14.4 SQL Injection Tools HD

SQL Injection (SQLI) Tools • SQLDict • SQLExec • SQLbf • SQLSmack • SQL2.exe • SQLPoke • SQLMap • SQLNinja • BSQL Hacker • BBQSQL • SQLSus • Mole • NGSSQLCrack • NGSSQuirreL • SQLPing BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast. Similar to other SQL injection tools you provide certain request information. SQLdict is a dictionary attack tool for SQL Server. SQLExec executes commands on compromised MS SQL servers by using xp_cmdshell stored procedure • uses default sa and NULL password • usage: SQLExec target BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database. • Portcullis no longer maintain the tool • BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections). • It allows metasploit alike exploit repository to share and update exploits. sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections. • Features • Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, HSQLDB and Informix database management systems. • Full support for six SQL injection techniques: boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries and out-of-band. Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered. Safe3 SQL Injector https://sourceforge.net/projects/safe3si/ Safe3SI is one of the most powerful and easy usage penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a AI detection engine Features Full support for http, https website. Full support for Basic, Digest, NTLM http authentications. Full support for GET, Post, Cookie sql injection.