SQL injection is one of the most common attacks against web applications. A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.
This is a list of the best and most popular SQL injection tools:
- SQLMap – Automatic SQL Injection And Database Takeover Tool
- jSQL Injection – Java Tool For Automatic SQL Database Injection
- BBQSQL – A Blind SQL Injection Exploitation Tool
- NoSQLMap – Automated NoSQL Database Pwnage
- Whitewidow – SQL Vulnerability Scanner
- DSSS – Damn Small SQLi Scanner
- Blisqy – Exploit Time-based blind-SQL injection in HTTP-Headers (MySQL/MariaDB)
- explo – Human And Machine Readable Web Vulnerability Testing Format
- Leviathan – Wide Range Mass Audit Toolkit
- Blind-Sql-Bitshifting – Blind SQL Injection via Bitshifting