Skip to content

bidhata/SleepyWalker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

8 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

πŸ›‘οΈ SleepyWalker

The SQL Injection Scanner That Never Sleeps

Discover. Confirm. Exploit. Report. Learn.

Go Version License Platform sqlmap


Typing SVG
 You give it a URL. It gives you the database.
 And it gets smarter every time it runs.

Getting Started β€’ How It Works β€’ Features β€’ Config β€’ Learning DB β€’ Hooks



πŸ’€ What Is This?

SleepyWalker is a fully autonomous SQL injection pipeline that chains crawling, heuristic analysis, AI-powered confirmation, and sqlmap exploitation into a single command β€” and gets smarter with every scan through a persistent learning database.

sleepywalker -url https://target.internal -operator "you" -engagement-id "PT-2024-042"

That's it. It crawls. It probes. It confirms. It dumps. It reports. It learns.


⚑ Quick Start

# Clone & build
git clone https://github.com/bidhata/SleepyWalker.git
cd SleepyWalker
go build -o sleepywalker ./cmd/

# Run your first scan (dry-run = no exploitation)
./sleepywalker -url https://target.example.com -dry-run

Requirements: Go 1.23+ β€’ sqlmap in PATH β€’ (Optional) OpenRouter API key for AI mode


🧠 How It Works

                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚           YOU RUN ONE COMMAND            β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚    Learning DB loaded from prior scans   β”‚
                    β”‚  β†’ enriches payloads & error signatures  β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚         PRE-SCAN: WAF Detection          β”‚
                    β”‚    Fingerprints Cloudflare, AWS WAF,     β”‚
                    β”‚    ModSecurity, Imperva, Akamai...       β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚                    PHASE 1: Discovery                        β”‚
          β”‚                                                              β”‚
          β”‚  πŸ•·οΈ Recursive HTML Crawl    🌐 JS-Rendered (chromedp)        β”‚
          β”‚  πŸ“‹ OpenAPI/Swagger Import   πŸ“‘ Header/JSON/Body injection   β”‚
          β”‚  πŸ”— Path segment injection   πŸ“Ž Multipart forms              β”‚
          β”‚                                                              β”‚
          β”‚  β†’ Built-in + learned payloads per injection context        β”‚
          β”‚  β†’ Built-in + learned DB error signatures                   β”‚
          β”‚  β†’ Phase 1a: error-based  1b: boolean-blind  1c: time-based β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚                 PHASE 2: Confirmation                        β”‚
          β”‚                                                              β”‚
          β”‚  πŸ€– AI Mode (OpenRouter/gpt-4o-mini)                         β”‚
          β”‚     β†’ Structured JSON verdict with confidence score          β”‚
          β”‚     β†’ Retry with exponential backoff                         β”‚
          β”‚                                                              β”‚
          β”‚  πŸ”¬ Offline Deep Validation (11 techniques)                  β”‚
          β”‚     β†’ Boolean-blind (Jaccard similarity)                     β”‚
          β”‚     β†’ Time-blind (multi-round statistical median)            β”‚
          β”‚     β†’ Error-based, UNION-based, DB-specific probes           β”‚
          β”‚     β†’ Content-length delta, status correlation               β”‚
          β”‚     β†’ Second-order, Out-of-band DNS resolution              β”‚
          β”‚                                                              β”‚
          β”‚  Composite weighted confidence score β†’ 0.0 – 1.0            β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                         β”‚
                               β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                               β”‚   OPERATOR CONFIRMS   β”‚
                               β”‚     [y/N] prompt      β”‚
                               β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                           β”‚
          β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
          β”‚                  PHASE 3: Exploitation                       β”‚
          β”‚                                                              β”‚
          β”‚  πŸ—‘οΈ sqlmap --batch --dump                                     β”‚
          β”‚     β†’ Auto-selects tamper scripts per WAF                   β”‚
          β”‚     β†’ Forwards cookies, headers, proxy                      β”‚
          β”‚     β†’ Configurable --risk and --level                       β”‚
          β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                          β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚              πŸ“Š REPORTING                  β”‚
                    β”‚                                            β”‚
                    β”‚   HTML   β€’   JSON   β€’   SARIF 2.1.0       β”‚
                    β”‚   CWE-89  β€’  CVSS 9.8  β€’  Remediation     β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”¬β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜
                                          β”‚
                    β”Œβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β–Όβ”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”
                    β”‚         🧠 LEARNING DB UPDATED             β”‚
                    β”‚  Confirmed payloads scored  β€’  FPs noted  β”‚
                    β”‚  Host profiles  β€’  WAF fingerprints       β”‚
                    β”‚  Next scan is faster and more accurate    β”‚
                    β””β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”€β”˜

