SQL Injection is the dangerous web application vulnerability. According to the researcher, it is one of the leading security risks found in the web applications. Availability of some automatic SQL injection tool also made it easy to exploit this vulnerability. So it is important to find and patch SQL injection before hackers get it.
I have already posted about many SQL injection tools on hackingtricks which helps hackers to exploit it easily.
In this post i am going to discuss about a nice SQL Injection tool which is mostly used as penetration testingtool. This tool is SQLSentinel. I had already written a simple post on it.
About the tool:
SQLSentinel is a Java based open source SQL injection tool. This tool comes with an inbuilt spider which crawls website and finds SQL errors. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you.
Download this tool from This link and extract it on your system. You will see an executable jar file. Now run this file and you will see a metallic Java GUI tool.
Put the URL in the URL box and click on start. It will automatically crawl the website and list all vulnerable URls on working logs. After the completion, it will show an alert box.
After that, you can also save the result as PDF file.
No comments:
Post a Comment