Showing posts with label open-source. Show all posts
Showing posts with label open-source. Show all posts

Wednesday, July 24, 2019

Free / Open-Source tools for Kubernetes Security Audit

kube-hunter:

                   is an open-source tool that hunts for security issues in your Kubernetes clusters. It’s designed to increase awareness and visibility of the security controls in Kubernetes environments.



kube-hunter is available as a container (aquasec/kube-hunter), and we also offer a web site at kube-hunter.aquasec.com where you can register online to receive a token allowing you see and share the results online. You can also run the Python code yourself as described below.

Contribute: We welcome contributions, especially new hunter modules that perform additional tests. If you would like to develop your own modules please read Guidelines For Developing Your First kube-hunter Module.





Ref link : https://kube-hunter.aquasec.com/

kube-bench:

                  is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the CIS Kubernetes Benchmark.

"An objective, consensus-driven security guideline for the Kubernetes Server Software."


Note that it is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS and AKS, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.


Sample Output:
 





CIS Kubernetes Benchmark support

kube-bench supports the tests for Kubernetes as defined in the CIS Benchmarks 1.0.0 to 1.4.0 respectively.

CIS Kubernetes Benchmark kube-bench config Kubernetes versions
1.0.0 1.6 1.6
1.1.0 1.7 1.7
1.2.0 1.8 1.8-1.10
1.3.0 1.11 1.11-1.12
1.4.0 1.13 1.13-

By default kube-bench will determine the test set to run based on the Kubernetes version running on the machine.

 Ref Link :

https://github.com/aquasecurity/kube-bench
https://www.cisecurity.org/benchmark/kubernetes/




Wednesday, August 28, 2013

Nginx Anti Xss & Sql Injection : NAXSI ( Open-Source WAF )


NAXSI ( Nginx Anti Xss & Sql Injection ) :
                                                             is an open source WAF ( Web Application Firewall ) , high performance, low rules maintenance, Web Application Firewall module for Nginx. 



  _   _                _ 
 | \ | | __ ___  _____(_)
 |  \| |/ _` \ \/ / __| |
 | |\  | (_| |>  <\__ \ |
 |_| \_|\__,_/_/\_\___/_|
 
                          goal is to help people to secure their web application against attacks 
such as SQL Injection, Cross Site Scripting, Cross Site Request Forgery, 
Local & Remote file inclusions and such. 
The difference with most WAF (Web Applicative Firewalls) out there is that 
it does not rely on signatures to detect attacks. It is using a simpler model, 
where instead of trying to detect "known" attacks, it will detect unexpected 
characters in the HTTP request/arguments. Each kind of unusual character will 
increase the score of the request. If the request reaches a score that's 
considered "too high", the request will be denied, and the user will be 
redirected to a "forbidden" page. Yes, it works a bit like a spam system. 



NAXSI Project:
                        The NAXSI Project is not so known like the ModSecurity open source project, but has a very interesting approach and features.
NAXSI uses the small and performant reverse proxy engine of Nginx web server instead of the full blown Apache engine used by ModSecurity (and from a security point of view: the lesser code).
Following are the major feature of NAXSI:
  • Protects from XSS, SQL injections, CSRF, file inclusion
  • Fast engine
  • Relative simple configuration
  • Check GET/POST requests
  • Check HTTP headers and cookies
  • Forbid dangerous symbols and SQL keywords
  • Allows whitelist approach configuration creating a web application baseline
  • Able to run in learn or production mode
  • Uses no signature of known attack

Installation

Let’s do a quick installation with ubuntu sever 12.04 LTS. You may also install it from the sources following the Nginx prerequisites for reference. After you’ve installed the basic server with openssh, install NAXSI with:
 sudo apt-get install nginx-naxsi

Initial configuration

In the nginx configuration file (/etc/nginx/nginx.conf) uncomment this line to activate the basic rulesets:
##
# nginx-naxsi config
##
# Uncomment it if you installed nginx-naxsi
##
include /etc/nginx/naxsi_core.rules;
Note that this file is not an attack signature repository but rather a “score rules” set. Let’s configure NAXSI for our website www.scip.ch. To do so edit the Nginx configuration file in /etc/nginx/sites-enabled/default and add following entries in the server context:

server {
        proxy_set_header Proxy-Connection “”;    
        listen   80;

        location / {
                # put your website IP here
                proxy_pass http://80.74.141.2/;

                # put your website FQDN here
                proxy_set_header Host www.scip.ch;

                # Uncomment to enable naxsi on this location
                include /etc/nginx/naxsi.rules;
                }

        # Only for nginx-naxsi : process denied requests
        location /RequestDenied {
                # For example, return an HTTP error code
                return 418;
                }
        }
 
Now you should be able to start the nginx service that will bring up the NASXI with following command:

sudo service nginx start
 
Be sure to check for error messages on the console or in the error log found in /var/log/nginx/error.log and verify with sudo netstat -antup that nginx daemon is opening the configured port (tcp/80 in our case). The output should look like this:

Active Internet connections (servers and established)
 
Proto Recv-Q Send-Q Local Address    Foreign Address   State       PID/Program name
tcp        0      0 0.0.0.0:80       0.0.0.0:*         LISTEN      9865/nginx
tcp        0      0 0.0.0.0:22       0.0.0.0:*         LISTEN      8484/sshd
tcp        0      0 127.0.0.1:6010   0.0.0.0:*         LISTEN      9627/0
tcp        0      0 127.0.0.1:6011   0.0.0.0:*         LISTEN      9062/1
tcp        0     32 x.y.z.52:22      x.y.z.36:49749    ESTABLISHED 9046/sshd: anco
udp        0      0 0.0.0.0:68       0.0.0.0:*                     649/dhclient3

