Current status: MySQL-only (for now).
AttackOnDatabase generates a balanced dataset of SQL injection payloads by downloading the required sqlmap XML definitions directly from the official sqlmap GitHub repository.
It is ideal for building and testing machine learning pipelines for SQL injection detection and classification.
It combines sqlmap boundaries and MySQL-compatible payload templates, resolves placeholders into concrete values, and writes two text files:
- one file with placeholders preserved
- one file with fully resolved SQL payloads
The script also prints a small analysis summary for the resolved dataset after generation.
- Downloads
boundaries.xmland the payload XML files directly from GitHub - Filters payloads to MySQL/MariaDB-compatible tests
- Resolves common sqlmap placeholders such as
[RANDNUM],[RANDSTR], and[UNION] - Produces a balanced mix of simple, mixed, and complex payloads
- Keeps the repository clean for public publication by avoiding local sqlmap checkouts and generated artifacts
- Python 3.12 or newer
- Internet access during generation
Run the generator from the project root:
python main.pyOptional arguments:
python main.py -o output
python main.py --max-payloads 10000
python main.py --placeholder-file custom_placeholders.txt
python main.py --resolved-file custom_resolved.txtBy default, the script writes these files in the current directory:
mysql_sqlmap_payloads_with_placeholders.txtmysql_sqlmap_payloads_resolved.txt
The resolved file is also analyzed automatically at the end of the run.
- The project no longer needs a local
sqlmap_repofolder. - Generated dataset files and virtual environments are ignored by Git.
Use this project only for authorized security testing, research, and defensive purposes. Do not use generated payloads against systems you do not own or explicitly have permission to test.