sqlmap alternatives
Looking for an alternative tool to replace sqlmap? During the review of sqlmap we looked at other open source tools. Based on their category, tags, and text, these are the ones that have the best match.
Top 3
- TheDoc (automation tool for sqlmap)
- nycto-dork (dork tool with option to scan for SQLi and LFI)
- jSQL Injection (automatic SQL database injection)
These tools are ranked as the best alternatives to sqlmap.
Alternatives (by score)
TheDoc
Introduction
TheDoc is a tool written in shell-script to automate the usage of sqlmap. It comes with a built-in admin finder and hash cracker, using the Hashcat tool.Project details
TheDoc is written in shell script.
Strengths and weaknesses
- + Used language is shell script
- + Very low number of dependencies
- + The source code of this software is available
- - Full name of author is unknown
- - Unknown project license
Typical usage
- Penetration testing
nycto-dork
Introduction
This tool has limited documentation. For that reason, the review is limited at this time.
Project details
nycto-dork is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - Minimal or no documentation available
- - Full name of author is unknown
Typical usage
- Penetration testing
jSQL Injection
Introduction
jSQL Injection is a security tool to test web applications. It can be used to discover if an application is vulnerable to SQL injection attacks.Project details
jSQL Injection is written in Java.
Strengths and weaknesses
- + The source code of this software is available
- - Full name of author is unknown
Typical usage
- Database security
SQLMate
Introduction
SQLMate is a tool to perform security assessments and vulnerability of web applications. It can discover admin panels of websites, which might be a way to break into a web application. It also has the option for dorking, which means it can find possible vulnerable targets to a particular attack.
Project details
SQLMate is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - No releases on GitHub available
Typical usage
- Penetration testing
- Web application analysis
Oscanner
Introduction
The tool has a plugin-based architecture for enumeration purposes of Oracle installations.
- Sid enumeration
- Passwords tests (common & dictionary)
- Enumerate Oracle version
- Enumerate account roles
- Enumerate account privileges
- Enumerate account hashes
- Enumerate audit information
- Enumerate password policies
- Enumerate database links
Project details
Oscanner is written in Java.
Strengths and weaknesses
- + The source code of this software is available
evilredis
Introduction
Evilredis tool is an offensive security program for pentesting Redis databases. It can scan the target and perform different actions, like shutting down a Redis instance.
Project details
evilredis is written in Node.js.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Security assessment
- Vulnerability scanning
Tulpar
Introduction
Tulpar is a vulnerability scanner that can be used to test new or existing web applications. In the former case, it could be helpful to test a new project before it is deployed into production. This could be done by the developer or a security professional. If some web application is already in production, then it might be a good tool to perform regular testing on known vulnerabilities. In this case, it is typically a pentester or security specialist that does the testing.
Project details
Tulpar is written in Python.
Strengths and weaknesses
- + The source code of this software is available
- - Minimal or no documentation available
Typical usage
- Application security
- Application testing
- Web application analysis
Whitewidow
Introduction
Whitewidow is a security tool to perform automated SQL vulnerability scans. It can be used during penetration tests or for security assessments.Project details
Whitewidow is written in Ruby.
Strengths and weaknesses
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Application security
- Penetration testing
- Vulnerability scanning
Pybelt
Introduction
The pybelt toolkit may be useful during a pentest to simplify the process of scanning. It includes options like port scanning, dork checking, cracking and verification of hashes, and scanning for SQL injections.
Project details
Pybelt is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Albatar
Introduction
Albatar has the focus on the situations where tools like sqlmap need to be adjusted to make an exploit work. It is written in Python and unlike sqlmap, it does not detect SQL injection vulnerabilities.
Project details
Albatar is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Web application analysis
MongoSanitizer (python-mongo-sanitizer)
Introduction
Typically this type of tool would be used as an additional defense layer to prevent injection attacks from reaching the database.
Project details
MongoSanitizer is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Application security
- Database security
Acra
Introduction
Acra is a database encryption proxy that provides encryption and data leakage prevention to applications. It provides selective encryption, access control, database and data leak prevention, and even intrusion detection capabilities. It is focused on developers and supports most popular programming languages such as Go, PHP, Python, Ruby.
Project details
Acra is written in Golang, Node.js, Objective-C, PHP, Python, Ruby.
Strengths and weaknesses
- + Commercial support available
- + The source code of this software is available
Typical usage
- Data encryption
- Data leak prevention
- Data security
- Vulnerability mitigation
NoSQLMap
Introduction
NoSQLMap is designed to audit database, as well to automate injection attacks. It can exploit configuration weaknesses in NoSQL databases and web applications using NoSQL.
