Search Results for "sql injection scanner"
Sort By:
67 projects for "sql injection scanner" with 1 filter applied:
-
AestheticsPro Medical Spa SoftwareAestheticsPro is the most complete Aesthetics Software on the market today. HIPAA Cloud Compliant with electronic charting, integrated POS, targeted marketing and results driven reporting; AestheticsPro delivers the tools you need to manage your medical spa business. It is our mission To Provide an All-in-One Cutting Edge Software to the Aesthetics Industry.
-
Skillfully - The future of skills based hiringSkillfully transforms hiring through AI-powered skill simulations that show you how candidates actually perform before you hire them. Our platform helps companies cut through AI-generated resumes and rehearsed interviews by validating real capabilities in action. Through dynamic job specific simulations and skill-based assessments, companies like Bloomberg and McKinsey have cut screening time by 50% while dramatically improving hire quality.
-
1
Go SQLBuilder
Powerful SQL string builder library plus a zero-config ORM
Go-SQLBuilder is a flexible and powerful SQL string builder library for the Go programming language. It aids developers in constructing SQL queries programmatically, ensuring code readability and maintainability. -
2
Squel
SQL query string builder for Javascript
Squel is a JavaScript library for fluent and safe SQL query string building, usable both in Node.js environments and in the browser. Works in Node.js and in the browser. Supports the standard SQL queries: SELECT, UPDATE, INSERT, and DELETE. Supports non-standard commands for popular DB engines such as MySQL. Supports parameterized queries for safe value escaping. It can be customized to build any query or command of your choosing. Uses method chaining for ease of use. -
3
Coraza
OWASP Coraza WAF is a golang modsecurity compatible firewall library
...Coraza runs the OWASP Core Rule Set (CRS) to protect your web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. CRS protects from many common attack categories including: SQL Injection (SQLi), Cross Site Scripting (XSS), PHP & Java Code Injection, HTTPoxy, Shellshock, Scripting/Scanner/Bot Detection & Metadata & Error Leakages. Coraza is a library at its core, with many integrations to deploy on-premise Web Application Firewall instances. -
4
promptmap2
A security scanner for custom LLM applications
promptmap is an automated security scanner for custom LLM applications that focuses on prompt injection and related attack classes. The project supports both white-box and black-box testing, which means it can either run tests directly against a known model and system prompt configuration or attack an external HTTP endpoint without internal access. Its scanning workflow uses a dual-LLM architecture in which one model acts as the target being tested and another acts as a controller that evaluates whether an attack succeeded. ... -
The Most Powerful Software Platform for EHSQ and ESG ManagementChoose from a complete set of software solutions across EHSQ that address all aspects of top performing Environmental, Health and Safety, and Quality management programs.
-
5
Sec-Context
AI Code Security Anti-Patterns distilled from 150+ sources
...It compiles insights from over 150 industry and academic sources into structured reference documents that outline real-world security problems such as hardcoded secrets, SQL injection, cross-site scripting, command injection, weak password storage, and other frequent issues that occur when code is auto-generated without context of best practices. Each anti-pattern is paired with a secure coding alternative and explanation, offering educational value for both humans and automated review agents designed to flag or correct unsafe patterns. -
6
XRAY
XRay for recon, mapping and OSINT gathering from public networks
...XRay is typically used as a reconnaissance and vulnerability discovery engine in red-team or app-security workflows: it leverages extensible plugins to adapt to different protocols, inject payloads, and detect common bug classes such as injection flaws, misconfigurations, and unsafe endpoints. The modular architecture means users can customize or extend the engine with new analyzers, fuzzers, or output formats tailored to specific testing environments. Rather than being a “one-size-fits-all” black box scanner, XRAY encourages interactive exploration and integrates with other tooling. -
7
Django
The Web framework for perfectionists with deadlines
Django is a high-level, free and open-source Python web framework founded on the Model–Template–View (MTV) pattern, designed to facilitate rapid development of secure, maintainable, and scalable database-driven websites. First, read docs/intro/install.txt for instructions on installing Django. Next, work through the tutorials in order (docs/intro/tutorial01.txt, docs/intro/tutorial02.txt, etc.). If you want to set up an actual deployment server, read docs/howto/deployment/index.txt for... -
8
Wapiti
Wapiti is a web-application vulnerability scanner
Wapiti is a vulnerability scanner for web applications. It currently search vulnerabilities like XSS, SQL and XPath injections, file inclusions, command execution, XXE injections, CRLF injections, Server Side Request Forgery, Open Redirects... It use the Python 3 programming language. -
9
Pentaho
Pentaho offers comprehensive data integration and analytics platform.
