/jsql-injection

jSQL Injection is a Java application for automatic SQL database injection.

Primary LanguageJavaGNU General Public License v2.0GPL-2.0

Description

jSQL Injection is a lightweight application used to find database information from a distant server.

It is free, open source and cross-platform (Windows, Linux, Mac OS X).

Kali Linux logo jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.

Java 8 License GPLv2 JUnit 4.11 Maven 3.2 SonarQube 6.3
Twitter Follow

Features

  • Automatic injection of 18 kinds of databases: Access, CUBRID, DB2, Derby, Firebird, H2, HSQLDB, Informix, Ingres, MariaDB, MaxDB, MySQL, Oracle, PostgreSQL, SQLite, SQL Server, Sybase and Teradata
  • Multiple injection strategies: Normal, Error, Blind and Time
  • SQL Engine to study and optimize SQL expressions
  • Creation and vizualisation of Web shell and SQL shell
  • Search for administration pages
  • Read files from the host
  • Bruteforce hash of password
  • Code and decode a string
  • Community translation system: ar, cs, de, es, fr, in_ID, it, nl, pt, ru, tr, zh

Installation

Install Java 8, then download the latest release of jSQL and double-click on the .jar to launch the software.
You can also type java -jar jsql-injection-v0.79.jar in your terminal to start the program.

v0.79 [download here]

Default Database SQL Engine Batch scan Web shell SQL shell Panels Admin page File Upload Bruteforce Coder

Roadmap

Database flavor: Hana and Vertica, Injection strategies: DIOS / Routed query / Out of band / Update Insert Delete, WAF detection, Bruteforce of HTTP Auth using NTLM, Arabic translation, Command line interface.

Change log

v0.79 Wider range of Character Insertion including multibyte %bf, New Error Strategies for MySQL and PostgreSQL, Various optimization and bug fixes

v0.78 SQL Engine, MySQL Error strategy: DOUBLE, Translations: es pt de it nl id, GUI improvements, Database flavor: Access

v0.76 Czech translation, 17 Database flavors including SQLite

v0.75 URI injection point, Mavenify, Upgrade to Java 7, Optimized UI

v0.73 Authentication: Basic Digest Negotiate NTLM and Kerberos, Database flavor selection

v0.7 Scan multiple URLs, Github Issue reporter, 16 Database flavors including Cubrid Derby H2 HSQLDB MariaDB and Teradata, Optimized UI

alpha-v0.6 Speed x2: No hex encoding, 10 Database flavors including MySQL Oracle SQLServer PostgreSQL DB2 Firebird Informix Ingres MaxDb and Sybase, JUnit tests, Log4j, Translation

0.5 SQL Shell, Uploader

0.4 Admin page, Hash bruteforce like MD5 and MySQL, Text encoder/decoder like Base64, Hex and MD5

0.3 File injection, Web Shell, Integrated terminal, Configuration backup, Update checker

0.2 Algorithm Time, Multi-thread control: Start Pause Resume and Stop, Log URL calls

0.0-0.1 Method GET POST Header and Cookie, Algorithm Normal Error and Blind, Best algorithm selection, Progression bars, Simple evasion, Proxy settings, MySQL only

Disclaimer

Attacking web-server is illegal without prior mutual consent. The end user is responsible and obeys all applicable laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.