A large number of website get hacked due to sql vulnerabilities. And probably hackers are using such techniques to deface websites on country, cast and religion reasons too. Security is basically from you and you are responsible for your website. If you will leave a hole and won't patch it then hacker will gain access to your admin panel and will upload a shell to deface the website. Well, Having a backup of website is good thing but as a result of defacement the site will be down for a long time and this will take down your traffic rank also. The purpose of HT is to produce awareness among you therefore i am posting some good SQL scanners here. Which are automated and will scan for vulnerability at one click. This is actually auditing your own website. Look at the list:
1) Automagic SQL Injector
The Automagic SQL Injector is part of the Sec-1 Exploit Arsenal provided as part of the Applied Hacking & Intrusion Prevention training courses.
In a nutshell it's an automated SQL injection tool designed to help save time on pen tests. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned.
The following features are currently supported:
* Browse tables and dump table data to a CSV file (2 methods).
* Upload files using debug script method.
* Automagical UDP reverse shell
* Interactive xp_cmdshell (simulated cmd.exe shell)
For a demonstration please visit this
To download the tool: Get here
2) SQLNinja
SQLNinja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end database.Sqlninja is written in Perl and should run on any UNIX based platform with a Perl interpreter, as long as all needed modules have been installed.
To download the tool : Get Here
3) FJ-Injector Framwork
FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications and servers. Its features are a proxy for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation.
To download the tool : Get Here
4) SQL Power Injector
SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads
To download the tool : Get Here
5)Blind SQL Injection Perl Tool
bsqlbf.pl is a Perl script that allows users to retrieve information from web sites that are vulnerable to SQL Injection.
To download the tool: Get Here
6) SQL Injection Digger
SQL injection digger is a command line program that looks for SQL injections and common errors presnt in websites. This version now can perform the following operations.
* Look for SQL injections and common errors in website urls found by performing a google search
* Look for SQL injections and common erros in a given url or a file with urls
* Look for SQL injections and common errors in links from a web page
* Crawl a website/webpage and do the above
To download the tool: Get Here
7) Absinthe-Blind SQL Injection Tool
Absinthe is a GUI-based (GTK-Sharp) tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection.Its features are:
* Automated SQL Injection
* Supports MS SQL Server, MSDE, Oracle, Postgres
* Cookies / Additional HTTP Headers
* Query Termination
* Additional text appended to queries
* Supports Use of Proxies / Proxy Rotation
* Multiple filters for page profiling
* Custom Delimiters
To download the tool: Get Here
8) SQL Map
Sqlmap is an automatic blind SQL injection tool capable to enumerate entire remote database, perform an active database fingerprint and much more. The aim of this project is to implement a fully functional database mapper tool which takes advantages of web application security flaws.
To download the tool: Get Here
9) BobCat - SQL injection Exploitation Tool
BobCat is a MS Windows based tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named "Data Thief" that was published as PoC by appsecinc. BobCat can exploit SQL injection bugs/opportunities in web applications, independent of language, but dependent on MS SQL as the back end DB.
To download the tool: Get Here
10) SQLibf- SQL Injection Brute Forcer
SQLibf is a SQL Injection Brute-forcer tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. This is not an easy or standalone application. It must be used by a web application auditor for helping and complementing his findings. SQLibf can work with both Visible and Blind SQL Injection vulnerabilities. It works by doing simple logic SQL operations to determine the level of exposure of the vulnerable application.
To download the tool: Get Here
0 comments:
Post a Comment