SQLi SQL Injection

• sqlmap - Automatic SQL injection and database takeover tool

• NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

• SQLiScanner - Automatic SQL injection with Charles and sqlmap api

• SleuthQL - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

• mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

• sqli-hunter - SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

• waybackSqliScanner - Gather urls from wayback machine then test each GET parameter for sql injection.

• ESC - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.

• mssqli-duet - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

• burp-to-sqlmap - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap

• BurpSQLTruncSanner - Messy BurpSuite plugin for SQL Truncation vulnerabilities.

• andor - Blind SQL Injection Tool with Golang

• Blinder - A python library to automate time-based blind SQL injection

• sqliv - massive SQL injection vulnerability scanner

• nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB