Domestic and foreign SQL artifacts (collection posts ).

Source: Internet
Author: User
Tags http authentication informix interbase microsoft sql server 2005 sybase havij

A collection of domestic and foreign SQL scan injection artifacts, I think some of you may have.
Collected from a foreigner's blog!
No, you can reach out and reply to the post.
As the saying goes: the artifact is in hand, and the world has me.

Sqlninja ( /)

Only Microsoft SQL Server is supported.

Sqlmap ( /)

Full support: MySQL, Oracle, PostgreSQL, and Microsoft SQL Server
Partially supported: in Microsoft Access, DB2, Informix, Sybase, and InterBase.

Pangolin 3.2.3 free version (
Use Access, DB2, Informix, Microsoft SQL Server 2000, Microsoft SQL Server 2005, Microsoft SQL Server 2008 web applications, MySQL, Oracle, PostgreSQL, sqlite3, Sybase
Features: Automatic keyword analysis, support for HTTPS, bypass firewall settings before logon, injection excavators, Data Self-unloading, etc.

Havij v1.14 advanced SQL Injection-free version (

SQL power injection ( /)

Supported: Microsoft, Oracle, MySQL, Sybase/Adaptive Server, and DB2.

Sqlier 0.8.2b ( Sqlier)

Sqlier needs an SQL injection vulnerability URL, and tries to identify all the necessary information, establish and use its own SQL Injection holes, without user interaction (unless it cannot guess the correct table/field name ). By doing so, sqlier can generate a union SELECT query design brute force password database. This script does not use quotes to exploit operations, which means it will work for a wider range of websites.

Bsqlbf-V2 (

Supported MySQL, Oracle, PostgreSQL, and Microsoft SQL Server.

Marathon utility (

Supported MySQL, Oracle, Microsoft SQL Server, and Microsoft Access.

IMG (http: // www.0 × inthe/index. php file)

Supported: Microsoft SQL Server, MSDE, Oracle, and ipvs.

Pysqlin ( source/Checkout)

Implementation: Oracle, MySQL, and Microsoft SQL Server.

Bsql hacker (http://labs.portcull.../bsql hacker /)

Implementation: Oracle and Microsoft SQL Server
It can be used for MySQL experiments.

Sqid (

SQL Injection excavator (sqlid) is a command line program, a common error in SQL injection and websites. It can perform the follwing operation: the web page and test the SQL Injection submission form for possible SQL Injection Vulnerabilities

Witool (http://witool.sourceforge.nSQL, Oracle, Microsoft SQL Server and Microsoft Access. ET /)

Implementation: for Oracle and Microsoft SQL Server.

Sqlus ( /)

Only MySQL is supported. ( /)

Only MySQL is supported.

Mysqlenum (http://sourceforge.n... ECTS/mysqlenum /)

Only MySQL is supported.

Priamos ( /)

Only Microsoft SQL Server is supported.

FJ syringe frame (
FG injector is a free open-source framework designed to help find SQL Injection Vulnerabilities in Web applications. It includes an interface used to intercept and modify HTTP requests and automate SQL injection and mining.

SFX-sqli ( /)

Only Microsoft SQL Server is supported.

Darkmysql ( /)

Only MySQL is supported.

Promsid premium (http://forum.web-Def... 02 postcount = 15)

Only MySQL is supported.

Acunetix WVS (
Automatically checks web application SQL injection, XSS attacks, and other Web vulnerabilities.

Yinjector (

Only MySQL is supported.

Bobcat SQL injection tool (http://www.northern-... bar/bobcat.html)

Safety SQL injection (

Support for SQL injection of HTTP, https website, basic, summary, NTLM HTTP authentication, get, post, and cookie.
Databases: MySQL, Oracle, Microsoft SQL and PostgreSQL servers, Microsoft Access, SQLite, Firebird, Sybase, and SAP MaxDB database management systems

SQL Injection Technology: blind, based on incorrect, Union queries and brute force guesses.

Exploitmyunion (/http://sourceforge.n... exploitmyunion)

Opium (http://sourceforge.n ../jects/opium)

Hexjector (http://sourceforge.n... ECTS/hexjector /)

Webraider (

Only Microsoft SQL Server is supported. Commands used to execute on the server (reverse shell ).

Toolza 1.0 (

SQL Injection supports database access: MySQL, MSSQL, Sybase, PostgreSQL, Oracle, Firebird/Interbase

Scrt mini mysqlat0r (
An audit website used by a multi-platform application to promptly discover and exploit SQL injection vulnerabilities. It is written in Java and consists of three different modules (crawler, tester and pioneer) through a user-friendly graphical user interface ).

  • Previous: cheat sheet of NMAP
  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.