πŸ”₯ Features

What Makes It Different

Feature SleepyWalker Basic Scanners
AI-powered false positive elimination βœ… ❌
11-technique deep validation (no AI needed) βœ… ❌
200+ advanced payloads (WAF bypass, polyglot, DB-specific) βœ… ❌
12 database engine detection (MySQL β†’ MongoDB) βœ… ❌
Self-learning pattern database βœ… ❌
WAF-aware payload filtering + tamper auto-selection βœ… ❌
Full audit trail (JSONL) for compliance βœ… ❌
Scope control (regex + CIDR) βœ… ❌
JS-rendered page crawling βœ… ❌
OpenAPI/Swagger endpoint import βœ… ❌
Multipart form + path segment injection βœ… ❌
SARIF output for CI/CD integration βœ… ❌
Plugin/hook system (5 lifecycle phases) βœ… ❌
Interactive exploitation consent βœ… ❌
Adaptive rate limiting with backoff βœ… ❌
TOML config file support βœ… ❌
MCP server for AI agent integration βœ… ❌
Single binary, zero runtime deps βœ… ❌

πŸ” Injection Coverage

Location Methods Detection
Query parameters GET, DELETE Error, Boolean, Time, UNION, Conditional
Form body POST, PUT, PATCH Error, Boolean, Time, UNION, Conditional
JSON body POST, PUT, PATCH Error, Boolean, Time, UNION, Conditional
HTTP headers User-Agent, Referer, X-Forwarded-For, Cookie Error, Boolean, Time
Multipart fields POST Error, Boolean
URL path segments GET (integers, UUIDs, hex IDs) Error, Boolean

Supported Database Engines

Engine Error Signatures Time Payloads Specific Probes
MySQL / MariaDB 11 SLEEP, BENCHMARK EXTRACTVALUE, UPDATEXML, EXP, JSON_KEYS
PostgreSQL 9 pg_sleep, generate_series CAST, dblink_connect
Microsoft SQL Server 10 WAITFOR DELAY CONVERT, HAVING, xp_dirtree
Oracle 11 DBMS_PIPE, DBMS_LOCK UTL_INADDR, CTXSYS, UTL_HTTP, XMLType
SQLite 8 RANDOMBLOB (CPU) sqlite_master, typeof
IBM DB2 6 β€” sysibm.sysdummy1
SAP HANA 4 β€” SYS.M_DATABASE, DUMMY
Firebird / InterBase 4 β€” rdb$database
Informix 4 β€” systables
Sybase / SAP ASE 4 β€” sybsystemprocs
MongoDB (NoSQL) 4 β€” $gt, $ne, $where, $regex
CockroachDB 3 β€” version() pattern
H2 Database 3 β€” H2VERSION()

Payload Categories (200+)

