Slide Show: 10 SQL Injection Tools For Database PwnageBlack hat hackers and pen testers alike use these tools to dump data, perform privilege escalations, and effectively take over sensitive databases
Developed by Portcullis Labs, BSQL Hacker is an automated SQL injection framework that facilitates blind SQL injection, time-based blind SQL injection, deep blind SQL injection and error based SQL injection attacks. Attacks can be automated against Oracle and MySQL databases, with power to automatically extract all database data and schemas.
An open source tool, The Mole can bypass some IPS/IDS systems using generic filters. It is able to detect and exploit injections using only a vulnerable URL and a valid string on the site using union or Boolean query techniques. The command line tool offers support for attacks against MySQL, SQL Server, Postgres and Oracle databases.
Produced by the same firm that wrote the JSky tool, NOSEC, Pangolin is a thorough SQL injection testing tool with a user-friendly GUI and a wide base of support for just about every database on the market. Primarily used by the white hat community as a comprehensive pen test tool, Pangolin offers its users the capability to create a comprehensive database management system fingerprint, to enumerate users, dump table and column information and run the users' own SQL statements.
A self-proclaimed automatic SQL injection and database takeover tool, the open source sqlmap tool sports the ability to attack via five different SQL injection techniques or directly if the user has DBMS credentials, IP address, port and database name. It can enumerate users and password hashes, with inline support to crack them with a dictionary-based attack and supports privilege escalation through Metasploit's getsystem command. It offers the ability to dump database tables and for MySQL, PostgreSQL or SQL server to download and upload any file and execute arbitrary code.
A popular tool used by black hats worldwide, Havij was developed by Iranian coders who named it for the Farsi word for carrort, a moniker that doubles as slang for the male appendage. With a simple GUI, Havij brags about a success rate of 95 percent at injecting vulnerable targets on MySQL, Oracle, PostgreSQL, MS Access and Sybase databases. In addition to being able perform a back-end fingerprint, retrieve usernames and password hashes, dump tables and columns, fetch data and run SQL statements on vulnerable systems, it can also access the underlying file system and execute commands on the operating system.
Unlike many automated tools designed for users with less than abundant technical knowledge, Enema isn't autohacking software, according to its developer, "mastermind." As mastermind says, "This is dynamic tool for people, who knows what to do." Grammatical issues notwithstanding, the tool gives users the ability to customize queries and use plugins to automate attacks against SQL Server and MySQL databases, using error-based, Union-based and blind time-based injection attacks.
Sqlninja's developer, icesurfer, puts it best explaining his creation, "Take a few new SQL Injection tricks, add a couple of remote shots in the registry to disable Data Execution Prevention, mix with a little Perl that automatically generates a debug script, put all this in a shaker with a Metasploit wrapper, shake well and you have just one of the attack modules of sqlninja!" Targeted against SQL Server environments, the tool offers database fingerprint, privilege escalation, and all the tools necessary to gain remote access of a database vulnerable to injection attacks.
An open source MySQL injection and takeover tool, sqlsus runs with a command line interface and lets users inject their own SQL queries, download files from the attached Web server, crawl the website for writable directories, clone databases and upload and control backdoors.
Widely known as one of the easiest to use SQL injection automation tools circulating the Internet, Safe3 SI offers a set of features that enable automatic detection and exploitation of SQL injection flaws and eventual database server takeover. The tool recognizes the database type and finds the best method of SQL injection, with support for blind, error-based UNION query and force guess injection techniques. It supports MySQL, Oracle, PostgreSQL, SQL Server, Access, SQLite, Firebird, Sybase and SAP MaxDB, with ability to read, list and write any file when the DBMS is MySQL or SQL Server and support for arbitrary command execution for SQL Server and Oracle DBMS.
A SQL injection scanner/hunter tool, SQL Poizon takes advantage of search engine "dorks" to trawl the Internet for sites with SQL injection vulnerabilities. The tool has a built-in browser and injection builder to carry out and check the impact of an injection. It's simple GUI provides an easy interface to carry out an attack without a deep technical knowledge base.