Web applications allow visitors to send and retrieve data to / from the database via the Internet. Databases are the heart of most web applications. They store data required for web applications to deliver specific content to visitors and provide information to customers, suppliers and others
SQL Injection is perhaps the web applications-the most common hacking techniques that try to pass SQL commands through a web application for execution by the back-end database. vulnerability is presented when user input is not properly cleaned and thus executed.
Checking for SQL Injection vulnerabilities involves auditing your web applications and the best way to do this is by using automated SQL Injection Scanners. We've compiled a list of free SQL Injection Scanners we believe will be a value to both web application developers and professional security auditors.
SQLIer - SQLIer taking vulnerable URL and attempts to determine all the necessary information to exploit the weaknesses of SQL Injection by itself, does not require user interaction at all. Get SQLIer.
http://bcable.net/project.php?sqlier
SQLbftools - SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL injection attacks. Get SQLbftools.
http://www.reversing.org/node/view/11
-SQL Injection Brute Forcer - SQLibf is a tool to detect and exploit the work automatizing SQL Injection vulnerabilities. SQLibf can work in the visible and Blind SQL Injection. It works by doing a simple SQL logic operations to determine the level of exposure of the vulnerable application. Get SQLLibf.
http://www.open-labs.org/sqlibf19beta1.tar.gz
SQLBrute - SQLBrute is a tool to force the crude data from databases using blind SQL injection vulnerabilities. Supports time-based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and does not require non-standard libraries. Get SQLBrute.
http://www.justinclarke.com/security/sqlbrute.py
Bobcat - Bobcat is a tool to assist the auditor in taking full advantage of SQL injection vulnerabilities. This is based on research AppSecInc. This can be a list of related severs, database schema, and allows retrieval of data from the table that the application of the current user has access to. Get Bobcat.
http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
SqlMap - SqlMap is an automatic blind SQL injection tool, developed in python, capable to perform database management system fingerprint active, enumerate entire remote databases and much more. SqlMap purpose is to implement a database management tool that fully functional system that takes advantage of web application programming security vulnerabilities that lead to SQL injection vulnerabilities. Get SqlMap.
http://sqlmap.sourceforge.net/
Absinthe - absinthe is a GUI-based tool that automates the downloading process and content of the database scheme is vulnerable to Blind SQL Injection. Get absinthe.
http://www.0x90.org/releases/absinthe/download.php
SQL Injection Pen-testing Tool - SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in Web applications. Get SQL Injection Pen-testing tools.
http://sqltool.itdefence.ru/indexeng.html
SQID - SQL Injection digger (SQLID) is a command line program for SQL injections and common errors in websites. This can be done follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. Get SQID.
http://sqid.rubyforge.org/
Blind SQL Injection Perl Tool - bsqlbf is a Perl script that lets auditors retrieve information from websites that are vulnerable to SQL Injection. Get Blind SQL Injection Perl Tool.
http://www.unsec.net/download/bsqlbf.pl
SQL Power Injection Injector - SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It's main strength is its ability to automate tedious blind SQL injection with several threads. Get SQL Power Injection.
http://www.sqlpowerinjector.com/
FJ-Injector Framwork - FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities on web applications. This includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. Get FJ-Injector Framework.
http://sourceforge.net/project/showfiles.php?group_id=183841
SQLNinja - SQLNinja is a tool to exploit SQL Injection weakness in a web application that uses Microsoft SQL Server as its back-end database. Get SQLNinja.
http://sqlninja.sourceforge.net/
Automagic SQL Injector - The Automagic SQL Injector is an automatic SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where the error is returned. Get Automagic SQL Injector.
http://www.indianz.ch/tools/attack/automagic.zip
NGSS SQL Injector - NGSS SQL Injector exploit vulnerabilities in SQL injection on different database servers to gain access to stored data. Currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.
http://www.indianz.ch/tools/attack/sqlinjector.zip
