{"id":24281286,"url":"https://github.com/javeleyqaq/sql-injection-scout","last_synced_at":"2026-02-06T11:48:31.624Z","repository":{"id":270813036,"uuid":"911533726","full_name":"JaveleyQAQ/SQL-Injection-Scout","owner":"JaveleyQAQ","description":"SQL Injection Scout 是一个用于 Burp Suite 的扩展，专为帮助安全研究人员和开发人员检测和分析 SQL 注入漏洞而设计。该扩展提供了丰富的配置选项和直观的用户界面，便于用户自定义扫描和分析过程。","archived":false,"fork":false,"pushed_at":"2026-01-16T03:07:25.000Z","size":2491,"stargazers_count":241,"open_issues_count":3,"forks_count":11,"subscribers_count":2,"default_branch":"master","last_synced_at":"2026-01-16T11:23:53.179Z","etag":null,"topics":["burp","burp-extensions","burp-plugin","burpsuite","sqlinject","sqlinjection","sqlinjectionattack"],"latest_commit_sha":null,"homepage":"","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JaveleyQAQ.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-01-03T08:42:22.000Z","updated_at":"2026-01-16T03:07:29.000Z","dependencies_parsed_at":"2025-01-03T09:27:40.740Z","dependency_job_id":"ada49047-c48a-4b0c-9c73-ac2ae61f7528","html_url":"https://github.com/JaveleyQAQ/SQL-Injection-Scout","commit_stats":null,"previous_names":["javeleyqaq/sql-injection-scout"],"tags_count":11,"template":false,"template_full_name":null,"purl":"pkg:github/JaveleyQAQ/SQL-Injection-Scout","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaveleyQAQ%2FSQL-Injection-Scout","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaveleyQAQ%2FSQL-Injection-Scout/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaveleyQAQ%2FSQL-Injection-Scout/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaveleyQAQ%2FSQL-Injection-Scout/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JaveleyQAQ","download_url":"https://codeload.github.com/JaveleyQAQ/SQL-Injection-Scout/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaveleyQAQ%2FSQL-Injection-Scout/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28838489,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-28T02:10:51.810Z","status":"ssl_error","status_checked_at":"2026-01-28T02:10:50.806Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["burp","burp-extensions","burp-plugin","burpsuite","sqlinject","sqlinjection","sqlinjectionattack"],"created_at":"2025-01-16T02:58:31.358Z","updated_at":"2026-02-06T11:48:31.611Z","avatar_url":"https://github.com/JaveleyQAQ.png","language":"Kotlin","funding_links":[],"categories":[],"sub_categories":[],"readme":"# SQL Injection Scout\n\nSQL Injection Scout 是一个用于 Burp Suite 的扩展，专为帮助安全研究人员和开发人员检测和分析 SQL 注入漏洞而设计。该扩展提供了丰富的配置选项和直观的用户界面，便于用户自定义扫描和分析过程。\n\n---\n\n## 💯 功能特性\n\n- **被动/主动检测SQL**：支持对除`OPTIONS`外的所有请求的参数进行 `FUZZ` 测试，支持 `XML`、`JSON`、`FORM`等表单数据格式。\n- **最小化探测**：通过最小化的 `payload` 探测，减少对目标的影响。\n- **`Flag`响应差异分析**：对响应进行 `diff` 分析，自动标记无趣（灰色）和有趣（绿色）的响应。\n    - **✅：标记为值得进一步分析的响应。