SQLi exploitation tools

Tools

Albatar (SQL injection exploit tool)

penetration testing, security assessment, web application analysis

Albatar has the focus on the situations where tools like sqlmap need to be adjusted to make an exploit work. It is written in Python and unlike sqlmap, it does not detect SQL injection vulnerabilities.

jSQL Injection (automatic SQL database injection)

database security

jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.

nycto-dork (dork tool with option to scan for SQLi and LFI)

penetration testing

Nycto-dork is dork scanner that can also test for SQL injections and local file injections (LFI). It can be used during security assessments like a penetration test.

sqlmap (SQL injection and database takeover tool)

penetration testing, security assessment, vulnerability scanning, web application analysis

Tools like sqlmap are used to test the security of a database. The typical goal is to get control over the database instance by using different types of attacks like SQL injection.

SQLMate (a friend of SQLMap with additional features)

penetration testing, web application analysis

SQLMate is a tool to perform security assessments and vulnerability of web applications. It can discover admin panels of websites, which might be a way to break into a web application. It also has the option for dorking, which means it can find possible vulnerable targets to a particular attack.

TheDoc (automation tool for sqlmap)

penetration testing

TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.

Missing a favorite tool in this list? Share a tool suggestion and we will review it.