Category: SQL Injunction detection tools

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2015/05/13/sqlmap-2/

sqlmap

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/24/sqlmap/

fatcat-sql-injector

This is an automatic SQL Injection tool called as FatCat , Use of FatCat for testing your web application and exploit your application more deeper. FatCat Features that help you to extract the Database information, Table information, and Column information from web application. Only If it is vulnerable to SQL Injection Vulnerability. Download FatCat

Permanent link to this article: https://www.darknessgate.com/2012/07/24/fatcat-sql-injector/

The Mole

The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. Features Support for injections using Mysql, SQL Server, Postgres and Oracle databases. Command …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/24/the-mole/

MySqloit

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache,MySql,PHP) and WAMP (Windows, Apache,MySql,PHP) platforms. It has an ability to upload and execute Metasploit shellcodes through the MySql SQL Injection vulnerability. Platform supported 1) Linux Key Features 1) SQL Injection detection using time based injection method 2) Database fingerprint 3) Web server directory …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/mysqloit/

BSQL (Blind SQL) Hacker

BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections). Key Features Easy Mode SQL Injection Wizard Automated Attack Support (database dump) ORACLE …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/bsql-blind-sql-hacker/

Safe3SI

Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/safe3si/

SQL Ninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sql-ninja/

Havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software user can perform back-end database fingerprint, retrieve DBMS users and  password hashes, dump tables and columns, fetching data from the …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/havij/

SQL injection digger

SQL injection digger is a command line program that looks for SQL injections and common errors in web sites. Current version can perform the following operations: Look for SQL injections and common errors in web site URLs found by performing a google search. Look for SQL injections and common errors in a given URL or …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sql-injection-digger/

SQLIer

SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can’t guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out …

Continue reading

Permanent link to this article: https://www.darknessgate.com/2012/07/23/sqlier/