SQL vulnerability scanners

Tools

nycto-dork (dork tool with option to scan for SQLi and LFI)

penetration testing

Nycto-dork is dork scanner that can also test for SQL injections and local file injections (LFI). It can be used during security assessments like a penetration test.

Pybelt (pentest toolkit)

The pybelt toolkit may be useful during a pentest to simplify the process of scanning. It includes options like port scanning, dork checking, cracking and verification of hashes, and scanning for SQL injections.

sqlmap (SQL injection and database takeover tool)

penetration testing, security assessment, vulnerability scanning, web application analysis

Tools like sqlmap are used to test the security of a database. The typical goal is to get control over the database instance by using different types of attacks like SQL injection.

SQLMate (a friend of SQLMap with additional features)

penetration testing, web application analysis

SQLMate is a tool to perform security assessments and vulnerability of web applications. It can discover admin panels of websites, which might be a way to break into a web application. It also has the option for dorking, which means it can find possible vulnerable targets to a particular attack.

TheDoc (automation tool for sqlmap)

penetration testing

TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

Tulpar (web vulnerability scanner)

application security, application testing, web application analysis

Tulpar is a vulnerability scanner that can be used to test new or existing web applications. In the former case, it could be helpful to test a new project before it is deployed into production. This could be done by the developer or a security professional. If some web application is already in production, then it might be a good tool to perform regular testing on known vulnerabilities. In this case, it is typically a pentester or security specialist that does the testing.

Whitewidow (SQL vulnerability scanner)

application security, penetration testing, vulnerability scanning

Whitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.