{"id":19729679,"url":"https://github.com/r3dhulk/sqli-detector-in-ruby","last_synced_at":"2025-10-09T11:16:55.116Z","repository":{"id":97097890,"uuid":"587308206","full_name":"R3DHULK/sqli-detector-in-ruby","owner":"R3DHULK","description":"SQL Detector Tool In Ruby","archived":false,"fork":false,"pushed_at":"2023-01-10T17:28:45.000Z","size":107,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-08T02:46:12.754Z","etag":null,"topics":["blackhat","ethical","ethical-hacking","ethical-hacking-tools","ethicalhacking","hacking","hacking-tool","penetration-testing","pentesting","ruby","ruby-for-ethical-hacker","ruby-for-ethical-hackers","ruby-for-ethical-hacking","ruby-on-rails","security","sql","sqli-scanner","sqli-vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/R3DHULK.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-10T13:02:04.000Z","updated_at":"2025-04-01T23:09:34.000Z","dependencies_parsed_at":"2023-04-13T01:48:47.202Z","dependency_job_id":null,"html_url":"https://github.com/R3DHULK/sqli-detector-in-ruby","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/R3DHULK/sqli-detector-in-ruby","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fsqli-detector-in-ruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fsqli-detector-in-ruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fsqli-detector-in-ruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fsqli-detector-in-ruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/R3DHULK","download_url":"https://codeload.github.com/R3DHULK/sqli-detector-in-ruby/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/R3DHULK%2Fsqli-detector-in-ruby/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001290,"owners_count":26083058,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blackhat","ethical","ethical-hacking","ethical-hacking-tools","ethicalhacking","hacking","hacking-tool","penetration-testing","pentesting","ruby","ruby-for-ethical-hacker","ruby-for-ethical-hackers","ruby-for-ethical-hacking","ruby-on-rails","security","sql","sqli-scanner","sqli-vulnerability-scanner"],"created_at":"2024-11-12T00:13:16.702Z","updated_at":"2025-10-09T11:16:55.090Z","avatar_url":"https://github.com/R3DHULK.png","language":"Ruby","readme":"\u003ch1\u003e\u003cb\u003eSQL Injection Detector In Ruby\u003c/b\u003e\u003c/h1\u003e\n\u003cimg src=\"https://img.shields.io/badge/Ruby-blue\"\u003e \u003cimg src=\"https://img.shields.io/badge/Status-Beta-orange\"\u003e \u003cimg src=\"https://img.shields.io/badge/Licence-MIT-yellowgreen\"\u003e \u003ca href=\"https://taguar258.github.io/Raven-Storm/INSTALLATION\"\u003e\u003cimg src=\"https://img.shields.io/badge/Download-Now-green\"\u003e\u003c/a\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eWhat Is SQL Injection? \u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003eSQL injection is a code injection technique that might destroy your database. \u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eWhat is the impact of a successful SQL injection attack?\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003e There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:\n\n πŸ’€ Retrieving hidden data, where you can modify an SQL query to return additional results.\n πŸ’€ Subverting application logic, where you can change a query to interfere with the application's logic.\n πŸ’€ UNION attacks, where you can retrieve data from different database tables.\n Examining the database, where you can extract information about the version and structure of the database.\n πŸ’€ Blind SQL injection, where the results of a query you control are not returned in the application's responses.\n\u003c/h2\u003e\n\u003ch5\u003e\u003ca href=\"https://portswigger.net/web-security/sql-injection\"\u003esources\u003c/a\u003e\u003c/h5\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eHow and Why Is an SQL Injection Attack Performed?\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003eTo make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database.\n\nSQL is a query language that was designed to manage data stored in relational databases. You can use it to access, modify, and delete data. Many web applications and websites store all the data in SQL databases. In some cases, you can also use SQL commands to run operating system commands. Therefore, a successful SQL Injection attack can have very serious consequences.\n\n πŸ‘½ Attackers can use SQL Injections to find the credentials of other users in the database. They can then impersonate these users. The impersonated user may be a database administrator with all database privileges.\n πŸ‘½ SQL lets you select and output data from the database. An SQL Injection vulnerability could allow the attacker to gain complete access to all data in a database server.\n SQL also lets you alter data in a database and add new data. For example, in a financial application, an attacker could use SQL Injection to alter balances, void transactions, or transfer money to their account.