Project details
NoSQLMap is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 500 GitHub stars
- + The source code of this software is available
Typical usage
- Database security
- Penetration testing
- Security assessment
Leviathan Framework
Introduction
Leviathan is a security tool to provide a wide range of services including service discovery, brute force, SQL injection detection, and exploit capabilities. The primary reason to use this tool is to do massive scans on many systems at once. For example to include a huge network range, country-wide scan, or even full internet scan.
Project details
Leviathan Framework is written in Python.
Strengths and weaknesses
- + More than 500 contributors
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
- Service exploitation
AutoSploit
Introduction
AutoSploit attempts to automate the exploitation of remote hosts for security assessments. Targets can be collected automatically or manually provided. Automatic sources include Censys, Shodan, and Zoomeye.
Project details
AutoSploit is written in Python.
Strengths and weaknesses
- + More than 10 contributors
- + More than 3000 GitHub stars
- + The source code of this software is available
Typical usage
- Service exploitation
- System exploitation
BeEF
Introduction
BeEF is used by penetration testers to assess the security of a system by leveraging the web browser. This makes the tool different to many other tools, as it ignores the security on network or system level. It uses command modules from within the web browser to perform requested attacks against the system.
Project details
Infection Monkey
Introduction
This tool is useful for security assessments to test for weaknesses within the network. By automating the exploitation phase as much as possible, it will help finding any weak targets within the boundaries of the data center.
Project details
Infection Monkey is written in Python.
Strengths and weaknesses
- + More than 25 contributors
- + More than 5000 GitHub stars
- + The source code of this software is available
Typical usage
- Password discovery
- Service exploitation
- System exploitation
Metasploit Framework
Introduction
Metasploit is a framework that consists of tools to perform security assignments. It focuses on the offensive side of security and leverages exploit modules.Project details
Metasploit Framework is written in Ruby.
Strengths and weaknesses
- + More than 400 contributors
- + More than 9000 stars
- + Many maintainers
- + The source code of this software is available
- + Supported by a large company
- + Well-known tool
Typical usage
- Penetration testing
- Security assessment
- Vulnerability scanning
Pupy
Introduction
Pupy is an open source remote administration and post-exploitation tool. It is mainly written in Python and works Androi, Linux, macOS, and Windows.Project details
Pupy is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
RouterSploit
Introduction
RouterSploit is a framework to exploit embedded devices such as cameras and routers. It can be used during penetration testing to test the security of a wide variety of devices. RouterSploit comes with several modules to scan and exploit the devices. The tool helps in all steps, like from credential testing to deploying a payload to perform an exploitation attempt.
Project details
RouterSploit is written in Python.
Strengths and weaknesses
- + More than 50 contributors
- + More than 6000 GitHub stars
- + The source code of this software is available
Typical usage
- Penetration testing
- Self-assessment
- Software testing
- Vulnerability scanning
Ruler
Introduction
The main aim for this tool is abusing the client-side Outlook features and gain a shell remotely.
Project details
Ruler is written in Golang.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
arpag
Introduction
Tools like arpag can help with automating penetration tests and security assessments. By testing automatically for a set of exploits, the remaining time can be spend in other areas.
Project details
arpag is written in Python.
Strengths and weaknesses
- + Very low number of dependencies
- + The source code of this software is available
- - No releases on GitHub available
Typical usage
- Penetration testing
- Security awareness
- Service exploitation
0d1n
Introduction
0d1n is useful to perform brute-force login attempts for authentication forms. It can discover useful directory names by using a predefined list of paths. With options to use a random proxy per request and load CSRF tokens, it is a tool that can be used in different type of assignments.
Project details
0d1n is written in C.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Information gathering
- Penetration testing
- Security assessment
- Vulnerability scanning
DBShield
Introduction
This tool is typically used by developers and system administrators to protect their database against common database attacks. One of them is the SQL injection attack, that tries to bypass checks, resulting in data leakage. By using this tool, another level of security defense is implemented.
Project details
DBShield is written in Golang.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Database security
Damn Small SQLi Scanner (DSSS)
Introduction
NoneProject details
Damn Small SQLi Scanner is written in Python.
Strengths and weaknesses
- + The source code of this software is available
Typical usage
- Penetration testing
- Security assessment
Some relevant tool missing as an alternative to sqlmap? Please contact us with your suggestion.