Skip to content

15 herramientas gratuítas de inyección SQL

Publicado por Sergio Hernando el 15 julio 2008


Os dejo un copypaste de un artículo publicado en Security Hacks. Son 15 herramientas orientadas al estudio de vulnerabilidades que permitan la inyección de código SQL.

SQLIer - SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all. Get SQLIer.

SQLbftools - SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack. Get SQLbftools.

SQL Injection Brute-forcer - SQLibf is a tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application. Get SQLLibf.

SQLBrute - SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries. Get SQLBrute.

BobCat - BobCat is a tool to aid an auditor in taking full advantage of SQL injection vulnerabilities. It is based on AppSecInc research. It can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to. Get BobCat.

SQLMap - SQLMap is an automatic blind SQL injection tool, developed in python, capable to perform an active database management system fingerprint, enumerate entire remote databases and much more. The aim of SQLMap is to implement a fully functional database management system tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities. Get SQLMap.

Absinthe - Absinthe is a GUI-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection. Get Absinthe.

SQL Injection Pen-testing Tool - The SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in web-applications. Get SQL Injection Pen-testing tool.

SQID - SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities. Get SQID.

Blind SQL Injection Perl Tool - bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection. Get Blind SQL Injection Perl Tool.

SQL Power Injection Injector - SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads. Get SQL Power Injection.

FJ-Injector Framwork - FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation. Get FJ-Injector Framework.

SQLNinja - SQLNinja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end database. Get SQLNinja.

Automagic SQL Injector - The Automagic SQL Injector is an automated SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned. Get Automagic SQL Injector.

NGSS SQL Injector - NGSS SQL Injector exploit vulnerabilities in SQL injection on disparate database servers to gain access to stored data. It currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.

Espero os sean de utilidad :)

Un saludo,

Be Sociable, Share!

Categoría/s → Seguridad

6 comentarios
  1. 15 julio 2008
    Mini permalink

    Sergio, un poco viejillo el enlace…
    Últimamente cuidas menos los contenidos ¿mucho curro o estás de vacatas?
    Un saludo

  2. 15 julio 2008

    Hombre, qué tal mini :D

    Yo la verdad que no conocía el enlace, y como lo vi interesante, pues no me lo pensé dos veces.

    Por desgracia, no estoy de vacas. Ando desplazado por Latinoamérica currando (vengo de Venezuela y estoy en Colombia). Lamento que no te agraden los contenidos últimamente, debe ser que efectivamente, me da bastante menos tiempo a cuidar los textos y a vigilar su estado de actualización :)

    Un saludo,

  3. 19 julio 2016

    It’s a relief to find sonoeme who can explain things so well

  4. 9 agosto 2016

    Can I just say what a comfort to uncover an individual who actually knows what they are discussing on the web. You definitely understand how to bring a problem to light and make it important. A lot more people have to check this out and understand this side of your story. It’s surprising you’re not more popular since you surely have the gift.

  5. 9 agosto 2016

    There were two computer admins. and neither of us can access the control panel. We both get the contact admin msg. I’ve tried things i found on the net but they dont work. The run command is also missing. All our computer admin privileges are gone.

  6. 7 octubre 2016

    Third Flower…My wife and i are now delighted that Albert could carry out his scientific tests on account of the concepts he had via your website. It is actually once in a while perplexing to just usually be making a gift of methods which many people could have been…

Escribir un comentario

Note: XHTML permitido. Tu email nunca será publicado.

Suscribirse a los comentarios via RSS