\n πŸ‘½ You can use SQL to delete records from a database, even drop tables. Even if the administrator makes database backups, deletion of data could affect application availability until the database is restored. Also, backups may not cover the most recent data.\n πŸ‘½ In some database servers, you can access the operating system using the database server. This may be intentional or accidental. In such case, an attacker could use an SQL Injection as the initial vector and then attack the internal network behind a firewall.\n\u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eSimple SQL Injection Example\u003c/h1\u003e\u003c/b\u003e\n\n\u003ch2\u003eThe first example is very simple. It shows, how an attacker can use an SQL Injection vulnerability to go around application security and authenticate as the administrator.\n\nThe following script is pseudocode executed on a web server. It is a simple example of authenticating with a username and a password. The example database has a table named users with the following columns: username and password.\u003c/h2\u003e\n\n```\n# Define POST variables\nuname = request.POST['username']\npasswd = request.POST['password']\n\n# SQL query vulnerable to SQLi\nsql = β€œSELECT id FROM users WHERE username=’” + uname + β€œβ€™ AND password=’” + passwd + β€œβ€™β€\n\n# Execute the SQL statement\ndatabase.execute(sql)\n```\n\u003ch2\u003eThese input fields are vulnerable to SQL Injection. An attacker could use SQL commands in the input in a way that would alter the SQL statement executed by the database server. For example, they could use a trick involving a single quote and set the passwd field to:\u003c/h2\u003e\n\n```\npassword' OR 1=1\n```\n\u003ch2\u003eBecause of the OR 1=1 statement, the WHERE clause returns the first id from the users table no matter what the username and password are. The first user id in a database is very often the administrator. In this way, the attacker not only bypasses authentication but also gains administrator privileges. They can also comment out the rest of the SQL statement to control the execution of the SQL query further:\u003c/h2\u003e\n\n```\n-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite\n' OR '1'='1' --\n' OR '1'='1' /*\n-- MySQL\n' OR '1'='1' #\n-- Access (using null characters)\n' OR '1'='1' %00\n' OR '1'='1' %16\n```\n\u003ch5\u003e\u003ca href=\"https://www.acunetix.com/websitesecurity/sql-injection/\"\u003esources\u003c/a\u003e\u003c/h5\u003e\n\n#\n\u003ch2\u003e\u003cb\u003eπŸ”΄ Disclaimer :\u003c/b\u003e\u003ci\u003e This Project Is Not For Promoting Unethical Activities.\nIf Anyone Do Something Mistakenly, Developer Is Not Responsible For That.\u003c/i\u003e\u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eIntroducing My Tool πŸ’‘\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003esqli-scanner.rb is a basic sql injection finder for you. It can go through all vulnerable urls.\u003c/h2\u003e\n\n#\n\u003ch1\u003e\u003cb\u003eGive Your Close Look Here πŸ‘‡\u003c/b\u003e\u003c/h1\u003e\n\n![Alt text](sql-ruby.png)\n\n#\n\u003ch1\u003e\u003cb\u003eπŸ‘Ύ Git Installation \u003c/b\u003e\u003c/h1\u003e\n\n```\n# Required Ruby\n\n# Clone My Repository\ngit clone https://github.com/R3DHULK/sqli-detector-in-ruby\n\n# Change Directory\ncd sqli-detector-in-ruby\n\n# Execute\nruby sql-injection-detector.rb \n```\n\n#\n\u003ch1\u003e\u003cb\u003eHow To Prevent This?\u003c/b\u003e\u003c/h1\u003e\n\u003ch2\u003eThe only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements. The application code should never use the input directly. The developer must sanitize all input, not only web form inputs such as login forms. They must remove potential malicious code elements such as single quotes. It is also a good idea to turn off the visibility of database errors on your production sites. Database errors can be used with SQL Injection to gain information about your database.\n\nIf you discover an SQL Injection vulnerability, for example using an Acunetix scan, you may be unable to fix it immediately. For example, the vulnerability may be in open source code. In such cases, you can use a web application firewall to sanitize your input temporarily.\u003c/h2\u003e\n\u003ch5\u003e\u003ca href=\"https://www.acunetix.com/websitesecurity/sql-injection/\"\u003esources\u003c/a\u003e\u003c/h5\u003e\n\u003ch2\u003eπŸ”΄ \u003cb\u003eNote:\u003c/b\u003e Now There Are Many Optional Ways To Code Backend Servers (Like Javascript Frameworks). \n\n#\n\u003ch2\u003e\u003cb\u003e\u003ci\u003e Show Support πŸ‘‡πŸ‘‡πŸ‘‡\u003c/b\u003e\u003c/i\u003e \u003c/h2\u003e\n\u003ca href=\"https://www.buymeacoffee.com/r3dhulk\"\u003e \u003cimg align=\"center\" src=\"https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png\" height=\"50\" width=\"210\" alt=\"https://www.buymeacoffee.com/r3dhulk\" /\u003e\u003c/a\u003e\u003cbr\u003e\u003cbr\u003e\n\n","funding_links":["https://www.buymeacoffee.com/r3dhulk"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr3dhulk%2Fsqli-detector-in-ruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fr3dhulk%2Fsqli-detector-in-ruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fr3dhulk%2Fsqli-detector-in-ruby/lists"}