Category Count Techniques
Syntax breakers 9 Quote types, escapes, parenthetical
Boolean injection 15 OR/AND in all quote contexts, auth bypass
Time-based blind 10 Per-DB sleep functions, BENCHMARK, CPU DoS
Error extraction 10 EXTRACTVALUE, CAST, EXP, GTID, POLYGON
UNION-based 10 NULL column enumeration, hex markers
WAF bypass (comments) 7 /*!50000*/, /**/, versioned comments
WAF bypass (encoding) 8 Case alternation, URL-encode, double-encode
WAF bypass (whitespace) 4 Null bytes, CRLF, tab, vertical tab
Stacked queries 5 Multi-statement, DECLARE, xp_cmdshell
Conditional error blind 5 CASE WHEN + divide-by-zero
ORDER BY / GROUP BY 5 Column count discovery, subquery injection
Polyglot / chained 8 Multi-context, XOR+sysdate, nested concat
Authentication bypass 7 admin'--, LIMIT/OFFSET, UNION credentials
Bit manipulation 6 AND/XOR/DIV/MOD bitwise operators
DNS/HTTP exfiltration 3 UNC path + VERSION(), UTL_HTTP
Privilege escalation 4 file_priv, sysadmin, super_priv checks
NoSQL / MongoDB 6 $gt, $regex, $where JS, $lookup pipeline
DB-specific probes 20+ DB2, Oracle, MSSQL, PostgreSQL, Firebird, H2, Informix, HANA

πŸ›‘οΈ Safety First

Built for authorized red team operations with guardrails:

  • Scope enforcement β€” regex and CIDR whitelist; blocks out-of-scope targets at startup
  • Dry-run mode β€” full pipeline minus exploitation; perfect for CI/CD gates
  • Exploitation consent β€” interactive [y/N] prompt listing every target before Phase 3
  • Request budget β€” hard cap on total HTTP requests (CAS-atomic) to prevent accidental DoS
  • Adaptive throttling β€” auto-backs off on 429/503, exponential backoff with recovery
  • WAF-aware rate limiting β€” detects blocked tokens, filters futile payloads, respects WAF limits
  • Graceful shutdown β€” Ctrl+C flushes audit logs + saves learning DB, no data loss
  • Full audit trail β€” every action logged as JSONL with operator identity

🧠 Learning Database

SleepyWalker maintains a persistent learning database at ~/.sleepywalker/learningdb.json that gets smarter with every scan.

What It Learns

Category What's Stored Impact
Error signatures New DB error patterns not in the built-in list Detected on future scans automatically
Successful payloads Payloads that confirmed SQLi, scored by success rate Prioritised in future probes
WAF fingerprints WAF header/body patterns seen in the wild Faster WAF detection
Host profiles Per-host: DB engine, WAF, injectable params Skip known-clean endpoints on rescan
False positives Host+param combos that fired but weren't injectable Skipped after 5 false hits

How It Enriches Scanning

First scan:   Built-in 10 payloads β†’ 1 confirmed β†’ DB records the winning payload
Second scan:  11 payloads (built-in + learned) β†’ winning payload tried first
Tenth scan:   Learned payloads with >80% hit rate sorted to front β†’ faster detection

Controlling the DB

# Use a custom DB path (useful for team-shared DBs)
sleepywalker -url https://target.internal -ldb-path /shared/team-learningdb.json

# Default path
~/.sleepywalker/learningdb.json   (Linux/macOS)
%APPDATA%\.sleepywalker\learningdb.json   (Windows)

πŸ“‹ Configuration

CLI Flags

sleepywalker -url https://target.internal \
  -scope ".*\.internal$" \
  -operator "jsmith" \
  -engagement-id "PT-2024-042" \
  -depth 3 \
  -threads 8 \
  -delay 200 \
  -max-requests 5000 \
  -output-format all \
  -log-dir ./logs

TOML Config File

sleepywalker -config engagement.toml
[scope]
regex = ".*\\.internal$"
cidrs = ["10.0.0.0/8"]

[scan]
depth        = 3
threads      = 8
delay_ms     = 200
max_requests = 5000

[auth]
cookie  = "session=abc123"
headers = ["Authorization: Bearer <token>"]

[output]
format = "all"

[audit]
operator      = "jsmith"
engagement_id = "PT-2024-042"
log_dir       = "./logs"

