Selection of tools to automate an attack SQL Injection

Home / Hacking, News, Security / Selection of tools to automate an attack SQL Injection

February 14, 2010 PlanetCreator 0 Comments 0 tags

sqlmap (http://sqlmap.sourceforge.net/)
Full support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.
Partially supported: Microsoft Access, DB2, Informix, Sybase and Interbase.

SQL Power Injector (http://www.sqlpowerinjector.com/)
Implemented support for: Microsoft SQL Server, Oracle, MySQL, Sybase / Adaptive Server and DB2.

Absinthe (http://www.0x90.org/releases/absinthe/index.php)
Implemented support for: Microsoft SQL Server, MSDE, Oracle, and Postgres.

bsqlbf-v2 (http://code.google.com/p/bsqlbf-v2/)
Implemented support: MySQL, Oracle, PostgreSQL and Microsoft SQL Server.

pysqlin (http://code.google.com/p/pysqlin/source/checkout)
Implemented support: Oracle, MySQL and Microsoft SQL Server.

BSQL Hacker (http://labs.portcullis.co.uk/application/bsql-hacker/)
Implemented support: Oracle and Microsoft SQL Server.
Available experimental support for MySQL.

WITOOL (http://witool.sourceforge.net/)
Implemented support: Oracle and Microsoft SQL Server.

Sqlninja (http://sqlninja.sourceforge.net/)
Implemented support only Microsoft SQL Server.

sqlus (http://sqlsus.sourceforge.net/)
Implemented support only MySQL.

mySQLenum (http://sourceforge.net/projects/mysqlenum/)
Implemented support only MySQL.

Priamos (http://www.priamos-project.com/)
Implemented support only Microsoft SQL Server.

Pangolin (http://www.nosec.org/2009/0920/74.html)
Pangolin distributed on a commercial basis, but is also available in a free version with limited functionality.
Implemented support: Oracle, Microsoft SQL Server 2000/2005, Sybase, Access, Mysql, DB2 and Informix.

Explore More

Security/Hacking Tools & Utilities

1. Nmap I think everyone has heard of this one, recently evolved into the 4.x series.Nmap (â€Network Mapperâ€) is a free open source utility for network exploration or security auditing.

Google Stuff

Querying for vulnerable sites or servers using Googleâ€™s advance syntaxes Using â€œIndex of â€ syntax to find sites enabled with Index browsing A webserver with Index browsing enabled means anyone

Chinese schools deny Google cyber-attack links

Two Chinese schools have denied the New York Times inform which they were involved in the much-discussed cyber attacks upon Google as good as during slightest 33 alternative outfits sometime

[webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
on November 15, 2024 at 12:00 am
SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
[webapps] reNgine 2.2.0 - Command Injection (Authenticated)
on October 1, 2024 at 12:00 am
reNgine 2.2.0 - Command Injection (Authenticated)
[webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
on October 1, 2024 at 12:00 am
dizqueTV 1.5.3 - Remote Code Execution (RCE)
[webapps] openSIS 9.1 - SQLi (Authenticated)
on October 1, 2024 at 12:00 am
openSIS 9.1 - SQLi (Authenticated)
[dos] Windows TCP/IP - RCE Checker and Denial of Service
on August 28, 2024 at 12:00 am
Windows TCP/IP - RCE Checker and Denial of Service