SQLi Dumper v8 is an excellent, advanced, automatic SQL injection tool for testing links that may contain SQL injection problems in Windows.Download link: https://userscloud.com/gn4q6dozavla
A good tutorial by the Anon Angel team: http://anonangelteam.blogspot.co.uk/2015/04/how-to-use-sqli-dumper-v80-powerful.html This tool is more powerful than the famous Havij SQL injection and has many features including:
-Supports Multi. Online search engine (to find the trajects);-Automated exploiting and analyzing from a URL list;-Automated search for data in a bulk URL list;-Automated analyzer for injections points using URL, POST, Cookies, UserLogin or UserPassword;-Dumper supports dumping data with multi-threading (databases/tables/columns/fetching data);-Exploiter supports up to 100x threads;-Analyzer and Dumper supports up to 50x threads;-Advanced WAF bypass methods;-Advanced custom query box;-Dumper can dump large amounts of data, with greats control of delay each request (multi-threading);-Easy switch vulnerabilities to vulnerabilities;-Supports proxies list;-GeoIP database;-Internal database;-Trash System;-Admin login finder;-Hash online cracker;-Reverse IP;-Standalone .exe (no install). The SQL Injection Methods that are supported include:
- MySQL- Union (Integer / String)- Error (Integer / String)** Error Methods:- Double Query- XPATH - ExtractValue- XPATH - UpdateXML- Brute Forcing- Blind- Load File- Load File Scanner** Illegal Mix Of Collations:- UnHexHex()- Binary()- Cast As Char- Compress(Uncompress())- Convert Using utf8- Convert Using latin1- Aes_decrypt(aes_encrypt())- MS SQL- Union (Integer / String)- Error (Integer / String)** Illegal Mix Of Collations:- SQL_Latin1;- Cast As Char.- Oracle- Union (Integer / String)- Error (Integer / String)** Error Methods:- GET_HOST_ADDRESS- DRITHSX.SN- GET;APPINGXPATH.** Illegal Mix Of Collations:- Cast As Char.** Suports TOP N Types:- ROWUM- RANK()- DESE_RANK()** Analizer detects also:- MS Access- PostgredSQL- Sybase I wanted to use its dork scanner feature for a specific website, not a random search. But, how?
Use this dork in a dork scanner:.aspx? & site:samplesite.com.php? & site:samplesite.com.asp? & site:samplesite.com.pl? & site:samplesite.com.jsp? & site:samplesite.comAnd, it simply fetches the links and automatically scans for SQL injection in those links.