sqlmap
sqlmap sqlmap is the automated SQL injection tool that detects and exploits flaws in URLs, POST data, or headers, dumping databases or escalating to OS commands with tamper scripts for evasion. Run its Python CLI on params with --dbs for enum, customizing techniques like blind or time-based for resilient tests. Open-source powerhouse from sqlmapproject, it's the injection instigator for pentesters templating DB takeovers.
Explore →JSQL Injection
JSQL Injection JSQL Injection is the GUI-driven SQLi analyzer that automates payload crafting and response parsing for union, blind, or error-based attacks across databases. Launch its Java app, input URLs, and step through exploits with visual timelines for confirmation. Open-source from backslash, it's the guided gunner for analysts learning SQLi mechanics hands-on.
Explore →NoSQLMap
NoSQLMap NoSQLMap extends SQLi testing to MongoDB and CouchDB, fuzzing params for injection flaws with automated payload generation for NoSQL-specific exploits. Run its Python script on endpoints with --dbs for collection enum, chaining to shell access. Open-source from codingo, it's the schema shredder for pentesters targeting document DB vulns.
Explore →sqlmap-tamper-scripts
sqlmap Tamper Scripts sqlmap-tamper-scripts is the evasion library with 100+ plugins for obfuscating payloads, bypassing WAFs with char encoding or case variations in SQLi tests. Customize via --tamper flags in sqlmap runs, scripting combos for resilient attacks. Open-source extensions from community, it's the tamper tailor for pentesters dodging detection in noisy envs.
Explore →nuclei-sqli-templates
Nuclei SQLi Templates nuclei-sqli-templates uses YAML rules to probe for SQLi sinks in params and headers, matching error patterns or time delays for passive/active detection in bulk scans. Clone the pack, run via Nuclei CLI on scopes for severity-tagged hits with payloads. Open-source from projectdiscovery, it's the template tracer for scalable SQLi hunts across web apps.
Explore →sqlfuzzer
SQL Fuzzer sqlfuzzer is the mutation-based fuzzer for SQL payloads, generating variants with operators and functions to test parser robustness or injection points in DB wrappers. Configure corpora via Python, run on inputs for crash repros or leaks. Open-source from community, it's the query quaker for researchers stressing SQL engines.
Explore →w3af
w3af w3af's audit plugins fuzz params for SQLi with knowledge base correlations, chaining discoveries like union selects to full DB dumps in phased attacks. Launch its Python console, load sql_injection plugin, and target sites for traffic logs. Open-source from andresriancho, it's the phased phisher for web pentesters templating SQLi escalations.
Explore →arachni-rpc
Arachni RPC Arachni's SQLi checks use signature-based fuzzing on forms and URLs, validating with error extraction for confirmed vulns in modular scans. Configure via JSON RPC, running checks with custom payloads for DB-specific tests. Open-source from Zaptech, it's the RPC requester for distributed pentesters templating SQLi in remote sessions.
Explore →skipfish
Skipfish Skipfish's injection module wordlists SQL payloads into params, detecting errors or delays for blind SQLi with low false positives in high-speed crawls. Compile from C, launch with --sqli for focused modes, exporting sitemap for exploits. Open-source from Google, it's the speedy skipper for pentesters racing through SQLi probes.
Explore →sqlninja