A collection of domestic and foreign SQL scan injection artifacts, I think some of you may have.
Collected from a foreigner's blog!
No, you can reach out and reply to the post.
As the saying goes: the artifact is in hand, and the world has me.
Sqlninja (http://sqlninja.sourceforge.net /)
Only Microsoft SQL Server is supported.
Sqlmap (http://sqlmap.sourceforge.net/) /)
Full support: MySQL, Oracle, PostgreSQL, and Microsoft SQL Server
Partially supported: in Microsoft Access, DB2, Informix, Sybase, and InterBase.
Pangolin 3.2.3 free version (
Http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip)
Use Access, DB2, Informix, Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2008 web applications, MySQL, Oracle, PostgreSQL, sqlite3, Sybase
Features: Automatic keyword analysis, support for HTTPS, bypass firewall settings before logon, injection excavators, Data Self-unloading, etc.
Havij v1.14 advanced SQL Injection-free version (
Http://www.itsecteam.com/files/havij/Havij1.14Free.rar)
SQL power injection (http://www.sqlpowerinjector.com /)
Supported: Microsoft, Oracle, MySQL, Sybase/Adaptive Server, and DB2.
Sqlier 0.8.2b (http://bcable.net/releases.php? Sqlier)
Sqlier needs an SQL injection vulnerability URL, and tries to identify all the necessary information, establish and use its own SQL Injection holes, without user interaction (unless it cannot guess the correct table/field name ). By doing so, sqlier can generate a union SELECT query design brute force password database. This script does not use quotes to exploit operations, which means it will work for a wider range of websites.
Bsqlbf-V2 (http://code.google.com/p/bsqlbf-v2)
Supported MySQL, Oracle, PostgreSQL, and Microsoft SQL Server.
Marathon utility (http://www.codeplex.com/marathontool)
Supported MySQL, Oracle, Microsoft SQL Server, and Microsoft Access.
IMG (http: // www.0 × 90.org/... inthe/index. php file)
Supported: Microsoft SQL Server, MSDE, Oracle, and ipvs.
Pysqlin (http://code.google.c... source/Checkout)
Implementation: Oracle, MySQL, and Microsoft SQL Server.
Bsql hacker (http://labs.portcull.../bsql hacker /)
Implementation: Oracle and Microsoft SQL Server
It can be used for MySQL experiments.
Sqid (http://sqid.rubyforge.org/#download)
SQL Injection excavator (sqlid) is a command line program, a common error in SQL injection and websites. It can perform the follwing operation: the web page and test the SQL Injection submission form for possible SQL Injection Vulnerabilities
Witool (http://witool.sourceforge.nSQL, Oracle, Microsoft SQL Server and Microsoft Access. ET /)
Implementation: for Oracle and Microsoft SQL Server.
Sqlus (http://sqlsus.sourceforge.net /)
Only MySQL is supported.
Darkmysqli16.py (http://vmw4r3.blogspot.com /)
Only MySQL is supported.
Mysqlenum (http://sourceforge.n... ECTS/mysqlenum /)
Only MySQL is supported.
Priamos (http://www.priamos-project.com /)
Only Microsoft SQL Server is supported.
FJ syringe frame (
Http://sourceforge.net/projects/injection-fwk/files)
FG injector is a free open-source framework designed to help find SQL Injection Vulnerabilities in Web applications. It includes an interface used to intercept and modify HTTP requests and automate SQL injection and mining.
SFX-sqli (http://www.kachakil.com /)
Only Microsoft SQL Server is supported.
Darkmysql (http://vmw4r3.blogspot.com /)
Only MySQL is supported.
Promsid premium (http://forum.web-Def... 02 postcount = 15)
Only MySQL is supported.
Acunetix WVS (
Http://www.acunetix.com/vulnerability-scanner/download.htm)
Automatically checks web application SQL injection, XSS attacks, and other Web vulnerabilities.
Yinjector (http://y-osirys.com/...-softwares/id10)
Only MySQL is supported.
Bobcat SQL injection tool (http://www.northern-... bar/bobcat.html)
Safety SQL injection (http://sourceforge.net/projects/safe3si)
Support for SQL injection of HTTP, https website, basic, summary, NTLM HTTP authentication, get, post, and cookie.
Databases: MySQL, Oracle, Microsoft SQL and PostgreSQL servers, Microsoft Access, SQLite, Firebird, Sybase, and SAP MaxDB database management systems
SQL Injection Technology: blind, based on incorrect, Union queries and brute force guesses.
Exploitmyunion (/http://sourceforge.n... exploitmyunion)
Opium (http://sourceforge.n ../jects/opium)
Hexjector (http://sourceforge.n... ECTS/hexjector /)
Webraider (http://code.google.com/p/webraider)
Only Microsoft SQL Server is supported. Commands used to execute on the server (reverse shell ).
Toolza http://bug-track.ru/prog/toolza1.0.rar) 1.0 (
SQL Injection supports database access: MySQL, MSSQL, Sybase, PostgreSQL, Oracle, Firebird/Interbase
Scrt mini mysqlat0r (
Http://www.scrt.ch/attaque/telechargements/mini-mysqlat0r)
An audit website used by a multi-platform application to promptly discover and exploit SQL injection vulnerabilities. It is written in Java and consists of three different modules (crawler, tester and pioneer) through a user-friendly graphical user interface ).
Share:
Previous: cheat sheet of NMAP