[[hooks]]
name    = "notify-slack"
phase   = "post-report"
command = "python3"
args    = "scripts/notify_slack.py"
timeout = 15

Full example: examples/engagement.toml


All Flags

Flag Default Description
-url (required) Target URL
-config TOML config file path
-scope Regex scope restriction
-scope-cidr CIDR whitelist (repeatable)
-dry-run false Report without exploitation
-max-requests 0 Request budget (0 = unlimited)
-depth 0 Crawl depth (0 = unlimited)
-threads 4 Concurrency
-delay 0 Request delay (ms)
-js-render false Headless browser crawl
-swagger-url OpenAPI spec URL
-insecure false Skip TLS verification
-cookie Cookie header
-header Custom header (repeatable)
-proxy HTTP/SOCKS5 proxy
-ai-provider openrouter AI: openrouter, bedrock, local
-sqlmap-path (auto) sqlmap binary path
-risk 2 sqlmap risk (1-3)
-level 3 sqlmap level (1-5)
-output-format html html, json, sarif, all
-operator Operator ID
-engagement-id Engagement reference
-log-dir Audit log directory
-hooks-dir Hook scripts directory
-ldb-path ~/.sleepywalker/learningdb.json Learning DB path

πŸ”Œ Plugin System

Extend SleepyWalker without touching source code. Hooks execute at 5 lifecycle phases:

pre-scan β†’ post-discovery β†’ post-confirm β†’ post-exploit β†’ post-report

Auto-Registration (by filename)

hooks/
β”œβ”€β”€ pre-scan_validate-engagement.sh
β”œβ”€β”€ post-discovery_count-endpoints.py
β”œβ”€β”€ post-report_notify-slack.py
└── post-report_upload-s3.sh
sleepywalker -url https://target.internal -hooks-dir ./hooks/

Context Passed to Hooks

Every hook receives full scan context as JSON on stdin:

{
  "phase": "post-report",
  "target_url": "https://target.internal",
  "operator": "jsmith",
  "engagement_id": "PT-2024-042",
  "timestamp": "2024-01-15T10:30:00Z",
  "data": {
    "reports": ["./dumps/target_internal/report.html"],
    "output_dir": "./dumps/target_internal"
  }
}

πŸ“Š Output Formats

Format Use Case Integration
HTML Human-readable report with dark UI Email, browser
JSON Machine processing, dashboards SIEM, custom tooling
SARIF 2.1.0 CI/CD security gates GitHub Code Scanning, Azure DevOps, Jira

Output lands in ./dumps/<target-host>/:

dumps/target_internal/
β”œβ”€β”€ report.html
β”œβ”€β”€ report.json
β”œβ”€β”€ report.sarif.json
└── <hash>/
    └── *.sql, *.csv

πŸ€– MCP Server

SleepyWalker ships a Model Context Protocol server so AI agents (Claude, Amazon Q, etc.) can invoke scan capabilities as tools.

go build -o sleepywalker-mcp ./mcp/

Register in your MCP client config:

{
  "mcpServers": {
    "sleepywalker": {
      "command": "/path/to/sleepywalker-mcp"
    }
  }
}

Tools exposed: sleepywalker_scan β€’ sleepywalker_discover β€’ sleepywalker_waf_detect β€’ sleepywalker_validate β€’ sleepywalker_report


