{"id":13539476,"url":"https://github.com/zt2/sqli-hunter","last_synced_at":"2026-01-17T14:19:18.945Z","repository":{"id":28501316,"uuid":"32017735","full_name":"zt2/sqli-hunter","owner":"zt2","description":"SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.","archived":false,"fork":false,"pushed_at":"2024-04-27T12:33:43.000Z","size":67,"stargazers_count":431,"open_issues_count":8,"forks_count":127,"subscribers_count":19,"default_branch":"master","last_synced_at":"2025-10-10T00:26:46.934Z","etag":null,"topics":["detection","exploitation","pentesting","ruby","sql-injection","sqlmap","vulnerability-scanner"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zt2.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-03-11T12:59:57.000Z","updated_at":"2025-09-15T11:32:15.000Z","dependencies_parsed_at":"2024-04-27T14:03:57.646Z","dependency_job_id":"14e709c7-e962-446d-9c44-b60ed968775c","html_url":"https://github.com/zt2/sqli-hunter","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/zt2/sqli-hunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zt2%2Fsqli-hunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zt2%2Fsqli-hunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zt2%2Fsqli-hunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zt2%2Fsqli-hunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zt2","download_url":"https://codeload.github.com/zt2/sqli-hunter/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zt2%2Fsqli-hunter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28509941,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T13:38:16.342Z","status":"ssl_error","status_checked_at":"2026-01-17T13:37:44.060Z","response_time":85,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["detection","exploitation","pentesting","ruby","sql-injection","sqlmap","vulnerability-scanner"],"created_at":"2024-08-01T09:01:26.430Z","updated_at":"2026-01-17T14:19:18.909Z","avatar_url":"https://github.com/zt2.png","language":"Ruby","funding_links":[],"categories":["\u003ca id=\"1a9934198e37d6d06b881705b863afc8\"\u003e\u003c/a\u003e通信\u0026\u0026代理\u0026\u0026反向代理\u0026\u0026隧道","Exploitation","\u003ca id=\"d03d494700077f6a65092985c06bf8e8\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"56acb7c49c828d4715dce57410d490d1\"\u003e\u003c/a\u003e未分类-Proxy","SQL Injection","\u003ca id=\"b6f25145e99ea944cbb528a24afaa0be\"\u003e\u003c/a\u003eHTTP\u0026\u0026HTTPS"],"readme":"# SQLi-Hunter\n\nSQLi-Hunter is a simple HTTP/HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.\n\n\n\n## 0x0 Installation\n\n### Using Docker\n\n- Build the Docker image:\n\n```\ndocker build -t sqli-hunter https://github.com/zt2/sqli-hunter.git\n```\n\n- Run the Docker image:\n\n```\ndocker run -ti -p 8080:8080 -p 8081:8081 -v /tmp:/tmp --rm sqli-hunter --host=0.0.0.0\n```\n\nThe volume argument allows SQLi-Hunter to persist output files to be accessed on the host system. The port mapping argument will enable SQLi-Hunter to start a proxy server and a reverse SSL proxy server to be accessed on the host system.\n\n- Install CA (`cert/sqli-hunter.pem`) on the device you want to test\n- Setup proxy (port `8080`) in the browser and you are ready to go.\n\n\n\n### From source\n\n- Build from the latest release of the source code:\n\n```\ngit clone https://github.com/sqlmapproject/sqlmap.git\ngit clone https://github.com/zt2/sqli-hunter.git\ncd sqli-hunter\ngem install bundler\nbundler install\n```\n\n- Start SQLMAP API server manually.\n\n```\npython sqlmapapi.py -s\n```\n\n- Run SQLi-Hunter\n\n```\nruby bin/sqli-hunter.rb\n```\n\n- Configure proxy server settings in your browser\n\n\n\n## 0x1 Usage\n\n```\n\n  _____ _____ __    _     _____         _\n  |   __|     |  |  |_|___|  |  |_ _ ___| |_ ___ ___\n  |__   |  |  |  |__| |___|     | | |   |  _| -_|  _|\n  |_____|__  _|_____|_|   |__|__|___|_|_|_| |___|_|\n  |__|\n\n      SQLMAP API wrapper by ztz (github.com/zt2)\n\n  Usage: bin/sqli-hunter.rb [options]\n\nCommon options:\n    -h, --host=[HOST]                Bind host for proxy server (default is localhost)\n    -p, --port=\u003cPORT\u003e                Bind port for proxy server (default is 8080)\n        --sqlmap-host=[HOST]         Host for sqlmap api (default is localhost)\n        --sqlmap-port=[PORT]         Port for sqlmap api (default is 8775)\n        --targeted-hosts=[HOSTS]     Targeted hosts split by comma (default is all)\n        --version                    Display version\n\nSQLMAP options\n        --technique=[TECH]           SQL injection techniques to use (default \"BEUSTQ\")\n        --threads=[THREADS]          Max number of concurrent HTTP(s) requests (default 5)\n        --dbms=[DBMS]                Force back-end DBMS to this value\n        --os=[OS]                    Force back-end DBMS operating system to this value\n        --tamper=[TAMPER]            Use given script(s) for tampering injection data\n        --level=[LEVEL]              Level of tests to perform (1-5, default 1)\n        --risk=[RISK]                Risk of tests to perform (0-3, default 1)\n        --mobile                     Imitate smartphone through HTTP User-Agent header\n        --smart                      Conduct through tests only if positive heuristic(s)\n        --random-agent               Use randomly selected HTTP User-Agent header value\n```\n\n\n\nOutput:\n\n```\n➜  sqli-hunter git:(master) ruby bin/sqli-hunter.rb --targeted-hosts=demo.aisec.cn --threads=15 --random-agent --smart\n  [01:50:17] [INFO] [bdf9f3495bb70fbc] task created\n  [01:50:17] [INFO] [bdf9f3495bb70fbc] task started\n  [01:50:20] [INFO] [bdf9f3495bb70fbc] task finished\n  [01:50:20][SUCCESS] [bdf9f3495bb70fbc] task vulnerable, use 'sqlmap -r /var/folders/kb/rwf8j7051x71q4flc_s39wzm0000gn/T/d20191021-40013-17a62ve/5f8a3ad452a15777219b8a5c8c7ec3b6' to exploit\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzt2%2Fsqli-hunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzt2%2Fsqli-hunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzt2%2Fsqli-hunter/lists"}