awesome-repositories.com
Blog
awesome-repositories.com

Entdecke die besten Open-Source-Repositories mit KI-gestützter Suche.

EntdeckenKuratierte SuchenOpen-Source-AlternativenSelf-hosted SoftwareBlogSitemap
ProjektÜber unsRanking-MethodikPresseMCP-Server
RechtlichesDatenschutzAGB
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

20 Repos

Awesome GitHub RepositoriesSQL Injection

Tools for detecting and exploiting SQL injection vulnerabilities.

Explore 20 awesome GitHub repositories matching part of an awesome list · SQL Injection. Refine with filters or upvote what's useful.

Awesome SQL Injection GitHub Repositories

Finde die besten Repos mit KI.Wir suchen mit KI nach den am besten passenden Repositories.
  • sqlmapproject/sqlmapAvatar von sqlmapproject

    sqlmapproject/sqlmap

    37,676Auf GitHub ansehen↗

    This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris

    Automated penetration testing tool for SQL injection and database takeover.

    Pythondatabasedetectionexploitation
    Auf GitHub ansehen↗37,676
  • six2dez/reconftwAvatar von six2dez

    six2dez/reconftw

    7,226Auf GitHub ansehen↗

    reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio

    Identifies error-based and blind SQL injection points within URL parameters.

    Shellbug-bountybugbountybugbounty-tool
    Auf GitHub ansehen↗7,226
  • daffainfo/allaboutbugbountyAvatar von daffainfo

    daffainfo/AllAboutBugBounty

    6,644Auf GitHub ansehen↗

    AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co

    Provides a comprehensive collection of SQL injection payloads and exploitation techniques.

    bugbugbountybugbountytips
    Auf GitHub ansehen↗6,644
  • audi-1/sqli-labsAvatar von Audi-1

    Audi-1/sqli-labs

    5,791Auf GitHub ansehen↗

    sqli-labs ist eine Sammlung absichtlich verwundbarer Webanwendungen und Sandbox-Umgebungen, die für das Üben der Identifizierung und Ausnutzung von SQL-Injection-Schwachstellen entwickelt wurden. Es dient als Cybersicherheits-Labor, in dem Benutzer in einer kontrollierten Umgebung mit Datenbank-Exploits experimentieren können. Die Umgebung bietet spezialisierte Module zum Testen einer breiten Palette von Angriffsvektoren, einschließlich fehlerbasierter, boolean-blinder und zeitbasierter Injections. Sie deckt spezifisch fortgeschrittene Techniken wie Second-Order-Injections, Stacked Queries und Angriffe auf HTTP-Header ab. Das Projekt enthält zudem Übungen, die sich auf die Umgehung von Sicherheitsfiltern und Web Application Firewalls durch Techniken wie Kommentar-Stripping und Impedance Mismatch konzentrieren. Diese Szenarien ermöglichen die Simulation von realen Penetrationstests und Audits der Datenbanksicherheit.

    Provides a local testing ground for executing error-based, boolean-blind, and time-based SQL attacks.

    PHP
    Auf GitHub ansehen↗5,791
  • codingo/nosqlmapAvatar von codingo

    codingo/NoSQLMap

    3,304Auf GitHub ansehen↗

    Automated NoSQL database enumeration and web application exploitation tool.

    Automated enumeration and exploitation for NoSQL databases.

    Python
    Auf GitHub ansehen↗3,304
  • jaykali/maskphishAvatar von jaykali

    jaykali/maskphish

    3,020Auf GitHub ansehen↗

    Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe

    Implements tools to execute malicious SQL codes against websites to access backend database servers.

    Shellhackhackinghacking-tool
    Auf GitHub ansehen↗3,020
  • the-robot/sqlivAvatar von the-robot

    the-robot/sqliv

    1,228Auf GitHub ansehen↗

    massive SQL injection vulnerability scanner

    Massive-scale SQL injection vulnerability scanner.