Pentaho couples data integration with business analytics in a modern platform to easily access, visualize and explore data that impacts business results. Use it as a full suite or as individual components that are accessible on-premise, in the cloud, or on-the-go (mobile). Pentaho enables IT and developers to access and integrate data from any source and deliver it to your applications all from within an intuitive and easy to use graphical tool. The Pentaho Enterprise Edition Free Trial... -
Rezku Point of SaleRezku is an all-inclusive ordering platform and management solution for all types of restaurant and bar concepts. You can now get a fully custom branded downloadable smartphone ordering app for your restaurant exclusively from Rezku.
-
10
CerberusCMS5
Cerberus Content Management System
Cerberus Content Management System is a dynamic, secure and infinitely expandable CMS designed after a Unix-Like model. It is a custom written Web Application Framework ( W.A.F. ) with a consistent and custom written Pre-Hyper-Text-Post-Processor Programming Code Framework ( P.C.F. ). This Web Application Software Project' aim is to be the fastest and most secure Web Application Framework, Web Application Programming Code Framework, Text, Voice and Video Communications Platform and Content... -
11
Cerberus Content Management System 6
Cerberus Content Management System
Cerberus Content Management System is a dynamic, secure and infinitely expandable CMS designed after a Unix-Like model complete with a Unix-Like Kernel File named: Cerberus. It is a custom written Web Application Framework ( W.A.F. ) with a consistent and custom written Pre-Hyper-Text-Post-Processor Programming Code Framework ( P.C.F. ). This Web Application Software Project' aim is to be the fastest and most secure Web Application Framework, Web Application Programming Code Framework, Text,... -
12
paramspider
Mine parameterized URLs from web archives for security testing
...Instead of returning every discovered URL, the tool intelligently filters results to highlight parameterized endpoints that are more useful for vulnerability testing. These endpoints are commonly used during reconnaissance because parameters often expose inputs that may be vulnerable to issues like cross-site scripting, SQL injection, or server-side request forgery. ParamSpider automates the process of retrieving archived URLs, cleaning them, and preparing them for fuzzing or further probing. It can process a single domain or multiple domains from a list, making it useful for both targeted testing and large-scale reconnaissance. -
13
kangle is a light, high-performance web server.support fastcgi/isapi/ajp/uwsgi/scgi/hmux protocol.include a http manage console. Full support access control. memory/disk cache. virtual host can run in seperate process and user. and more
-
14
Big List of Naughty Strings
List of strings which have a high probability of causing issues
The Big List of Naughty Strings is a community-maintained catalog of “gotcha” inputs that commonly break software, from unusual Unicode to SQL and script injection payloads. It exists so developers and QA engineers can easily test edge cases that normal test data would miss, such as zero-width characters, right-to-left marks, emojis, foreign alphabets, and long or malformed strings. By throwing these strings at forms, APIs, databases, and UIs, teams can discover encoding bugs, sanitizer gaps, rendering issues, and security oversights early. ... -
15
CodeQL
Libraries and queries that power security researchers
...Instead of just pattern matching text, CodeQL ingests source code, builds rich representations of structure and data flow, and allows queries that reason about control flow, type systems, and interprocedural relationships. This makes it powerful not just for basic linting but for deep detection of complex security flaws like SQL injection, cross-site scripting, and taint propagation that traditional static analyzers can miss. CodeQL is used by security teams, developers, and open-source tooling to create reusable query libraries, enforce policy across repositories, and automate findings in CI/CD pipelines. -
16
PHP mini vulnerability suite
Multiple server/webapp vulnerability scanner
github: https://github.com/samedog/phpmvs -
17
RED HAWK
All-in-one reconnaissance and vulnerability scanning toolkit for sites
