SQLi SQL Injection

  • sqlmap - Automatic SQL injection and database takeover tool

  • NoSQLMap - Automated NoSQL database enumeration and web application exploitation tool.

  • SQLiScanner - Automatic SQL injection with Charles and sqlmap api

  • SleuthQL - Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.

  • mssqlproxy - mssqlproxy is a toolkit aimed to perform lateral movement in restricted environments through a compromised Microsoft SQL Server via socket reuse

  • sqli-hunter - SQLi-Hunter is a simple HTTP / HTTPS proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

  • waybackSqliScanner - Gather urls from wayback machine then test each GET parameter for sql injection.

  • ESC - Evil SQL Client (ESC) is an interactive .NET SQL console client with enhanced SQL Server discovery, access, and data exfiltration features.

  • mssqli-duet - SQL injection script for MSSQL that extracts domain users from an Active Directory environment based on RID bruteforcing

  • burp-to-sqlmap - Performing SQLInjection test on Burp Suite Bulk Requests using SQLMap

  • BurpSQLTruncSanner - Messy BurpSuite plugin for SQL Truncation vulnerabilities.

  • andor - Blind SQL Injection Tool with Golang

  • Blinder - A python library to automate time-based blind SQL injection

  • sqliv - massive SQL injection vulnerability scanner

  • nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB

Last updated