Name: sqli-hunter
Author: zt2

Primary Use Case

This tool is primarily used by security professionals and penetration testers to automate and streamline the process of identifying SQL injection flaws in web applications. By acting as a proxy and integrating with SQLMAP, it enables users to intercept traffic and launch targeted SQL injection tests with minimal setup.

Key Features

Acts as an HTTP/HTTPS proxy server to intercept and analyze web traffic

Integrates seamlessly with SQLMAP API for automated SQL injection testing

Supports running as a Docker container for easy deployment

Allows configuration of targeted hosts and injection techniques

Supports concurrent HTTP requests with adjustable threading

Includes options for tampering scripts, risk and level settings for tests

Can imitate mobile user agents and randomize HTTP headers

Persists output files for later analysis via volume mounting

Insights & Recommendations

Users must install the provided CA certificate on their testing device to intercept HTTPS traffic properly. Running the SQLMAP API server separately is a prerequisite for SQLi-Hunter to function. It is recommended to use Docker for simplified setup and to persist output files via volume mounts. Proper proxy configuration in the browser is essential for capturing traffic. Use responsibly and only on authorized targets.

Installation

Build the Docker image: docker build -t sqli-hunter https://github.com/zt2/sqli-hunter.git
Run the Docker container with port mapping and volume mount: docker run -ti -p 8080:8080 -p 8081:8081 -v /tmp:/tmp --rm sqli-hunter --host=0.0.0.0
Install the CA certificate (cert/sqli-hunter.pem) on the test device
Configure the browser proxy to use port 8080
Clone the sqlmap repository: git clone https://github.com/sqlmapproject/sqlmap.git
Clone the sqli-hunter repository: git clone https://github.com/zt2/sqli-hunter.git
Navigate to sqli-hunter directory: cd sqli-hunter
Install Ruby dependencies: gem install bundler
Install required gems: bundler install
Start the SQLMAP API server manually: python sqlmapapi.py -s

Usage

ruby bin/sqli-hunter.rb --targeted-hosts=demo.aisec.cn --threads=15 --random-agent --smart

Starts SQLi-Hunter targeting specified hosts with 15 concurrent threads, random user agents, and smart heuristic testing.

docker run -ti -p 8080:8080 -p 8081:8081 -v /tmp:/tmp --rm sqli-hunter --host=0.0.0.0

Runs the SQLi-Hunter Docker container exposing proxy ports and persisting output files.

python sqlmapapi.py -s

Starts the SQLMAP API server required for SQLi-Hunter to perform automated SQL injection testing.

ruby bin/sqli-hunter.rb -h 0.0.0.0 -p 8080 --sqlmap-host=localhost --sqlmap-port=8775

Launches SQLi-Hunter proxy server binding to all interfaces on port 8080 and connects to SQLMAP API on default host and port.

Smart Usage Notes

Integrate SQLi-Hunter into CI/CD pipelines for continuous automated SQL injection testing.Combine with web application firewalls (WAF) tuning to reduce false positives and improve detection accuracy.Use tampering scripts creatively to bypass common WAF and IDS protections during penetration tests.Leverage Docker deployment for rapid environment setup and consistent testing across teams.Pair with Metasploit or other exploitation frameworks to automate post-exploitation workflows after SQLi discovery.

OpenSec Atlas

sqli-hunter

About This Tool

Primary Use Case

Key Features

Insights & Recommendations

Installation

Usage

Smart Usage Notes

Security Capability Profile

Tags

You Might Also Like