EC EHE - SQL Tools

 

sqlmap

Source: http://sqlmap.org

Being an open-source penetration testing tool, sqlmap automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a powerful detection engine, many niche features for advanced penetration testers, and a wide range of switches for database fingerprinting, data fetching from the database, accessing the underlying file system, and executing commands on the OS via out-of-band connections.

Attackers can use sqlmap to perform SQL injection on a target website through various techniques such as Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band injection.

Some features of sqlmap are as follows:

Full support for six SQL injection techniques: Boolean-based blind, time-based blind, error-based, UNION query-based, stacked queries, and out-of-band injection
Support to directly connect to the database without passing via an SQL injection, by providing DBMS credentials, IP address, and port and database name
Support to enumerate users, password hashes, privileges, roles, databases, tables, and columns
Automatic recognition of password hash formats and support for cracking them using a dictionary-based attack
Support to dump database tables entirely; a range of entries or specific columns as per user’s choice
Support to search for specific database names, specific tables across all databases, or specific columns across all databases’ tables
Support to establish an out-of-band stateful TCP connection between the attacker machine and the database server underlying the operating system

 

Figure 7.42: Screenshot of sqlmap

Some additional SQL injection tools are listed below:

Mole (https://sourceforge.net)
Blisqy (https://github.com)
blind-sql-bitshifting (https://github.com)
NoSQLMap (https://github.com)
SQL Power Injector (http://www.sqlpowerinjector.com)
 

SQL injection detection tools help in the detection of SQL injection attacks by monitoring HTTP traffic and SQL injection attack vectors, and they determine if the web application or database code suffers from SQL injection vulnerabilities.

Damn Small SQLi Scanner (DSSS)

Source: https://github.com

Damn Small SQLi Scanner (DSSS) is a fully functional SQL injection vulnerability scanner (supporting GET and POST parameters). It scans the web application for various SQL injection vulnerabilities.

Security professionals can use this tool to detect SQL injection vulnerabilities in web applications.

Figure 7.43: Screenshot of Damn Small SQLi Scanner (DSSS)

Some additional SQL injection detection tools are as follows:

OWASP ZAP (https://www.owasp.org)
Snort (https://www.snort.org)
Burp Suite (https://portswigger.net)
HCL AppScan (https://www.hcltech.com)
w3af (https://w3af.org)