You should take a look at https://sqlmap.org : this tool runs SQL attacks with « raw data output » as you say, but also without outputs (Blind SQL injections).
> it occurred to me that they probably are hosting this site with github but are using their own domain name
That is exactly what they are doing, and in itself this is not at all a problem.
But presumably the link worked for the original poster, so either there is a dynamic DNS problem (we are being sent to an address that serves the .github.com certificate an not the "right" one but he was sent somewhere that does have a certificate for that name) or* someone is resigning content and his machine is set to trust their CA certificate. This latter cause could be normal/expected (his company having a MiTM policy for regulatory monitoring reasons) or his machine could be cracked by an external entity.
SQLmap is a great tool for automated scanning and exploiting of SQLi vulnerabilities. Like everything though, it can miss the occasional exploit, where someone with the expertise might be better suited, but generally speaking it’s an awesome place to start.
It also has sane defaults, which means scriptkiddies chancing their luck with it should be easily spotted in your access.log, or depending on your environment a WAF/IDS/IPS should block/detect quickly.
The site is accessible as plain http (or https if you skip the warnings, of course).