IntruderpayloadsA collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and checklists.
AutosqliAn automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap.
Bobby Tablesbobby-tables.com, the site for preventing SQL injections
BlisqyVersion 0.2 - Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB).
Hacker101Source code for Hacker101.com - a free online web and mobile security class.
PhpvulnAudit tool to find common vulnerabilities in PHP source code
Sqlite LabThis code is vulnerable to SQL Injection and having SQLite database. For SQLite database, SQL Injection payloads are different so it is for fun. Just enjoy it \m/
NosqlmapAutomated NoSQL database enumeration and web application exploitation tool.
Black WidowGUI based offensive penetration testing tool (Open Source)
FawkesFawkes is a tool to search for targets vulnerable to SQL Injection. Performs the search using Google search engine.
SourcecodesnifferThe Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Mssqli DuetSQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing
Sap exploitHere you can get full exploit for SAP NetWeaver AS JAVA
Pentesting BibleLearn ethical hacking.Learn about reconnaissance,windows/linux hacking,attacking web technologies,and pen testing wireless networks.Resources for learning malware analysis and reverse engineering.
Local File Disclosure Sql Injection LabThis is sample code to demonstrate how one can use SQL Injection vulnerability to download local file from server in specific condition. If you have any doubt, ping me at https://twitter.com/IndiShell1046 :)
Sqlivmassive SQL injection vulnerability scanner
Jsql InjectionjSQL Injection is a Java application for automatic SQL database injection.
JanusecJanusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
BlazyBlazy is a modern login bruteforcer which also tests for CSRF, Clickjacking, Cloudflare and WAF .
DvwaDamn Vulnerable Web Application (DVWA)
GraphqlmapGraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
ProtectProactively protect your Node.js web services
Cerberus一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
SqlmapAutomatic SQL injection and database takeover tool
W3afw3af: web application attack and audit framework, the open source web vulnerability scanner.
Sqli HunterSQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
ArachniWeb Application Security Scanner Framework
DamnwebscannerAnother web vulnerabilities scanner, this extension works on Chrome and Opera
SQLbitJust another script for automatize boolean-based blind SQL injections. (Demo)
vulnerabilitiesList of every possible vulnerabilities in computer security.
gDorksVulnerable website scraper
Flag-CaptureSolutions and write-ups from security-based competitions also known as Capture The Flag competition
Cracker-ToolAll in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
cyber-gymDeliberately vulnerable scripts for Web Security training
diwaA Deliberately Insecure Web Application
tensorflow-tbcnnTree-based Convolutional Neural Network for SQL Injection Detect
soar-phpSQL optimizer and rewriter. - SQL 优化、重写器(辅助 SQL 调优)。
banethis is a python module that contains functions and classes which are used to test the security of web/network applications. it's coded on pure python and it's very intelligent tool ! It can easily detect: XSS (relected/stored), RCE (Remote Code/Command Execution), SSTI, SSRF, CORS Misconfigurations, File Upload, CSRF, Path Traversal,.... Also, …
aws-wafDeep Security's APIs make it simple to integration with a variety of AWS Services
filter-var-sqliBypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
magicReconMagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats.
hackableA python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
sqlscanQuick SQL Scanner, Dorker, Webshell injector PHP
hasherbasherSQL injection via bruteforced MD5 hash reflection of random strings