...It can collect a wide range of information about domains, servers, and web applications, including network details, hosting configuration, and content management system detection. It also provides vulnerability scanning features that help identify potential issues such as error-based SQL injection vulnerabilities and sensitive file exposure. RED HAWK includes utilities for performing DNS lookups, port scans, subdomain discovery, and reverse IP analysis, giving users a comprehensive view of a target environment. In addition to vulnerability detection, RED HAWK offers crawling features that gather links and metadata from websites to support deeper reconnaissance. -
18
JavaEETest
Spring, SpringMVC, MyBatis, Spring Boot cases
JavaEETest is a comprehensive example repository showcasing Java web development using key technologies like Spring, Spring MVC, MyBatis, and Spring Boot. The project contains many small self-contained demo modules that demonstrate specific concepts such as dependency injection, MVC routing, ORM mapping, transaction management, caching, security configuration, and database interaction. It provides ready-to-run code that learners can inspect to understand how Java web apps are structured and how these frameworks collaborate under the hood. Tutorials and example code include working with REST APIs, session management, dynamic SQL with MyBatis, annotation-driven Spring configuration, and more advanced features like caching and Spring Security. ... -
19
OWASP ModSecurity CRS
OWASP ModSecurity Core Rule Set (CRS) Project
The OWASP ModSecurity Core Rule Set (CRS) is a curated, generic Web Application Firewall rule set that detects and blocks common attack categories across most web apps. It focuses on broad protection—SQL injection, cross-site scripting, local/remote file inclusion, command injection, and protocol violations—without requiring app-specific knowledge. Rules are organized into paranoia levels so operators can tune detection aggressiveness and balance false positives against coverage. An anomaly-scoring model accumulates rule hits per request, enabling nuanced blocking thresholds and easier incident triage. ... -
20
NodeGoat
The OWASP NodeGoat project
A deliberately vulnerable Node.js application designed for security training, helping developers understand common web vulnerabilities and how to mitigate them. -
21
SSM
Build SSM from distributed micro service
SSM is an open-source Java project template that demonstrates how to build web applications using the classic SSM architecture: Spring, Spring MVC, and MyBatis. It offers a structured starting point that combines Spring’s dependency injection and application configuration, Spring MVC’s request handling and view resolution, and MyBatis’s SQL mapping layer for database access, which together form a popular stack for enterprise Java applications. This repository includes sample controllers, service layers, and data access objects configured to work out of the box, helping developers see how each layer interacts and how to organize code for maintainability. ... -
22
sqliv
Massive SQL injection vulnerability scanner for automated web testing
SQLiv is a command-line security tool designed to identify SQL injection vulnerabilities in web applications through automated scanning techniques. Written primarily in Python, the project focuses on discovering potentially vulnerable web pages by analyzing URLs that contain database query parameters. It can perform large-scale scanning by using search engine queries known as SQL injection dorks to collect candidate websites and then test them for vulnerabilities. ... -
23
payloadmask
Payload list editor to use techniques to bypass WAF
...A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. -
24
MVProc
MVC web platform for Apache and MySQL Stored Procedures
MVProc is a Model-View-Controller module for Apache2 that facilitates using MySQL stored procedures as the controller element. NOTE: Version 2.1 is STABLE and currently in production use. NOTE: Versions 1.4+ are for Apache2.4 - in order to run on Apache2.2, replace request_rec->useragent_ip references with request_rec->connection->remote_ip (there are 3 in the source code) -
25
SQLMate
Rapidly generate a DAO for SQLite
Complete source code, usage example, & a code-generated test case are included in the .jar file. ( See main.java for the usage / code generation example )