    Python
    Auf GitHub ansehen↗1,228
  • 0xbug/sqliscannerAvatar von 0xbug

    0xbug/SQLiScanner

    824Auf GitHub ansehen↗

    Automatic SQL injection with Charles and sqlmap api

    Automates SQL injection testing with Charles and sqlmap.

    Python
    Auf GitHub ansehen↗824
  • blackarrowsec/mssqlproxyAvatar von blackarrowsec

    blackarrowsec/mssqlproxy

    771Auf GitHub ansehen↗

    mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

    Toolkit for lateral movement via compromised MS SQL servers.

    Python
    Auf GitHub ansehen↗771
  • zt2/sqli-hunterAvatar von zt2

    zt2/sqli-hunter

    433Auf GitHub ansehen↗

    SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

    Proxy server and sqlmap wrapper for SQL injection testing.

    Ruby
    Auf GitHub ansehen↗433
  • charlie-belmer/nosqliAvatar von Charlie-belmer

    Charlie-belmer/nosqli

    409Auf GitHub ansehen↗

    NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.

    CLI tool for finding NoSQL injection vulnerabilities.

    Go
    Auf GitHub ansehen↗409
  • netspi/escAvatar von NetSPI

    NetSPI/ESC

    308Auf GitHub ansehen↗

    Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.

    Interactive SQL console for discovery and data exfiltration.

    C#
    Auf GitHub ansehen↗308
  • ghostlulzhacks/waybacksqliscannerAvatar von ghostlulzhacks

    ghostlulzhacks/waybackSqliScanner

    202Auf GitHub ansehen↗

    Gather urls from wayback machine then test each GET parameter for sql injection.

    Tests GET parameters for SQL injection using Wayback Machine data.

    Python
    Auf GitHub ansehen↗202
  • keramas/mssqli-duetAvatar von Keramas

    Keramas/mssqli-duet

    91Auf GitHub ansehen↗

    SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

    Extracts domain users via MSSQL injection and RID brute-forcing.

    Python
    Auf GitHub ansehen↗91
  • sadicann/andorAvatar von sadicann

    sadicann/andor

    83Auf GitHub ansehen↗

    Blind SQL Injection Tool with Golang

    Go-based tool for blind SQL injection.

    Go
    Auf GitHub ansehen↗83
  • initroot/burpsqltruncsannerAvatar von InitRoot

    InitRoot/BurpSQLTruncSanner

    65Auf GitHub ansehen↗

    Messy BurpSuite plugin for SQL Truncation vulnerabilities.

    Burp plugin for testing SQL truncation vulnerabilities.

    Python
    Auf GitHub ansehen↗65
  • mhaskar/blinderAvatar von mhaskar

    mhaskar/Blinder

    50Auf GitHub ansehen↗

    A python library to automate time-based blind SQL injection

    Library for automating time-based blind SQL injection.

    Python
    Auf GitHub ansehen↗50
  • breakthenet/hackme-sql-injection-challengesB

    breakthenet/HackMe-SQL-Injection-Challenges

    0Auf GitHub ansehen↗

    Hands-on practice environment for testing SQL injection skills.

    Auf GitHub ansehen↗0
  • miladkhoshdel/burp-to-sqlmapM

    Miladkhoshdel/burp-to-sqlmap

    0Auf GitHub ansehen↗

    Performs SQL injection tests on Burp Suite requests.

    Auf GitHub ansehen↗0
  • rhinosecuritylabs/sleuthqlR

    RhinoSecurityLabs/SleuthQL

    0Auf GitHub ansehen↗

    Parses Burp history to discover potential SQL injection points.

    Auf GitHub ansehen↗0
  1. Home
  2. Part of an Awesome List
  3. Security & Privacy
  4. SQL Injection

Unter-Tags erkunden

  • Injection SandboxesIsolated environments specifically designed for executing and testing injection attack vectors. **Distinct from SQL Injection:** Focuses on the sandbox environment itself rather than the general tools for detection/exploitation.