I have recently been working with different types of SQL injections as a part of my introduction into basic penetration testing. While practicing on various websites (legally, of course), I noticed that the process of carrying out injections was actually very methodical. Similar to brute forcing 6-character password given its hash, I realized that there are actually a relatively small, finite number of malicious SQL queries you could send to a website before you could safely say that it has sufficient countermeasures in place against injections. The most difficult scenario would be if a website was only vulnerable to boolean-based or time-based injections; This would significantly decrease the viability of extracting data from the underlying database because the attacker would have to enumerate it character by character. However, even in the case of databases with >100 tables, tables, and attributes, determined attackers can still steal massive amounts of information - especially if they have found a way to automate their attacks. Automation is at the heart of what I want my original work to be. I would like to create one such automated SQL injection executor, but not for malicious purposes. It could be used by web developers to quickly check their code for any vulnerabilities. Today, SQL injections remain one of the most common and dangerous web exploits. I hope that my original work may contribute to changing that.