SQL Injection Tools

Here is a small list of great SQL Injection tools

1) 1. Bobcat

Bobcat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It was originally created to build and extend upon the capabilities of a tool named “Data Thief”.
Bobcat has numerous features that will aid in the compromise of a vulnerable application and help exploit the RDBMS, such as listing linked severs and database schema, dumping data, brute forcing of accounts, elevation of privileges, execution of operating system commands, etc.

2) 2. ExploitMyUnion

ExploitMyUnion is a tool intended to exploit easily SQL injection flaws.

3) 3. Laudanum

Laudanum is a collection of injectable files, designed to be used in a pentest when SQL injection flaws are found and are in multiple languages for different environments.They provide functionality such as shell, DNS query, LDAP retrieval and others.

4) 4. SQLNinja

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.
Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.


Out of these three, if you are a Windows user, Bobcat will be the easiest, then ExploitMyUnion and then the Laudanum. Of course, it will be the other way if you are a *Nix user.

Be the first to comment

Leave a Reply

Your email address will not be published.