LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)

LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.

SQLi and other injection attacks remain the top OWASP and CERT vulnerability. Current detection attempts frequently involve a myriad of regular expressions which are not only brittle and error-prone but also proven by Hanson and Patterson at Black Hat 2005 to never be a complete solution. LibInjection is a new open-source C library that detects SQLi using lexical analysis. With little upfront knowledge of what SQLi is, the algorithm has been trained on tens of thousands of real SQLi attacks and hundreds of millions of user inputs taken from a Top 50 website for high precision and accuracy.

In addition, the algorithm categorizes SQLi attacks and provides templates for new attacks or new fuzzing algorithms.

LibInjection currently supports:

• C and C++
• PHP
• Python
• Lua
• Java (external port)
• [LuaJIT/FFI]

LibInjection is available for integration into applications, web application firewalls, or porting to other programming languages.

You can download LibInjection here:

Or read more here.

Latest Posts

• 
  Free USA Ethical Hacking Course for BeginnerJuly 4, 2022
  Free USA Ethical Hacking Complete Tutorials for Beginner: Learn Online Hacking Course 2021 USA Ethical Hacking Full Course in america Training Summary An USA Ethical Hacker exposes vulnerabilities in software to help business owners fix those security holes before a malicious hacker discovers them. In this free ethical hacking course, you learn all about Ethical hacking with loads of live USA ethical hacking examples to make the subject matter clear. It is recommended you refer these Hacking Tutorials sequentially, one after the other. What should I know? Nothing! This USA Ethical […]
• 
  Facebook Ethical Hacking Complete Tutorials Free for Beginner: Learn Online Hacking Course 2022May 5, 2022
  Training Summary Ethical hacking , Facebook Ethical Hacking Complete Tutorials Free for Beginner: Learn Online Hacking Course 2022 Learn How to hack and Secure Facebook Account from hackers by Learning Their Techniques . This course for Facebook hacking for beginners is based upon the research that helps creating awareness about any vulnerability present in the Facebook platform and its accounts. At Craw Security, our Facebook hacking course, helps to protect your social media channel being vulnerable. This block contains unexpected or invalid content.Attempt Block Recovery What should I know? […]
• SSTI (Server Side Template Injection)|Detect|Idenfify|ExploitDecember 9, 2021
  [ad_1] Hi Hackies, Welcome To TechNoCP.org Today I am Telling You About SSTI Vulnerability In Web Application So Don’t Waste Time Let’s Start. What is server-side template injection?Contents1 What is server-side template injection?2 Constructing a server-side template injection attack2.1 Detect2.2 Identify2.3 Exploit A server-side template injection occurs when an attacker is able to use native template syntax to inject a malicious payload into a template, which is then executed server-side. Template engines are designed to generate web pages by combining fixed templates with volatile data. Server-side template injection attacks […]
• Explore Hackthebox WalkthroughDecember 7, 2021
  [ad_1] “Explore” is a Capture the Flag challenge that we’ll be solving today. (HTB) Hack the Box is where you can get your hands on one, this box is based on ADB (Android Debug Bridge). So, let’s get started and learn how to break it down successfully. So, let’s get started and learn how to split it down effectively. Pentesting MethodologyContents1 Pentesting Methodology2 Port Scanning & Enumeration3 Exploitation4 Privilege Escalation Port Scanning & Enumeration Exploitation Privilege Escalation Port Scanning & Enumeration Nmap Starting the full port scan nmap -p- […]
• PowerShell for Pentester: Windows Reverse ShellDecember 3, 2021
  [ad_1] Today, we’ll explore how to acquire a reverse shell using Powershell scripts on the Windows platform. Table of ContentContents1 Table of Content2 Requirements:3 Powercat 4 Invoke-PowerShellTcp (Nishang)5 ConptyShell 6 mini-reverse.ps17 PowerShell Reverse TCP   8 Web_Delivery Powercat Invoke-PowerShellTcp (Nishang) ConPtyShell Mini-reverse PowerShell Reverse TCP Web_delivery (Metasploit) Requirements: Kali Linux Windows Machine Powercat Powercat is a basic network utility for performing low-privilege network communication operations. Powercat is a program that offers Netcat’s abilities to all current versions of Microsoft Windows. It tends to make use of native PowerShell version 2 components. We […]
• How Hackers Access Using IDOR | How To Find | Examples » TechNoCPNovember 30, 2021
  [ad_1] Hi Hackies, Identifying and resolving vulnerabilities in your web-based application security is vital to the smooth running of your website. In this series on security, we discuss Insecure Direct Object Reference (IDOR) to shed light on website application vulnerabilities that enable unauthorized access. Understanding IDOR VulnerabilityContents1 Understanding IDOR Vulnerability2 Effective & fast IDOR vulnerability test3 Capture all requests!4 How to find injection points?5 Unsuspected places to look for IDORs5.1 Don’t ignore encoded and hashed IDs6 Preventing IDOR Vulnerability6.1 Use an Indirect Reference Map6.2 Validate User Access There can […]
• TODAYZOO PHISHING KIT USED TO SWIPE MICROSOFT CREDENTIALS » TechNoCPNovember 25, 2021
  [ad_1] Microsoft has detailed an unusual phishing campaign aimed at stealing passwords that uses a phishing kit built using pieces of code copied from other hackers’ work. A “phishing kit” is the various software or services designed to facilitate phishing attacks. In this case, the kit has been called ZooToday by Microsoft after some text used by the kit. Microsoft also described it as a ‘Franken-Phish’ because it is made up of different elements, some available for sale through publicly accessible scam sellers or reused and repackaged by other […]
• Information Gathering – First Step Of Hacking » TechNoCPNovember 25, 2021
  [ad_1] Hi Hackies, “Information is power,” as the saying goes. And in most scenarios it’s true: having critical information, at the right time, and especially knowing how to use it, can be a great source of power. Good information gathering can make the difference between a successful pentest and one that has failed to provide maximum benefit to the client. What’s information gathering?Contents1 What’s information gathering?2 What are the objectives of information gathering in cybersecurity?3 Information gathering techniques and methods4 Information gathering tools When it comes to getting a […]
• Sensitive data of 400,000 German students exposed by API flaw » TechNoCPNovember 25, 2021
  [ad_1] Approximately 400,000 users of Scoolio, a student community app widely used in Germany, had sensitive information exposed due to an API flaw in the platform. Lilith Wittmann, a security researcher from the IT security collective “Zerforchung” discovered the bug and immediately disclosed their findings to the Scoolio team. Scoolio is a German student community app that aims to build better time management skills, tutoring, homework planning, and group chats to network with peers. The app also allows companies to network with students to share job openings or internship […]
• Wireless Hacking Basic Knowledge » TechNoCPNovember 25, 2021
  [ad_1] Hi Hackies, Wireless networks broadcast their packets using radio frequency or optical wavelengths. A modern laptop computer can listen in. Worse, an attacker can manufacture new packets on the fly and persuade wireless stations to accept his packets as legitimate. The step by step procerdure in wireless hacking can be explained with help of different topics as follows: Wireless Network Sniffing :-Contents1 Wireless Network Sniffing :-2 Stations and Access Points :-3 Passive Scanning :-4 Channels :-5 Wired Equivalent Privacy (WEP) :-6 Detection of SSID :-7 Collecting the Frames […]