0eunion.py
Replaces instances of UNION with e0UNION to bypass certain filters
apostrophemask.py
Replaces apostrophe character with its UTF-8 full width counterpart
apostrophenullencode.py
Replaces apostrophe character with its illegal double unicode counterpart
appendnullbyte.py
Appends encoded NULL byte character at the end of payload
base64encode.py
Base64 encodes all characters in a given payload
between.py
Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals with 'BETWEEN # AND #'
binary.py
Converts string values to their binary representation for payload obfuscation
bluecoat.py
Replaces space character after SQL statement with a valid random blank character and = with LIKE operator
chardoubleencode.py
Double URL-encodes all characters in a given payload (not processing already encoded)
charencode.py
URL-encodes all characters in a given payload (not processing already encoded)
charunicodeencode.py
Unicode-URL-encodes non-encoded characters in a given payload
charunicodeescape.py
Unicode-escapes non-encoded characters in a given payload using \\uXXXX format
commalesslimit.py
Replaces instances like 'LIMIT M, N' with 'LIMIT N OFFSET M' counterpart
commalessmid.py
Replaces instances like 'MID(A, B, C)' with 'MID(A FROM B FOR C)' counterpart
commentbeforeparentheses.py
Adds comments before opening parentheses to bypass certain filters
concat2concatws.py
Replaces instances like 'CONCAT(A, B)' with 'CONCAT_WS(MID(CHAR(0), 0, 0), A, B)' counterpart
decentities.py
HTML decimal-encodes all non-alphanumeric characters
dunion.py
Replaces instances of UNION with DISTINCTROW UNION to bypass certain filters
equaltolike.py
Replaces all occurrences of operator equal ('=') with 'LIKE' counterpart
equaltorlike.py
Replaces all occurrences of operator equal ('=') with 'RLIKE' counterpart
escapequotes.py
Slash escape quotes (' and ") in payload
greatest.py
Replaces greater than operator ('>') with 'GREATEST' counterpart
halfversionedmorekeywords.py
Adds MySQL versioned comment before each keyword
hex2char.py
Replaces each (MySQL) 0x encoded string with equivalent CHAR() counterpart
hexentities.py
HTML hex-encodes all non-alphanumeric characters
htmlencode.py
HTML-encodes all non-alphanumeric characters
if2case.py
Replaces instances like 'IF(A, B, C)' with 'CASE WHEN (A) THEN (B) ELSE (C) END' counterpart
ifnull2casewhenisnull.py
Replaces instances like 'IFNULL(A, B)' with 'CASE WHEN ISNULL(A) THEN (B) ELSE (A) END' counterpart
ifnull2ifisnull.py
Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)' counterpart
informationschemacomment.py
Adds MySQL comment to INFORMATION_SCHEMA for bypassing certain filters
least.py
Replaces greater than operator ('>') with 'LEAST' counterpart
lowercase.py
Replaces each keyword character with lowercase value
luanginx.py
Bypasses LUA/Nginx web application firewall using specific encoding techniques
luanginxmore.py
Advanced bypassing for LUA/Nginx web application firewall with extended techniques
misunion.py
Replaces instances of UNION with /*!UNION*/ to bypass certain filters
modsecurityversioned.py
Embraces complete query with MySQL versioned comment to bypass ModSecurity WAF
modsecurityzeroversioned.py
Embraces complete query with MySQL zero-versioned comment to bypass ModSecurity WAF
multiplespaces.py
Adds multiple spaces around SQL keywords to bypass filters
ord2ascii.py
Replaces ORD(x) with ASCII(x) function calls
overlongutf8.py
Converts all characters in a given payload to overlong UTF8 (not processing already encoded)
overlongutf8more.py
Advanced overlong UTF8 encoding for bypassing additional security filters
percentage.py
Adds a percentage sign (%) in front of each character
plus2concat.py
Replaces plus operator ('+') with MsSQL function CONCAT() counterpart
plus2fnconcat.py
Replaces plus operator ('+') with MsSQL function fn_concat() counterpart
randomcase.py
Replaces each keyword character with random case value (e.g. SELECT -> SEleCt)
randomcomments.py
Adds random comments inside SQL keywords to bypass filters
schemasplit.py
Splits database schema and table names to bypass certain filters
scientific.py
Converts integer values to scientific notation (e.g. 1 -> 1e0)
sleep2getlock.py
Replaces instances of SLEEP with GET_LOCK for time-based injections
sp_password.py
Appends 'sp_password' to the end of payload to avoid logging in SQL Server
space2comment.py
Replaces space character (' ') with comments '/**/'
space2dash.py
Replaces space character (' ') with dash comments ('-- ') followed by random string and new line
space2hash.py
Replaces space character (' ') with hash character ('#') followed by random string and new line
space2morecomment.py
Replaces space character (' ') with comments '/**_**/' (with random underscore variations)
space2morehash.py
Replaces space character (' ') with hash character ('#') followed by random string and new line
space2mssqlblank.py
Replaces space character (' ') with random blank character from valid alternate character set for MSSQL
space2mssqlhash.py
Replaces space character (' ') with hash character ('#') followed by new line for MSSQL
space2mysqlblank.py
Replaces space character (' ') with random blank character from valid alternate character set for MySQL
space2mysqldash.py
Replaces space character (' ') with dash comments ('-- ') followed by new line for MySQL
space2plus.py
Replaces space character (' ') with plus sign ('+') for URL encoding
space2randomblank.py
Replaces space character (' ') with random blank character from valid alternate character set
substring2leftright.py
Replaces PostgreSQL SUBSTRING with LEFT and RIGHT functions
symboliclogical.py
Replaces AND and OR logical operators with symbolic equivalents (&& and ||)
unionalltounion.py
Replaces UNION ALL SELECT with UNION SELECT counterpart
unmagicquotes.py
Replaces quote character (') with multibyte combo %bf%27 (valid for GBK charset)
uppercase.py
Replaces each keyword character with uppercase value
varnish.py
Appends HTTP header 'X-originating-IP' for bypassing Varnish firewalls
versionedkeywords.py
Encloses each non-function keyword with MySQL versioned comment
versionedmorekeywords.py
Encloses each keyword with MySQL versioned comment (extended version)
xforwardedfor.py
Appends a fake HTTP header 'X-Forwarded-For' to bypass IP restrictions