agosto 19, 2014

10 Herramientas para inyecciones SQL


BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections). It allows metasploit alike exploit repository to share and update exploits.





2. The Mole

Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site can it detect the injection and exploit it, either by using the union technique or a boolean query based technique. The Mole uses a command based interface, allowing the user to indicate the action he wants to perform easily. The CLI also provides auto-completion on both commands and command arguments, making the user type as less as possible.



3. Pangolin

Pangolin is a penetration testing, SQL Injection test tool for database security. It finds SQL Injection vulnerabilities.Its goal is to detect and take inform you of SQL injection vulnerabilities in web applications.



4. Sqlmap

Sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.






5. Havij

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.





6. Enema SQLi

Enema is not auto-hacking software for script kiddies. This is dynamic tool for professional pentesters.


7. Sqlninja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.






8. sqlsus

Written using the Perl programming language, this is an open source penetration testing tool for MySQL Injection and takeover.





9. Safe3 SQL Injector

Safe3SI is one of the most powerful and easy usage penetration tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a AI detection engine.







10. SQL Poizon

This tool includes php , asp , rfi , lf dorks that can be used for penetration testing.