jSQL Injection: Java application for automatic SQL database injection
jSQL Injection
jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X).
It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest Box, Parrot Security OS, ArchStrike, or BlackArch Linux.
This software is developed using great open-source libraries like Spring, Spock, and Hibernate, and it uses the platform Travis CI for continuous integration.
Each program update is tested with Java versions 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution to multi-threading, devops, unit and integration tests, and optimization.
Features
- Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica
- Multiple injection strategies: Normal, Error, Blind and Time
- SQL Engine to study and optimize SQL expressions
- Injection of multiple targets
- Search for administration pages
- Creation and visualization of Web shell and SQL shell
- Read and write files on the host using injection
- Bruteforce of password’s hash
- Code and decode a string
Installation
Install Java 8, then download the latest release of jSQL Injection and double-click on the file to launch the software.
You can also type java -jar jsql-injection-v0.81.jar in your terminal to start the program.
If you are using Kali Linux then get the latest release using commands apt update then apt full-upgrade
Copyright (C) 2016 ron190
Source: https://github.com/ron190/