FIXME **Le PAD pour proposer une amΓ©lioration Γ  cette page :** https://pad.zenk-security.com/p/merci ====== Une liste d'outils pour exploiter les Injections SQL : ====== **SQLi scanner en ligne avec version gratuite** πŸ›  https://pentest-tools.com/website-vulnerability-scanning/sql-injection-scanner-online# ** Les outils ** πŸ›  An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap. https://github.com/sheldoncoupeheure/AutoSQLi πŸ›  Have fun injecting SQL into a Ruby on Rails application! https://github.com/presidentbeef/inject-some-sql πŸ›  0xbug/SQLiScanner Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner πŸ›  massive SQL injection vulnerability scanner https://github.com/the-robot/sqliv πŸ›  SQLMap β€” Automatic SQL Injection And Database Takeover Tool https://github.com/sqlmapproject/sqlmap free sqlmap online : https://pentest-tools.com/exploit-helpers/sqli-exploit-tool-sqlmap-online# πŸ›  SQLSus is another open source SQL injection tool and is basically a MySQL injection and takeover tool http://sqlsus.sourceforge.net/ sqli-mass-scanner massive SQL injection vulnerability scanner https://github.com/forxml/sqli-mass-scanner πŸ›  Safe3 SQL injector is another powerful but easy to use SQL injection tool. http://sourceforge.net/projects/safe3si/ πŸ›  SQLninja is a SQL injection tool that exploits web applications that use a SQL server as a database server. http://sqlninja.sourceforge.net/ πŸ›  BSQL hacker is a nice SQL injection tool that helps you perform a SQL injection attack against web applications. https://resources.infosecinstitute.com/best-free-and-open-source-sql-injection-tools/#download πŸ›  PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server https://github.com/NetSPI/PowerUpSQL πŸ›  jSQL Injection β€” Java Tool For Automatic SQL Database Injection https://github.com/ron190/jsql-injection πŸ›  BBQSQL β€” A Blind SQL-Injection Exploitation Tool https://github.com/Neohapsis/bbqsql πŸ›  NoSQLMap β€” Automated NoSQL Database Pwnage https://github.com/codingo/NoSQLMap πŸ›  Whitewidow β€” SQL Vulnerability Scanner https://www.kitploit.com/2017/05/whitewidow-sql-vulnerability-scanner.html πŸ›  DSSS β€” Damn Small SQLi Scanner https://github.com/stamparm/DSSS πŸ›  explo β€” Human And Machine Readable Web Vulnerability Testing Format https://github.com/dtag-dev-sec/explo πŸ›  Blind-Sql-Bitshifting β€” Blind SQL-Injection via Bitshifting https://github.com/awnumar/blind-sql-bitshifting πŸ›  Leviathan β€” Wide Range Mass Audit Toolkit https://github.com/leviathan-framework/leviathan πŸ›  Blisqy β€” Exploit Time-based blind-SQL-injection in HTTP-Headers (MySQL/MariaDB) https://github.com/JohnTroony/Blisqy ====== Des ressources et outils pour les injections SQL ====== **SQLi General Resources** http://www.w3schools.com/sql/sql_injection.asp http://sqlzoo.net/hack/ https://information.rapid7.com/rs/rapid7/images/R7%20SQL_Injection_Cheat_Sheet.v1.pdf http://websec.ca/kb/sql_injection http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/ http://www.unixwiz.net/techtips/sql-injection.html http://www.sqlinjectionwiki.com/ https://packetstorm.sigterm.no/papers/cheatsheets/sqlmap-cheatsheet-1.0-SDB.pdf https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet http://bobby-tables.com/ **MySQLi Resources** http://pentestmonkey.net/cheat-sheet/sql-injection/mysql-sql-injection-cheat-sheet https://websec.wordpress.com/2010/12/04/sqli-filter-evasion-cheat-sheet-mysql/ http://resources.infosecinstitute.com/backdoor-sql-injection/ http://evilsql.com/main/page2.php http://pentestmonkey.net/cheat-sheet/sql-injection/mssql-sql-injection-cheat-sheet **Oracle SQLi Resources** http://pentestmonkey.net/cheat-sheet/sql-injection/oracle-sql-injection-cheat-sheet **Postgres SQLi Resources** http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet **Blind SQL Injection** https://www.owasp.org/index.php/Blind_SQL_Injection **Testing for SQL Injection (OTG-INPVAL-005)** https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) **SQL Injection Bypassing WAF** https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF **SQLite Resources** https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet **Reviewing Code for SQL Injection** https://www.owasp.org/index.php/Reviewing_Code_for_SQL_Injection **NoSQL injection Resources** https://www.owasp.org/index.php/Testing_for_NoSQL_injection **PL/SQL:SQL Injection Resources** https://www.owasp.org/index.php/PL/SQL:SQL_Injection