Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
des_ressources_et_outils_pour_les_injections_sql [2019/10/23 13:45] M0N5T3R |
des_ressources_et_outils_pour_les_injections_sql [2020/05/29 16:45] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | FIXME **Le PAD pour proposer une amélioration à cette page :** https://pad.zenk-security.com/p/merci | ||
+ | |||
+ | ====== Une liste d'outils pour exploiter les Injections SQL : ====== | ||
+ | |||
+ | **SQLi scanner en ligne avec version gratuite** | ||
+ | |||
+ | |||
+ | 🛠 https://pentest-tools.com/website-vulnerability-scanning/sql-injection-scanner-online# | ||
+ | |||
+ | ** Les outils ** | ||
+ | 🛠 An automatic SQL Injection tool which takes advantage of ~DorkNet~ Googler, Ddgr, WhatWaf and sqlmap. https://github.com/sheldoncoupeheure/AutoSQLi | ||
+ | |||
+ | |||
+ | 🛠 Have fun injecting SQL into a Ruby on Rails application! https://github.com/presidentbeef/inject-some-sql | ||
+ | |||
+ | 🛠 0xbug/SQLiScanner Automatic SQL injection with Charles and sqlmap api https://github.com/0xbug/SQLiScanner | ||
+ | |||
+ | |||
+ | 🛠 massive SQL injection vulnerability scanner https://github.com/the-robot/sqliv | ||
+ | |||
+ | |||
+ | 🛠 SQLMap — Automatic SQL Injection And Database Takeover Tool https://github.com/sqlmapproject/sqlmap | ||
+ | free sqlmap online : https://pentest-tools.com/exploit-helpers/sqli-exploit-tool-sqlmap-online# | ||
+ | |||
+ | 🛠 SQLSus is another open source SQL injection tool and is basically a MySQL injection and takeover tool http://sqlsus.sourceforge.net/ | ||
+ | |||
+ | sqli-mass-scanner massive SQL injection vulnerability scanner https://github.com/forxml/sqli-mass-scanner | ||
+ | |||
+ | 🛠 Safe3 SQL injector is another powerful but easy to use SQL injection tool. http://sourceforge.net/projects/safe3si/ | ||
+ | |||
+ | 🛠 SQLninja is a SQL injection tool that exploits web applications that use a SQL server as a database server. http://sqlninja.sourceforge.net/ | ||
+ | |||
+ | 🛠 BSQL hacker is a nice SQL injection tool that helps you perform a SQL injection attack against web applications. https://resources.infosecinstitute.com/best-free-and-open-source-sql-injection-tools/#download | ||
+ | |||
+ | 🛠 PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server https://github.com/NetSPI/PowerUpSQL | ||
+ | |||
+ | 🛠 jSQL Injection — Java Tool For Automatic SQL Database Injection https://github.com/ron190/jsql-injection | ||
+ | |||
+ | 🛠 BBQSQL — A Blind SQL-Injection Exploitation Tool https://github.com/Neohapsis/bbqsql | ||
+ | |||
+ | 🛠 NoSQLMap — Automated NoSQL Database Pwnage https://github.com/codingo/NoSQLMap | ||
+ | |||
+ | 🛠 Whitewidow — SQL Vulnerability Scanner https://www.kitploit.com/2017/05/whitewidow-sql-vulnerability-scanner.html | ||
+ | |||
+ | 🛠 DSSS — Damn Small SQLi Scanner https://github.com/stamparm/DSSS | ||
+ | |||
+ | 🛠 explo — Human And Machine Readable Web Vulnerability Testing Format https://github.com/dtag-dev-sec/explo | ||
+ | |||
+ | 🛠 Blind-Sql-Bitshifting — Blind SQL-Injection via Bitshifting https://github.com/awnumar/blind-sql-bitshifting | ||
+ | |||
+ | 🛠 Leviathan — Wide Range Mass Audit Toolkit https://github.com/leviathan-framework/leviathan | ||
+ | |||
+ | 🛠 Blisqy — Exploit Time-based blind-SQL-injection in HTTP-Headers (MySQL/MariaDB) https://github.com/JohnTroony/Blisqy | ||
+ | |||
+ | |||
+ | ====== Des ressources et outils pour les injections SQL ====== | ||
+ | |||
**SQLi General Resources** | **SQLi General Resources** | ||
- | SQLMap l'outil le plus connu d'automatisation de détection et d'exploitation d'injection SQL. https://github.com/sqlmapproject/sqlmap | ||
http://www.w3schools.com/sql/sql_injection.asp | http://www.w3schools.com/sql/sql_injection.asp | ||
Ligne 32: | Ligne 87: | ||
http://resources.infosecinstitute.com/backdoor-sql-injection/ | http://resources.infosecinstitute.com/backdoor-sql-injection/ | ||
- | |||
- | **MSSQLi Resources** | ||
http://evilsql.com/main/page2.php | http://evilsql.com/main/page2.php | ||
Ligne 46: | Ligne 99: | ||
http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet | http://pentestmonkey.net/cheat-sheet/sql-injection/postgres-sql-injection-cheat-sheet | ||
+ | |||
+ | **Blind SQL Injection** | ||
+ | |||
+ | https://www.owasp.org/index.php/Blind_SQL_Injection | ||
+ | |||
+ | **Testing for SQL Injection (OTG-INPVAL-005)** | ||
+ | |||
+ | https://www.owasp.org/index.php/Testing_for_SQL_Injection_(OTG-INPVAL-005) | ||
+ | |||
+ | **SQL Injection Bypassing WAF** | ||
+ | |||
+ | https://www.owasp.org/index.php/SQL_Injection_Bypassing_WAF | ||
**SQLite Resources** | **SQLite Resources** | ||
https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet | https://sites.google.com/site/0x7674/home/sqlite3injectioncheatsheet | ||
+ | |||
+ | **Reviewing Code for SQL Injection** | ||
+ | |||
+ | https://www.owasp.org/index.php/Reviewing_Code_for_SQL_Injection | ||
+ | |||
+ | **NoSQL injection Resources** | ||
+ | |||
+ | https://www.owasp.org/index.php/Testing_for_NoSQL_injection | ||
+ | |||
+ | **PL/SQL:SQL Injection Resources** | ||
+ | |||
+ | https://www.owasp.org/index.php/PL/SQL:SQL_Injection |