Top ten relational database SQL injection tools at a glance

Source: Internet
Author: User
Tags mssql mysql injection sql injection attack sqlite sybase havij

Abstract: It is well known that SQL injection attacks are the most common techniques for web application attacks. At the same time, the security damage caused by SQL injection attack is irreparable. The 10 SQL tools listed below help administrators to detect vulnerabilities in a timely manner. bSQL Hacker bSQL Hacker was developed by the Portcullis Lab, bSQL Hacker is a SQL auto-injection tool (supports SQL blinds) and is designed to be able to enter into any database ...

SQL injection attacks are known to be the most common Web application attack technology. At the same time, the security damage caused by SQL injection attack is irreparable. The 10 SQL tools listed below help administrators to detect vulnerabilities in a timely manner.

bSQL Hacker

bSQL Hacker was developed by Portcullis Labs, and bSQL Hacker is a SQL auto-injection tool (which supports SQL blinds) designed to allow SQL overflow injection to any database. The bSQL hacker is for those who are experienced users and those who want to inject automatic SQL into the population. The bSQL hacker automatically attacks Oracle and MySQL databases and automatically extracts data and schemas from the database.

The Mole

The mole is an open source automated SQL Injection tool that bypasses the Ips/ids (Intrusion prevention system/intrusion detection system). Simply provide a URL and a usable keyword that will detect the injection point and exploit it. The mole can use union injection technology and logical query-based injection technology. The Mole attack range includes SQL Server, MySQL, Postgres, and Oracle databases.

Pangolin

Pangolin is a security tool that helps penetration testers perform SQL injection (SQL Injeciton) testing. Pangolin and Jsky (Web application Vulnerability scanner, Web Application Security Assessment tool) are the products of NOSEC Corporation. Pangolin has a friendly graphical interface and supports testing of almost any database (Access, MSSQL, MYSQL, Oracle, Informix, DB2, Sybase, PostgreSQL, Sqlite). The pangolin is able to achieve maximum attack test results with a very simple set of operations. It gives the test steps from the beginning of the detection injection to the final control target system. Pangolin is the most current security software for SQL injection testing with the highest utilization rate in the country.

Sqlmap

SQLMAP is an automatic SQL injection tool. It is capable of performing a wide range of database management system back-end fingerprints,

Retrieves the DBMS database, usernames, tables, columns, and enumerates the entire DBMS information. SQLMAP provides the ability to dump database tables and MySQL, PostgreSQL, SQL Server servers to download or upload any file and execute arbitrary code.

Havij

Havij is an automated SQL injection tool that enables penetration testers to discover and exploit SQL injection vulnerabilities in Web applications. Havij not only automates the mining of available SQL queries, it can also identify background database types, retrieve user name and password hashes for data, dump tables and columns, extract data from a database, and even access the underlying file system and execute system commands, provided there is an available SQL injection vulnerability. Havij supports a wide range of database systems such as MsSQL, MySQL, MSAccess and Oracle. Havij support parameter configuration to evade IDs, support agents, background landing address scanning.

Enema SQLi

Enema SQLI Unlike other SQL injection tools, enema sqli is not automatic and requires a certain amount of knowledge to use enema sqli. Enema Sqli is able to use user-defined queries and plug-ins to attack SQL Server and MySQL databases. Supports injection attacks based on error-based, union-based, and blind time-based.

Sqlninja

Sqlninja software is written in Perl and complies with the GPLV2 standard. The purpose of Sqlninja is to take advantage of SQL injection vulnerabilities in Web applications that rely on Microsoft's SQL Server for back-end support. The main goal is to provide a remote shell on the vulnerable database server, even in an environment with strict precautions. After a SQL injection vulnerability is discovered, the administrator of the enterprise, especially the tester who penetrates the attack, should use it to automatically take over the database server. There are many other SQL injection vulnerability tools available on the market, but unlike other tools, Sqlninja does not need to extract data, but focuses on getting an interactive shell on the remote database server and using it as a foothold in the target network.

Sqlsus

Sqlsus is an open source MySQL injection and Takeover tool, Sqlsus written in Perl and based on a command-line interface. Sqlsus can get the database structure, inject your own SQL statements, download files from the server, crawl Web sites writable directories, upload and control backdoors, clone databases, etc.

Safe3 SQL Injector

Safe3 SQL Injector is one of the most powerful and easy-to-use penetration testing tools that can automatically detect and exploit SQL injection vulnerabilities and database server processes. Safe3 SQL Injector has the ability to read databases such as MySQL, Oracle, PostgreSQL, SQL Server, Access, SQLite, Firebird, Sybase, SAP maxdb, and more. It also supports writing files to MySQL, SQL Server, and executing arbitrary commands in SQL Server and Oracle. SAFE3 SQL Injector also supports injection attacks based on error-based, union-based, and blind time-based.

SQL Poizon

SQL Poizon's graphical interface allows users to attack without deep expertise, and the SQL Poizon Scan Injection tool's built-in browser helps to see the impact of an injection attack. SQL Poizon leverages the search engine "dorks" to scan Web sites for SQL injection vulnerabilities in the Internet. (Li Zhi/edit)

Top ten relational database SQL injection tools at a glance

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.