5 Free and Open Source Tools to Test for SQLi Vulnerabilities
Do you develop or own web applications or websites?
You must apply security measures to protect your public-facing apps or sites against online attacks.
SQL Injection (SQLi) is a well-known vulnerability that’s listed in “OWASP Top 10”, making it one of the most crucial vulnerabilities. That’s why you must detect and fix any vulnerabilities related to SQL Injection. Fortunately, there are some free yet working solutions for testing such vulnerabilities — as given below.
But, you may ask: why to use an open-source tool? There are various reasons to try out an open-source solution. First of all, it’s freely available. Second, you can check and verify its source code to confirm its neutrality. Third and last, you can further build upon it, i.e., extend it to add custom tests per requirements.
5 Best Free and Open Source Tools
sqlmap
sqlmap is one of the most popular penetration testing tools for detecting SQLi bugs and flaws in your website. It’s an open source solution for automating the process of finding and exploiting vulnerabilities related to SQL Injection.
Apart from testing for SQLi flaws, sqlmap can also connect to a database using your user credentials, allowing you to read the database like any database tool. So, you may not require another tool — it becomes enough for testing bugs.
Let’s check out its salient features that prove its wide popularity:
- Supports a long list of databases – sqlmap works with MySQL, SQLite Oracle, Microsoft SQL Server, PostgreSQL, IBM DB2, and others.
- Features many SQLi techniques – sqlmap duly supports six types of SQL Injection, i.e., Classic SQLi (error-based and UNION-based), Blind SQLi (boolean-based and time-based), Out-of-band SQLi, and Stacked Queries.
- Features auto-password-cracking – It can auto-recognize hash formats of user passwords and crack them through a dictionary-based attack.
- Supports executing commands – It can execute random commands on the database server’s operating system and retrieve their outputs if the database is among MySQL, Microsoft SQL Server, and PostgreSQL.
- Supports searching the database – sqlmap can search the whole database including database names, tables, or their columns to find relevant data. For example, you can search for columns having user credentials.
w3af
w3af — short for Web Application Attack and Audit Framework — is another one of the popular open-source solutions for finding and exploiting vulnerabilities in web apps or websites. However, w3af is not limited to finding SQLi bugs, unlike sqlmap; but, it finds many more like weak passwords, unhandled errors, etc.
What is its most useful feature? w3af is built as an extendable tool with the support for plugins, allowing you to activate only the necessary plugins per your requirements. Also, it is written in Python, so you can easily extend it further to scan for the latest vulnerabilities that are not supported natively by the tool.
Moreover, w3af offers numerous core features as listed below:
- Features dual interface – w3af has both interfaces — graphical as well as console-based, so you can work with any of them per your preference.
- Checks for 200+ flaws – It can identify numerous types of vulnerabilities including Cross-Site Scripting (XSS), SQL Injection (SQLi), unhandled application errors, and development or production misconfigurations.
- Supports brute-force attacks – w3af can find brute-force vulnerabilities in your web app or website to ensure its login is safeguarded properly.
- Implements fuzzing engine – It packs in a configurable fuzzing engine that lets you inject payloads into any part of a request per your needs.
However, w3af doesn’t support querying the database or executing commands on its server, unlike sqlmap. But then, it checks for more bugs than the other.
NoSQLMap
NoSQLMap is the next tool in the list with some unique features. It helps you automate and check for injection attacks and other exploitable configuration flaws in web applications or websites leveraging NoSQL-based databases.
It’s inspired from sqlmap, but it’s targeted to NoSQL unlike the former that’s
targeted to SQL-based databases. That said, let’s check its various features:
- Supports popular databases – NoSQLMap works with the two popular NoSQL databases — MongoDB and CouchDB. Also, its page mentions that the support for Cassandra and Redis are planned for further versions.
- Offers many types of attacks – It packs in attacks to test various kinds of vulnerabilities such as database access attacks, web app attacks, etc.
However, it has some downsides as well. It doesn’t allow connecting to and browsing a database. Then, it only offers a console interface, unlike w3af.
V3n0M
V3n0M is another free pen-testing scanner that lets one find and test various types of vulnerabilities. It’s a console-only tool like sqlmap, but it doesn’t support connecting to and browsing a database, unfortunately, unlike sqlmap.
That said, let’s check out the list of its numerous capabilities:
- Supports multiple attacks – V3n0M can attack using and check for multiple vulnerabilities including Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote Code Execution (RCI), SQL Injection (SQLi), etc.
- Integrates third-party tools – It packs in various third-party pen-testing tools as well, making it an umbrella tool for finding and executing many vulnerabilities such as Cloudbuster (a resolver for Cloudflare).
jSQL Injection
jSQL Injection is a lightweight, graphical-interface-based tool that supports injecting to numerous databases. It features a graphical interface like w3af but lacks a console-based interface unlike the other. But, its features are:
- Supports numerous databases – It can auto-inject to MySQL, SQLite, SQL Server, Oracle, Firebird, Informix, PostgreSQL, and many more.
- Features brute-forcing passwords – jSQL Injection, like sqlmap, can read passwords’ hashes to brute-force the database’s user passwords.
- Supports reading/writing files – It can test for reading and writing files from/to the database’s host server using SQL Injection (SQLi).
Opt for a Pro Solution for More…
Are these penetration testing tools (and their features) not enough for securing your web application or website? You must opt for a proprietary solution that features a lot more vulnerability checks than a free and open source tool. Also, a pro solution secures your public-facing app in more possible ways.
For example, Imperva’s Web Application Firewall (WAF) protects your web apps or sites against a lot of online attacks including those based on SQL Injection
Featured image by jamesmarkosborne pixabay