Top 15 free SQL Injection Scanners
Whilethe adoption of web applications for conducting online business hasenabled companies to connect seamlessly with their customers, it hasalso exposed a number of security concerns stemming from impropercoding. Vulnerabilities in web applications allow hackers to gaindirect and public access to sensitive information (e.g. personal data,login credentials).
Web applications allow visitors to submit andretrieve data to/from a database over the Internet. Databases are theheart of most web applications. They hold data needed for webapplications to deliver specific content to visitors and provideinformation to customers, suppliers etc.
SQL Injection isperhaps the most common web-application hacking technique whichattempts to pass SQL commands through a web application for executionby the back-end database. The vulnerability is presented when userinput is incorrectly sanitized and thereby executed.
Checking for SQL Injectionvulnerabilities involves auditing your web applications and the bestway to do it is by using automated SQL Injection Scanners. We’vecompiled a list of free SQL Injection Scanners we believe will be of a value to both web application developers and professional security auditors.
1、SQLIer- SQLIer takes a vulnerable URL and attempts to determine all thenecessary information to exploit the SQL Injection vulnerability byitself, requiring no user interaction at all.
Get SQLIer.
2、SQLbftools – SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack.
Get SQLbftools.
3、SQL Injection Brute-forcer- SQLibf is a tool for automatizing the work of detecting andexploiting SQL Injection vulnerabilities. SQLibf can work in Visibleand Blind SQL Injection. It works by doing simple logic SQL operationsto determine the exposure level of the vulnerable application.
Get SQLLibf.
4、SQLBrute- SQLBrute is a tool for brute forcing data out of databases usingblind SQL injection vulnerabilities. It supports time based and errorbased exploit types on Microsoft SQL Server, and error based exploit onOracle. It is written in Python, uses multi-threading, and doesn’trequire non-standard libraries.
Get SQLBrute.
5、BobCat – BobCat is a tool to aid an auditor in taking full advantage of SQL injection vulnerabilities. It is based on AppSecIncresearch. It can list the linked severs, database schema, and allow theretrieval of data from any table that the current application user hasaccess to.
Get BobCat.
6、SQLMap- SQLMap is an automatic blind SQL injection tool, developed in python,capable to perform an active database management system fingerprint,enumerate entire remote databases and much more. The aim of SQLMap isto implement a fully functional database management system tool whichtakes advantages of web application programming security flaws whichlead to SQL injection vulnerabilities.
Get SQLMap.
7、Absinthe- Absinthe is a GUI-based tool that automates the process ofdownloading the schema and contents of a database that is vulnerable toBlind SQL Injection.
Get Absinthe.
8、SQL Injection Pen-testing Tool – The SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in web-applications.
Get SQL Injection Pen-testing tool.
9、SQID- SQL Injection digger (SQLID) is a command line program that looks forSQL injections and common errors in websites. It can perform thefollwing operations: look for SQL injection in a web pages and testsubmit forms for possible SQL injection vulnerabilities.
Get SQID.
10、Blind SQL Injection Perl Tool – bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection.
Get Blind SQL Injection Perl Tool.
11、SQL Power Injection- SQL Power Injection helps the penetration tester to inject SQLcommands on a web page. It’s main strength is its capacity to automatetedious blind SQL injection with several threads.
Get SQL Power Injection.
12、FJ-Injector Framwork- FG-Injector is a free open source framework designed to help find SQLinjection vulnerabilities in web applications. It includes a proxyfeature for intercepting and modifying HTTP requests, and an interfacefor automating SQL injection exploitation.
Get FJ-Injector Framework.
13、SQLNinja- SQLNinja is a tool to exploit SQL Injection vulnerabilities on a webapplication that uses Microsoft SQL Server as its back-end database. Get SQLNinja.
14、Automagic SQL Injector- The Automagic SQL Injector is an automated SQL injection tooldesigned to help save time on penetration testing. It is only designedto work with vanilla Microsoft SQL injection holes where errors arereturned.
Get Automagic SQL Injector.
15、NGSS SQL Injector- NGSS SQL Injector exploit vulnerabilities in SQL injection ondisparate database servers to gain access to stored data. It currentlysupports the following databases: Access, DB2, Informix, MSSQL, MySQL,Oracle, Sysbase.
Get NGSS SQL Injector
包子猜您可能还喜欢下列文章:
最近评论