6 Repos
Specialized engines for detecting and exploiting SQL injection vulnerabilities.
Distinguishing note: Focuses on automated parameter injection.
Explore 6 awesome GitHub repositories matching security & cryptography · SQL Injection Tools. Refine with filters or upvote what's useful.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Detects and exploits database vulnerabilities by automating malicious payload injection.
DVWA is a vulnerable web application sandbox and PHP security training environment. It serves as a deployable penetration testing target and an OWASP Top 10 lab designed for practicing exploits and simulating common web security vulnerabilities. The application allows users to adjust security difficulty levels to match their skill level and toggle between different SQL database engines to test how various systems handle injection attacks. It includes a mechanism to disable authentication, enabling automated security tools to interact directly with the environment. The project provides capabi
Provides a multi-engine environment for practicing and testing various SQL injection attack vectors.
K8tools is a multi-stage attack framework that combines memory-only payload execution, credential testing, port forwarding, privilege escalation, and physical USB-based keystroke injection for comprehensive system compromise. At its core, the Ladon PowerShell module loads a multi-function scanner directly into memory, enabling command execution without writing files to disk, while supporting memory-only payload delivery that downloads and runs obfuscated shellcode or PowerShell commands to evade antivirus detection. The framework distinguishes itself through its breadth of integrated capabili
Provides tools to practice exploiting SQL injection flaws.
AllHackingTools is a security tool orchestrator and suite designed to install, update, and manage a wide array of third-party hacking and security utilities from a single command interface. It functions as a centralized hub for network analysis, open source intelligence, penetration testing, and social engineering tools. The project provides specialized frameworks for gathering open source intelligence and searching for user profiles across social platforms. It includes toolkits for network reconnaissance, vulnerability scanning, and the execution of security exploits, as well as a social eng
Provides specialized engines for detecting and exploiting SQL injection vulnerabilities.
Ghauri ist ein automatisierter SQL-Injection-Scanner und Exploitation-Tool, das darauf ausgelegt ist, Daten aus anfälligen Datenbanken zu erkennen und zu extrahieren. Es fungiert als Framework zur Datenbank-Exfiltration, das Sicherheitslücken identifiziert und System-Banner, Hostnamen sowie Datenbankschemata abruft. Das Tool erkennt Boolean-, Error-, Time-based- und Stacked-Query-Schwachstellen über mehrere Eingabevektoren hinweg, einschließlich HTTP-Header, Cookies, JSON, SOAP und XML. Es bietet Funktionen für die automatisierte Datenbank-Exfiltration und die Verarbeitung von Bulk-Ziel-Listen, um Schwachstellen in mehreren Umgebungen zu identifizieren. Das System umfasst Netzwerk-Traffic-Obfuskation durch Proxy-Routing und User-Agent-Randomisierung, um Sicherheitsbeschränkungen zu umgehen. Es verwaltet zudem die Persistenz des Session-Zustands, um die Wiederaufnahme unterbrochener Datenextraktionsprozesse zu ermöglichen, und bietet Kontrollen zur Begrenzung des Volumens abgerufener Datensätze.
Automates the detection and extraction of data from databases by exploiting SQL injection vulnerabilities.
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
Automates database exploitation and scanning by integrating SQLmap functionality.