Reference: OWASP Testing for SQL Injection OWASP SQLiX Sqlninja: a SQL Server Injection & Takeover Tool – http://sqlninja.sourceforge.net Bernardo Damele A. G.: sqlmap, automatic SQL injection tool – http://sqlmap.org/ Absinthe 1.1 (formerly SQLSqueal) – http://sourceforge.net/projects/absinthe/ SQLInjector – Uses inference techniques to extract data and determine the backend database server. http://www.databasesecurity.com/sql-injector.htm Bsqlbf-v2: A perl script allows […]
Articles Tagged: sqlmap
Some ways to use free tools
use Owasp ZAP or Webscarab for their proxy functionality. use Nikto and W3AF to scan web applications. use SQLMap to exploit SQL injections vulnerabilities. use XSSer to detect and exploit XSS vulnerabilities. use Powefuzzer to fuzz parameters use online encoder/decoders use DirBuster to find hidden resources
What is sqlmap?
sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. sqlmap – automatic SQL injection tool root@kali:~# sqlmap -h Usage: python sqlmap [options] Options: -h, –help Show basic help message and exit -hh […]