πŸ—οΈ Architecture

SleepyWalker/
β”œβ”€β”€ cmd/main.go                      # CLI + pipeline orchestration
β”œβ”€β”€ mcp/main.go                      # MCP server for AI agent integration
β”œβ”€β”€ internal/
β”‚   β”œβ”€β”€ config/
β”‚   β”‚   β”œβ”€β”€ config.go                # Runtime config, scope validation, TLS
β”‚   β”‚   └── configfile.go            # TOML config loader + CLI merge
β”‚   β”œβ”€β”€ hooks/hooks.go               # Plugin/hook lifecycle system
β”‚   β”œβ”€β”€ learningdb/db.go             # Persistent learning database
β”‚   β”œβ”€β”€ scanner/
β”‚   β”‚   β”œβ”€β”€ scanner.go               # Crawl engine (HTML + recursive)
β”‚   β”‚   β”œβ”€β”€ jscrawl.go               # Headless browser (chromedp)
β”‚   β”‚   β”œβ”€β”€ swagger.go               # OpenAPI/Swagger parser
β”‚   β”‚   β”œβ”€β”€ heuristic.go             # Phase 1: payload injection + learning
β”‚   β”‚   β”œβ”€β”€ deepvalidate.go          # Phase 2: 10-technique validation
β”‚   β”‚   └── waf.go                   # WAF fingerprinting
β”‚   β”œβ”€β”€ ai/ai.go                     # Phase 2: AI analysis (multi-provider)
β”‚   β”œβ”€β”€ sqlmap/sqlmap.go             # Phase 3: sqlmap wrapper
β”‚   β”œβ”€β”€ reporter/
β”‚   β”‚   β”œβ”€β”€ reporter.go              # HTML report
β”‚   β”‚   └── jsonreport.go            # JSON + SARIF
β”‚   └── utils/
β”‚       β”œβ”€β”€ audit.go                 # JSONL audit trail
β”‚       β”œβ”€β”€ ratelimit.go             # Adaptive rate limiter
β”‚       β”œβ”€β”€ logger.go                # Logging
β”‚       └── fileutils.go             # Output dirs
β”œβ”€β”€ examples/
β”‚   β”œβ”€β”€ engagement.toml              # Sample config
β”‚   └── post-report_notify-slack.py  # Sample hook
β”œβ”€β”€ .gitignore
β”œβ”€β”€ go.mod
└── README.md

πŸš€ Real-World Usage

# Internal pentest with full audit trail
sleepywalker -url https://app.corp.internal \
  -config pentest.toml \
  -operator "krish" \
  -engagement-id "RT-2024-087" \
  -log-dir ./audit-logs

# CI/CD gate (dry-run + SARIF for GitHub)
sleepywalker -url https://staging.myapp.com \
  -dry-run \
  -output-format sarif \
  -max-requests 1000

# Aggressive internal scan through proxy
sleepywalker -url https://legacy-app.internal \
  -proxy socks5://127.0.0.1:9050 \
  -risk 3 -level 5 \
  -depth 5 -threads 16 \
  -insecure

# JavaScript-heavy SPA with API spec
sleepywalker -url https://spa.internal \
  -js-render \
  -swagger-url https://spa.internal/api/docs/openapi.json \
  -output-format all

# Team-shared learning DB
sleepywalker -url https://target.internal \
  -ldb-path /team-share/sleepywalker-learningdb.json

🀝 Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b feat/amazing-feature)
  3. Commit your changes (git commit -m 'Add amazing feature')
  4. Push to the branch (git push origin feat/amazing-feature)
  5. Open a Pull Request

Areas where help is appreciated:

  • Additional WAF bypass techniques
  • New deep validation heuristics
  • Integration hooks for more platforms
  • Learning DB export/import tooling

⚠️ Legal Disclaimer

This tool is intended EXCLUSIVELY for authorized penetration testing.

Unauthorized use against systems you do not own or have explicit written permission to test is illegal and unethical. Always obtain proper authorization before scanning any target. The author accepts no liability for misuse.

By using this tool, you agree that you have legal authorization to test the target systems.



Built with obsessive attention to detail by Krish Paul

Website Email GitHub


If this tool saved your red team hours of manual testing, consider giving it a ⭐


Go β€’ OpenRouter AI β€’ sqlmap β€’ chromedp β€’ MCP

About

πŸ›‘οΈ Autonomous SQL injection pipeline β€” crawls, probes, confirms with AI, exploits with sqlmap, reports in HTML/JSON/SARIF. Built for authorized red teams. One command, full database. Go Β· OpenRouter AI Β· chromedp Β· MCP

Topics

Resources

Stars

1 star

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors

Languages