10 Relational Database SQL Injection tools

BSQLHackerBSQLHacker is developed by the Portcullis lab. BSQLHacker is an automatic SQL injection tool (which supports SQL blind injection). It is designed to inject SQL overflow to any database. The applicable group of BSQLHacker is those who have experience in injection and those who want to perform automatic SQL injection. BSQLHacke

BSQL Hacker is developed by the Portcullis lab. BSQL Hacker is an automatic SQL injection tool (supports SQL blind injection ), the purpose of its design is to inject SQL overflow into any database. BSQL Hacker applies to users who have experience in injection and those who want to perform automatic SQL injection. BSQL Hacke

BSQL Hacker

BSQL Hacker is developed by the Portcullis lab. BSQL Hacker is an automatic SQL injection tool that supports SQL blind injection. It is designed to cause SQL overflow injection to any database. BSQL Hacker applies to users who have experience in injection and those who want to perform automatic SQL injection. BSQL Hacker can automatically attack Oracle and MySQL databases, and automatically extract database data and architecture.

The Mole

The Mole is an open-source automated SQL injection tool that bypasses IPS/IDS (Intrusion Prevention System/Intrusion Detection System ). You only need to provide a URL and an available keyword to detect and exploit injection points. The Mole can use The union injection technology and The logic query-based injection technology. The Mole attacks include SQL Server, MySQL, S, and Oracle databases.

Pangolin

Pangolin is a security tool that helps penetration testers perform SQL injection tests. Pangolin and JSky (Web Application Security Vulnerability scanner and Web Application Security Evaluation Tool) are both products of NOSEC. Pangolin has a friendly graphical interface and supports testing almost all databases (Access, MSSql, MySql, Oracle, Informix, DB2, Sybase, PostgreSQL, and Sqlite ). Pangolin can maximize the attack test results through a series of very simple operations. It provides the test steps from the detection and injection to the final control target system. Pangolin is currently the most popular security software for SQL injection testing in China.

Sqlmap

Sqlmap is an automatic SQL injection tool. It is competent to execute a wide range of back-end fingerprints of the database management system,

Retrieves DBMS databases, usernames, tables, and columns, and lists information about the entire DBMS. Sqlmap provides the ability to dump database tables and download or upload any files from MySQL, PostgreSQL, and SQL Server servers and execute any code.

Havij

Havij is an automated SQL injection tool that helps penetration testers discover and exploit SQL Injection Vulnerabilities in Web applications. Havij can not only automatically mine available SQL queries, but also identify the background database type, retrieve the user name and password hash of the data, dump tables and columns, and extract data from the database, even accessing the underlying file system and executing system commands, the premise is that there is a usable SQL injection vulnerability. Havij supports a wide range of database systems, such as MsSQL, MySQL, MSAccess and Oracle. Havij supports parameter configuration to avoid IDS, support proxy, and background login address scanning.

Enema SQLi

The difference between Enema SQLi and other SQL Injection tools is that Enema SQLi is not automatic and requires some knowledge to use Enema SQLi. Enema SQLi can use User-Defined queries and plug-ins to attack SQL Server and MySQL databases. Supports error-based, Union-based, and blind time-based injection attacks.

SQLninja

The SQLninja software is written in Perl and complies with the GPLv2 standard. SQLninja aims to take advantage of the SQL injection vulnerability in Web applications. It relies on Microsoft SQL Server as the backend support. Its main goal is to provide a remote shell on a database server with vulnerabilities, even in an environment with strict preventive measures. After an SQL injection vulnerability is discovered, enterprise administrators, Especially penetration testers, should use it to automatically take over database servers. There are many other SQL injection vulnerability tools on the market, but unlike other tools, SQLninja does not need to extract data, but focuses on obtaining an interactive shell on a remote database server, and use it as a foothold in the target network.

Sqlsus

Sqlsus is an open-source MySQL injection and taking over tool. sqlsus is written in perl and based on the command line interface. Sqlsus can obtain the database structure, inject your own SQL statements, download files from the server, crawl accessible directories on the web site, upload and control backdoors, and clone databases.

Safe3 SQL Injector

Safe3 SQL Injector is the most powerful and easy-to-use penetration testing tool. It can automatically detect and exploit SQL Injection Vulnerabilities and database servers. Safe3 SQL Injector can read databases such as MySQL, Oracle, PostgreSQL, SQL Server, Access, SQLite, Firebird, Sybase, and SAP MaxDB. It also supports writing files to MySQL and SQL Server, and executing arbitrary commands in SQL Server and Oracle. Safe3 SQL Injector also supports error-based, Union-based, and blind time-based injection attacks.

SQL Poizon

The graphic interface of SQL Poizon allows users to launch attacks without deep professional knowledge. The built-in browser of SQL Poizon scan and injection tool can help you view the impact of injection attacks. SQL Poizon makes full use of the search engine "dorks" to scan websites with SQL injection vulnerabilities on the Internet.