BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).
It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.
Key Features
Easy Mode
SQL Injection Wizard
Automated Attack Support (database dump)
ORACLE
MSSQL
MySQL (experimental)
General
Fast and Multithreaded
4 Different SQL Injection Support
Blind SQL Injection
Time Based Blind SQL Injection
Deep Blind (based on advanced time delays) SQL Injection
Error Based SQL Injection
Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
RegEx Signature support
Console and GUI Support
Load / Save Support
Token / Nonce / ViewState etc. Support
Session Sharing Support
Advanced Configuration Support
Automated Attack mode, Automatically extract all database schema and data mode
Update / Exploit Repository Features
Metasploit alike but exploit repository support
Allows to save and share SQL Injection exploits
Supports auto-update
Custom GUI support for exploits (cookie input, URL input etc.)
GUI Features
Load and Save
Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
Visually view true and false responses as well as full HTML response, including time and stats
Connection Related
Proxy Support (Authenticated Proxy Support)
NTLM, Basic Auth Support, use default credentials of current user/application
SSL (also invalid certificates) Support
Custom Header Support
Injection Points (only one of them or combination)
Query String
Post
HTTP Headers
Cookies
Other
Post Injection data can be stored in a separated file
XML Output (not stable)
CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)
No comments:
Post a Comment