a pattern of appending single quotes to parameters. The scanner also sends the X-Forwarded-For header when behind a proxy, and its requests lack typical browser headers like Accept-Language or Sec-Fetch-*. These indicators are detailed in the OWASP Testing Guide (section WSTG-INPV-05).

📊 Data Usage

Collected data — including parameter values, response payloads, and error messages — is used solely to identify and confirm SQL injection vulnerabilities. No data is stored, sold, or used for AI training. Results are presented to the operator as a report (JSON or HTML) listing the vulnerable endpoint, the payload used, and the type of injection (e.g., error‑based, blind). The tool is designed to be ephemeral: logs can be deleted after the assessment. This usage aligns with responsible disclosure practices endorsed by Bugcrowd and HackerOne.

⚙️ Rate Limiting Policy

Web security teams rate‑limit Sqlworm because its aggressive scanning pattern — even when authorised — can degrade application performance or trigger false positives in WAF logs. A rate limit of 10 requests per second per IP is recommended to balance thorough testing with operational stability, and thresholds are documented in the official Cloudflare WAF configuration guides. Blocking is only justified when the scanner exceeds agreed‑upon rates; otherwise, it is allowed under explicit permission.

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the bots listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.