Home 0P3N Blog SQL Injection Tools List
Ready to Start Your Career?
Create Free Account
authors profile image
January 1, 2016

SQL Injection Tools List

January 1, 2016
authors profile image
January 1, 2016
SQL Injection Testing Too many too list - Please use this link to find the latest ones uploaded and their ratings https://sourceforge.net/directory/os:windows/?q=blind%20sql%20injection%20tool Absinthe - https://sourceforge.net/projects/absinthe/ Absinthe is an automated SQL injection utility capable of both blind and verbose SQL injections. Blind SQL Injection Brute Forcer - This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections. ExploitMyUnion - https://sourceforge.net/projects/exploitmyunion/?source=directory ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation. ICFsqLi Crawler - https://sourceforge.net/projects/icf-sqli/?source=directory This tool helps u to scan sql injection vulnerablity on 1000s of websites , by just giving the ip of the server Mole - https://sourceforge.net/projects/themole/?source=directory Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easi Pangolin - https://pangolin-free.soft32.com/ Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more. Safe3 - https://sourceforge.net/projects/safe3wvs/?source=directory Safe3WVS is one of the most powerful web vulnerability scanner with AI on-the-fly web spider crawling technology,especially web portals ,it is the most fast tool to dig such as sql injection, upload vulnerability. SQL Brute Force Tools - http://www.ush.it/team/ascii/hack-sqlbftools-1.2/mysql\_bftools/readme.txt Adaptive http-sql bruteforce tool version 2 for MySQL injection bruteforcing. SQLiX - https://www.owasp.org/index.php/Category:OWASP\_SQLiX\_Project Coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn't need to reverse engineer the original SQL request (using only function calls).\*Project is currently porting from Perl to Python SQLMap - https://sourceforge.net/projects/sqlmap/?source=directory It detects SQL injection vulnerability in a website database. It can be used on a wide range of databases and supports 6 kinds of SQL injection techniques: time-based blind, boolean-based blind, error-based, UNION query, stacked queries and out-of-band. It can directly connect to the database without using an SQL injection and has great database fingerprinting and enumeration features. SQLNinja - http://sqlninja.sourceforge.net/ SQLNinja I s a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. SQL Power Injector - https://sourceforge.net/projects/spinj/?source=directory SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now, it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). SQLSentinel - https://sourceforge.net/projects/sqlsentinel/?source=directory SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled. Tyrant SQL - https://sourceforge.net/projects/tyrantsql/?source=directory It's a poweful Sql Injection Tool. It's a GUI version of SqlMap, saving time and getting better results. Was designed basing on Havij. Hi Good stuff Thanks! I have the complete consolidated list on my linkedin going to be adding wifi hacking tools list next Interesting info...thank you Hi Jaden, Very nice info.. I'm wondering if there is also a MAC tool like SQLi Dumper? Hi, Jaden! Thank you very much for your input! I find it very interesting and useful. I only was aware of the most known, and it was just the kind of info I was looking for. Thanks! 😀
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry