20 रिपॉजिटरी
Tools for detecting and exploiting SQL injection vulnerabilities.
Explore 20 awesome GitHub repositories matching part of an awesome list · SQL Injection. Refine with filters or upvote what's useful.
This project is an automated security testing suite designed to detect and exploit database vulnerabilities. It functions as a command-line utility that streamlines the identification, verification, and exploitation of web application flaws by automating the injection of malicious payloads into input parameters. The tool provides a comprehensive framework for database enumeration, allowing users to extract schema information, user data, and system configurations from identified injection points. What distinguishes this tool is its sophisticated engine for dynamic payload adaptation and heuris
Automated penetration testing tool for SQL injection and database takeover.
reconftw is an attack surface management framework and reconnaissance workflow orchestrator designed to automate the discovery, mapping, and monitoring of external digital assets. It operates as a modular tool-chain pipeline that coordinates a sequence of security tools to perform intelligence gathering and vulnerability scanning. The project distinguishes itself through a cloud-native deployment model that parallelizes scanning workloads across a fleet of remote VPS instances to bypass local resource constraints. It utilizes container-based environment isolation to ensure consistent executio
Identifies error-based and blind SQL injection points within URL parameters.
AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co
Provides a comprehensive collection of SQL injection payloads and exploitation techniques.
sqli-labs is a collection of intentionally vulnerable web applications and sandbox environments designed for practicing the identification and exploitation of SQL injection vulnerabilities. It serves as a cybersecurity education lab where users can experiment with database exploits in a controlled setting. The environment provides specialized modules for testing a wide range of attack vectors, including error-based, boolean-blind, and time-based injections. It specifically covers advanced techniques such as second-order injections, stacked queries, and attacks targeting HTTP headers. The pro
Provides a local testing ground for executing error-based, boolean-blind, and time-based SQL attacks.
Automated NoSQL database enumeration and web application exploitation tool.
Automated enumeration and exploitation for NoSQL databases.
Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific exe
Implements tools to execute malicious SQL codes against websites to access backend database servers.
massive SQL injection vulnerability scanner
Massive-scale SQL injection vulnerability scanner.
Automatic SQL injection with Charles and sqlmap api
Automates SQL injection testing with Charles and sqlmap.
mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse
Toolkit for lateral movement via compromised MS SQL servers.
SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Proxy server and sqlmap wrapper for SQL injection testing.
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
CLI tool for finding NoSQL injection vulnerabilities.
Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. While ESC can be a handy SQL Client for daily tasks, it was originally designed for targeting SQL Servers during penetration tests and red team engagements. The intent of the project is to provide an .exe, but also sample files for execution through mediums like msbuild and PowerShell.
Interactive SQL console for discovery and data exfiltration.
Gather urls from wayback machine then test each GET parameter for sql injection.
Tests GET parameters for SQL injection using Wayback Machine data.
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Extracts domain users via MSSQL injection and RID brute-forcing.
Blind SQL Injection Tool with Golang
Go-based tool for blind SQL injection.
Messy BurpSuite plugin for SQL Truncation vulnerabilities.
Burp plugin for testing SQL truncation vulnerabilities.
A python library to automate time-based blind SQL injection
Library for automating time-based blind SQL injection.
Hands-on practice environment for testing SQL injection skills.
Performs SQL injection tests on Burp Suite requests.
Parses Burp history to discover potential SQL injection points.