**\n    - **🔥：标记为存在Sql注入**\n    - **`Error`：标记为检测到`SQL Error`信息存在`Response`中**\n    - **`Max Params`：标记为请求参数大于配置数**\n    - **`Skip URL`：匹配配置中绕过的URL规则**\n      - ....\n      - **判断原理**：假设页面参数为反射类型，通过比较 `payload` 和 `diff` 的长度，相同则认为无趣。\n      - **重复内容过滤**：对绿色标记的分组进行进一步分析，出现`6`次以上重复的 `diff` 被标记为无趣。\n      - **结果排序**：根据颜色对最终结果进行排序展示。\n- **自动匹配并标记差异**：在扫描页面的响应中自动匹配 `diff` 结果，默认取第一处的差异。\n- **正则匹配**：正则匹配无需扫描的`URL`\n- **内置范围**：支持内置的 `scope` 范围设置。\n- **延时扫描**：支持固定抖动+随机抖动发包检测，更精准规避 `WAF`。\n- **自定义扫描参数数量**：防止参数过多导致的性能问题或误报，默认`50`\n- **🔥 Fuzz隐藏参数SQL注入**: 支持用户在原始请求中追加隐藏参数列表，进行`FUZZ`测试\n    - （搭配[CaA](https://github.com/gh0stkey/CaA)使用本插件的`Hidden Params`功能）\n- **支持多层嵌套`JSON`**：支持自定义参数名称扫描嵌套 JSON 格式内容（示例：`{\"a\":\"{\\\"b\\\":\\\"1\\\"}\"}`）\n- 在`Site map`/`HTTP history`/`Logger`面板添加右键菜单，支持检测站点**单个**与**所有**请求\n## ✅️ 安装\n\n1. 确保已安装 [Burp Suite](https://portswigger.net/burp)。\n2. 下载或克隆此项目到本地:\n   ```bash\n   git clone  https://github.com/JaveleyQAQ/SQL-Injection-Scout.git\n   ```\n3. 使用 Gradle 构建项目：\n   ```bash\n   cd SQL-Injection-Scout\n   ./gradlew shadowJar\n   ```\n4. 在 `Burp Suite` 中加载生成的 `JAR` 文件：\n    - 打开 `Burp Suite`，导航到 `Extender` -\u003e `Extensions`。\n    - 点击 `Add` 按钮，选择生成的 `JAR` 文件（位于 `build/libs` 目录下）。\n\n## 🥰  使用指南\n\n1. 启动 Burp Suite 并确保 SQL Injection Scout 扩展已加载。\n2. 在 `Extender` 选项卡中，找到 SQL Injection Scout 并打开其配置面板。\n3. 根据需要调整参数和模式设置。\n   ![img_1.png](src/main/resources/img_2.png)\n4. 使用 Burp Suite 的代理、扫描器等功能进行测试，SQL Injection Scout 将自动应用配置并提供结果。\n   ![img_2.png](src/main/resources/img_1.png)\n## 🔖 待办事项\n\u003e 先画饼\n\n- ~~**数据持久化：**~~ \n- ~~**启发式检测**：支持自定义 response 的无趣匹配特征，无需再担心频繁误报。~~ ✅ \n- ~~**不安全的直接对象引用**：检测和报告不安全的直接对象引用。~~ ✅\n- **diff 差异面板**：提供更详细的差异分析面板。\n- **多处 diff 内容查看**：支持查看响应中多处差异。\n- **颜色自定义**：允许用户自定义响应的颜色标记。\n- **二次确认注入**：提供二次确认存在注入的条目。\n- **性能优化**：进一步优化扫描性能，减少资源消耗。\n\n---\n## Q\u0026A\n#### 为什么插件没有流量？\n1. 确保插件设置中的`Only Scope`（白名单）不为☑️状态。\n2. 若要开启`Only Scope`模式，请在`Target`页面`URL view`中右键对应域名，点击`Add to scope`\n#### 为什么会部分请求参数缺失？\n1. 为了降噪/减少请求，插件将不会扫描同接口的重复参数，有些系统会复用同一个 API 接口，不同功能点只是传不同字参数。在这种场景下，扫描策略是：\n- 1. 同一路径下已经fuzz过的参数，不再重复fuzz，已扫描参数以`url path|| parameters a || JSON`存储 。\n- 2. 如果下一次请求多了新参数（比如从 abc 变成 abcd），则只对新增的 d 参数生成 fuzz 请求\n\n####  [🔥 Update History Click ME](CHANGELOG.md)\n\n## 联系\n如有任何问题或建议，请通过 [JaveleyQAQ@outlook.com](mailto:your.email@example.com) 联系我。\n\n## Start Hitory\n[![Star History Chart](https://api.star-history.com/svg?repos=JaveleyQAQ/SQL-Injection-Scout,SQL-Injection-Scout/SQL-Injection-Scout\u0026type=timeline\u0026legend=bottom-right)](https://www.star-history.com/#JaveleyQAQ/SQL-Injection-Scout\u0026SQL-Injection-Scout/SQL-Injection-Scout\u0026type=timeline\u0026legend=bottom-right)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaveleyqaq%2Fsql-injection-scout","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjaveleyqaq%2Fsql-injection-scout","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjaveleyqaq%2Fsql-injection-scout/lists"}