offensive-sqli (Claude-Red)
SQL injection testing skill: error/UNION/blind/OOB/second-order/NoSQL/GraphQL with WAF bypass and SQLmap.
๐ก๏ธ AgentReady threat assessment
MAESTRO 7-layer threat model + OWASP AIVSS risk score for offensive-sqli (Claude-Red), derived from its capabilities.
AIVSS 9.4 ยท Critical
View MAESTRO 7-layer threat model โOverview
An offensive-security skill from the Claude-Red library covering the full SQLi surface โ error-based, UNION, boolean/time blind, out-of-band, second-order, NoSQL, GraphQL, WebSocket, and JSON-operator injection โ plus WAF bypass, DB-specific exploitation (MySQL/MSSQL/PostgreSQL/Oracle), and SQLmap automation. Surface: guides injection payload crafting and drives SQLmap against targets.
Key features
- All major SQLi variants incl. NoSQL/GraphQL
- DB-specific exploitation + WAF bypass
- SQLmap automation and ORM CVE tracking
Use cases
- Assess injection vectors in a web app or API
- Enumerate a database and escalate via SQLi