SQL Injection Tools ListApplication Security

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

Home Forums Application Security SQL Injection Tools List

This topic contains 5 replies, has 5 voices, and was last updated by  R0BE1976 2 years, 2 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #74061

    jadenturner
    Participant

    SQL Injection Testing

    Too many too list – Please use this link to find the latest ones uploaded and their ratings https://sourceforge.net/directory/os:windows/?q=blind%20sql%20injection%20tool

    Absinthe – https://sourceforge.net/projects/absinthe/ Absinthe is an automated SQL injection utility capable of both blind and verbose SQL injections.

    Blind SQL Injection Brute Forcer – This perl script allows extraction of data from Blind SQL Injections. It accepts custom SQL queries as a command line parameter and it works for both integer and string based injections.

    ExploitMyUnion – https://sourceforge.net/projects/exploitmyunion/?source=directory ExploitMyUnion is a tool written in Python with a PyQt user interface made to automate sql injection exploitation.

    ICFsqLi Crawler – https://sourceforge.net/projects/icf-sqli/?source=directory This tool helps u to scan sql injection vulnerablity on 1000s of websites , by just giving the ip of the server

    Mole – https://sourceforge.net/projects/themole/?source=directory Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easi

    Pangolin – http://pangolin-free.soft32.com/ Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

    Safe3 – https://sourceforge.net/projects/safe3wvs/?source=directory Safe3WVS is one of the most powerful web vulnerability scanner with AI on-the-fly web spider crawling technology,especially web portals ,it is the most fast tool to dig such as sql injection, upload vulnerability.

    SQL Brute Force Tools – http://www.ush.it/team/ascii/hack-sqlbftools-1.2/mysql_bftools/readme.txt Adaptive http-sql bruteforce tool version 2 for MySQL injection bruteforcing.
    SQLiX – https://www.owasp.org/index.php/Category:OWASP_SQLiX_Project Coded in Perl, is a SQL Injection scanner, able to crawl, detect SQL injection vectors, identify the back-end database and grab function call/UDF results (even execute system commands for MS-SQL). The concepts in use are different than the one used in other

    SQL injection scanners. SQLiX is able to find normal and blind SQL injection vectors and doesn’t need to reverse engineer the original SQL request (using only function calls).*Project is currently porting from Perl to Python

    SQLMap – https://sourceforge.net/projects/sqlmap/?source=directory It detects SQL injection vulnerability in a website database. It can be used on a wide range of databases and supports 6 kinds of SQL injection techniques: time-based blind, boolean-based blind, error-based, UNION query, stacked queries and out-of-band. It can directly connect to the database without using an SQL injection and has great database fingerprinting and enumeration features.

    SQLNinja – http://sqlninja.sourceforge.net/ SQLNinja I s a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

    SQL Power Injector – https://sourceforge.net/projects/spinj/?source=directory SQL Power Injector is an application created in .Net 1.1 that helps the penetration tester to find and exploit SQL injections on a web page. For now, it is SQL Server, Oracle, MySQL, Sybase/Adaptive Server and DB2 compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode).

    SQLSentinel – https://sourceforge.net/projects/sqlsentinel/?source=directory SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.

    Tyrant SQL – https://sourceforge.net/projects/tyrantsql/?source=directory It’s a poweful Sql Injection Tool. It’s a GUI version of SqlMap, saving time and getting better results. Was designed basing on Havij.

    #74333

    cybermo
    Participant

    Good stuff

    #74431

    jadenturner
    Participant

    Thanks! I have the complete consolidated list on my linkedin going to be adding wifi hacking tools list next

    #74471

    Bradwin Hudson
    Participant

    Interesting info…thank you

    #95399

    lookingfortrouble
    Participant

    Hi Jaden,

    Very nice info..
    I’m wondering if there is also a MAC tool like SQLi Dumper?

    #100608

    R0BE1976
    Participant

    Hi, Jaden! Thank you very much for your input!
    I find it very interesting and useful.
    I only was aware of the most known, and it was just the kind of info I was looking for.
    Thanks!

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel