jSQL Injection Lightweight Application Used to find Database Information from a Distant Server.
jSQL Injection is a lightweight application used to find database information from a distant server.
It’s free, open source and cross-platform for Windows, Linux and Mac OS X with Java from version 8 to 15.
jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux.
Features
- Automatic injection of 34 kinds of databases: Access, Altibase, C-treeACE, CockroachDB, CUBRID, DB2, Derby, Exasol, Firebird, FrontBase, H2, Hana, HSQLDB, Informix, Ingres, InterSystems-IRIS, MaxDB, Mckoi, MemSQL, MimerSQL, MonetDB, MySQL, Neo4j, Netezza, NuoDB, Oracle, PostgreSQL, Presto, SQLite, SQL Server, Sybase, Teradata and Vertica
- Multiple injection strategies: Normal, Error, Stacked, Blind and Time
- Various injection processes: Default, Zip, Dios
- Sandbox for SQL and tampering scripting
- List to inject multiple targets
- Read and write file using injection
- Create and display Web shell and SQL shell
- Bruteforce password hash
- Search for admin pages
- Hash, encode and decode text
- Authenticate using Basic, Digest, NTLM and Kerberos
- Proxy connection on HTTP, SOCKS4 and SOCKS5
Installation [jsql-injection-v0.82.jar]
Install Java 8 or up to 15, then download the latest release and double-click on the file jsql-injection-v0.82.jar to launch the software.
You can also type java -jar jsql-injection-v0.82.jar in your terminal to start the program.
If you are using Kali Linux then get the latest release using command sudo apt-get -f install jsql, or make a system full upgrade with apt update then apt full-upgrade.
Continuous integration
This software is developed using open source libraries like Spring, Spock and Hibernate and is tested using continuous integration platform like Travis CI and Github Actions.
Non regression tests run against dockerized and in memory databases and GUI is tested on VNC screen in the cloud on CI platforms.
Then quality checks are stored on code quality platforms.Test-bed scripts for PHP
[Test-bed scripts for PHP]
Use the sample scripts to test injection on your local environment. First install a development environment like EasyPHP, then download the test-bed PHP scripts and place them into www/.
<?php
# http://127.0.0.1/mysql/strategy/get-normal.php?id=0
$link = mysqli_connect('localhost', 'root', '', 'my_database');
$result = $link->query("SELECT col1, col2 FROM my_table where id=$_GET[id]");
while ($row = $result->fetch_array($result, MYSQLI_NUM))
echo join(',', $row);
Subscribe To
Posts
Comments
0 Comments:
Post a Comment