#Sql-injection
Showing 60 of 78 repositories tagged #sql-injection, ranked by stars
Automatic SQL injection and database takeover tool
SafeLine is a self-hosted WAF(Web Application Firewall) / reverse proxy to protect your web apps from attacks and exploits.
Source code for Hacker101.com - a free online web and mobile security class.
Damn Vulnerable Web Application (DVWA)
Top disclosed reports from HackerOne
w3af: web application attack and audit framework, the open source web vulnerability scanner.
Web Application Security Scanner Framework
Automated NoSQL database enumeration and web application exploitation tool.
DDos Ripper a Distributable Denied-of-Service (DDOS) attack server that cuts off targets or surrounding infrastructure in a flood of Internet traffic
jSQL Injection is a Java application for automatic SQL database injection.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
The most comprehensive SQL guide from a real-world expert! Learn everything from basics to advanced queries, optimizations, and real-world SQL
JANUSEC Application Gateway provides secure access, including reverse proxy, K8S Ingress Controller, Automatic ACME Certificate, WAF, 5-Second Shield, CC Defense, OAuth2 Authentication, Global Server Load Balance, and Cookie Compliance etc. JANUSEC应用网关,提供安全的接入,包括反向代理、K8S Ingress Controller、自动化ACME证书、WAF、5秒盾、CC防御、OAuth2身份认证、GSLB负载均衡与Cookie合规等。
Advanced reconnaissance utility
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
Get started with SQL database programming. This beginner's guide provides step-by-step tutorials, practical examples, exercises, and resources to master SQL. Let's unlock the power of data with SQL!
Database firewall written in Go
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Tips on how to write exploit scripts (faster!)
Proactively protect your Node.js web services
This repository contains full code examples from the book Gray Hat C#
SQL Injection Vulnerability Scanner made with Python
eLearnSecurity Junior Penetration Tester (eJPT) v2 Notes
A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin import, and is dedicated to exploring web black-box vulnerabilities.
The "bane" Python library stands out as a robust toolkit catering to a wide spectrum of cybersecurity and networking tasks. Its versatile range of functionalities covers various aspects, including bruteforce attacks, cryptographic methods, DDoS attacks, information gathering, botnet creation and management, and CMS vulnerability scanning and more..
[VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本,端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具,批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect website security vulnerabilities.
The OSTE meta scanner is a comprehensive web vulnerability scanner that combines multiple DAST scanners, including Nikto Scanner, ZAP, Nuclei, SkipFish, and Wapiti.
Egyscan The Best web vulnerability scanner; it's a multifaceted security powerhouse designed to fortify your web applications against malicious threats. Let's delve into the tasks and functions that make Egyscan an indispensable tool in your security arsenal:
Quick SQL Scanner, Dorker, Webshell injector PHP
IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applications.
GUI based offensive penetration testing tool (Open Source)
Zen protects your Node app against attacks with one line of code. Get peace of mind— at runtime.
ChatGPT加持的,多人在线协同信息安全报告编写平台。目前支持的报告类型:渗透测试报告,APP隐私合规报告。
Linux Cheat Sheet
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
Vulnerable Client-Server Application (VuCSA) is made for learning how to perform penetration tests of non-http thick clients. It is written in Java (with JavaFX graphical user interface) and contains multiple challenges including SQL injection, RCE, XML vulnerabilities and more.
SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Automated API security testing
NLP model and tech for cyber security tasks
This repository is a curated resource for aspiring bug hunters, offering hands-on labs, tools, and structured guidance to support your learning and practical development in the field of ethical hacking and vulnerability research.
Tests URLs for Local File Inclusion (LFI), Remote File Inclusion (RFI), SQL injection (SQLi), and Cross Site Scripting (XSS), Server Side Template Injection (SSTI), and Open Redirects.
Learning and hunting SQL injection bugs for 50 continuous days
Advanced web security scanner with 49 modules, evasion engine, and CVE database.
A Deliberately Insecure Web Application
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
The primary goal of this project is to explain SQL Injection (one of the OWASP Top 10 vulnerabilities) and to provide a beneficial resource for the security community.
A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
List of every possible vulnerabilities in computer security.
WEB SQLi Injection DB Dumper DATA Hacking Tool
An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.
SQL Injection Payloads List.
Advanced SQLMap command builder with an intuitive cheatsheet UI. Works locally in your browser as a single HTML file (no data sent anywhere).
A comprehensive browser extension designed for authorized security testing and penetration testing activities. CyberInject provides quick access to common security payloads across multiple vulnerability categories.
An Advanced Web Application Firewall that protects against threats like SQL injection and XSS by filtering HTTP traffic. It combines signature-based detection and machine learning-based anomaly detection to identify obfuscated, zero-day, and unknown attacks through behavioral analysis.
CoupDeWeb is an automated web vulnerability scanner designed for security researchers and developers. It scans for potential vulnerable endpoints, targeting various types of vulnerabilities such as XSS, SQL Injection, and more.
gathering or searching websites that are vulnerable to sql injection ( GUI Tools )
Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
An AI-powered web application vulnerability scanner that automates the detection of common security flaws and provides AI-driven insights for impact assessment and remediation suggestions.
Godzilla is an automated scanner tool for bug hunters/pentesters that can scan website for vulnerabilities, Do Information gathering in Network range, exploit and attack network.