To test if it works, start a browser session and point it to the ip address of your test server (x.y.z.52:80) and you should see the website you configured (www.scip.ch) in the config file above. To continue further testing make sure you will proxying all web request to the nginx-NAXSI WAF. To accomplish this you can ether use the web-proxy configuration setting in the browser or fake the testing website ip address in your system hostfile. I prefer to put the ip address in my hostfile:

x.y.z.52     www.scip.ch
 
Here are the location of the target hosts file (you need admin right to save changes):

OS Host Configuration File
Windows %SYSTEMROOT%\system32\drivers\etc\hosts
Linux /etc/hosts
 
Now we can browse to www.scip.ch and be sure that our test NAXSI WAF will inspect the content and remember that by now the configuration is in learning mode; it will only report errors in the nginx error logs (/var/log/nginx/error.log) and not block any bad scored request.

How It Works

The naxsi_core.rules are responsible for scoring the HTTP input and looks like this (excerpt):
MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4" id:1008;
#
MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie"
"s:$XSS:8" id:1302;
#
MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie"
"s:$EVADE:4" id:1400;
#
MainRule "rx:.ph*|.asp*" "msg:asp/php file upload!" "mz:FILE_EXT"
"s:$UPLOAD:8" id:1500;
Insight this file is the logic configuration used to score the input; the result will be used in /etc/nginx/naxsi.rules to decide if such input may be allowed or not. The format is quite simple:
  1. Define what to look for: string (str:) or regular expression (rx:)
  2. Define message to report into logfiles (msg:)
  3. Put the rule a category (s:)
  4. Assign rule identifier (id:)
  5. Define where to look for (mz:) and short description below
mz entry Look in
URL URL path
ARGS HTTP argument
BODY HTML body entry
$HEADERS_VAR: HTTP header variable
Now let’s take a look on the second NAXSI config file /etc/nginx/naxsi.rules where the main NAXSI behavior is defined; this is how it looks like:

# config mode section
LearningMode;
SecRulesEnabled;
#SecRulesDisabled;
DeniedUrl "/RequestDenied";
#
# check rules section
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
 
Here is an explanation of the contents:
  1. LearningMode – activates learning mode; in this mode requests aren’t blocked and white lists may be created.
  2. SecRulesEnabled or SecRulesDisabled – to activate or disable NAXSI for this location/section.
  3. DeniedURL – redirect URL for blocked requests; can be an HTTP error code (like 4xx or 5xx) or forward to an HTML site with code to help track false-positives.
  4. CheckRule – per-category check scores; the score we saw above will be evaluated here. If a request hits a score in the naxsi.core.rules, this score will be recorded and added to each category (SQL, XSS, EVADE, ...) if the overall score for any of the categories is reached (8 in SQL per default) the input is treated as bad.
When you use the whitelist (positive secure model) approach you’ll find also the white-list entries (BasicRule statement) in this config file:
# Whitelist '|', as it's used on the /report/ page, in argument 'd'
BasicRule wl:1005 "mz:$URL:/report/|$ARGS_VAR:d";
# Whitelist ',' on URL zone as it's massively used for URL rewritting !
BasicRule wl:1008 "mz:URL";
The entry above will result in disabling some part of the check rule in naxsi_core.rules allowing a specific behavior and eliminate false-positives. BasicRule could be more or less specific at your pace (and security needs).

Information Gathering

At this stage we have our test installation inspecting the HTTP flow and reporting bad things in the /var/log/nginx/error.log file, let’s take a look on how NAXSI error entry looks like:

> error.log <
2012/11/30 04:57:55 [error] 9866#0: *47 NAXSI_FMT: ip=x.y.z.36&
server=x.y.z.52&uri=/testmiztot&total_processed=8589934625&
total_blocked=679029381853280060&zone0=URL&id0=1999&
var_name0=, client:x.y.z.36, server: localhost, 
request: "GET /testmiztot HTTP/1.1", host: "x.y.z.52"

As you can see it’s a special error message: it was generated on a “special” HTTP URL GET request and is not a really bad request. To test the functionality on the WAF I’ve created this test-rule in the  

/etc/nginx/naxsi_core.rules:
MainRule "str:testmiztot" "msg:foobar test pattern" "mz:URL" "s:$SQL:42" id:1999;

This rule will trigger whenever the testmiztot string is detected in the address part (mz:URL) of the HTTP GET request and score as 42 (s:$SQL:42) in the SQL category. This will be evaluated as bad because the SQL category limit is 8. The msg: text will be shown in the learning mode log used to generate the white-list baseline.

 Analyze in detail the meaning of these commands:
  • LearningMode - Training Mode is enabled. Requests are not blocked, White-shaped leaf.
  • SecRulesEnabled - NAXSI enabled for this location. If you want to switch off for another location (for example, a protected inner zone), then do it SecRulesDisabled.
  • DeniedURL - URL redirect for the denied requests.
  • CheckRule - checking the "penalty points" query by category.
  • / Etc / nginx / mynaxsi.rules - generated rules (not yet gener - commented out).

Official Change Log For Naxsi 0.41:-
Feature: added support for FILE_EXT. We can now control file uploads names/extensions as well.
Added a rule for FILE_EXT into naxsi_core.rules
Added unit testing for FILE_EXT feature
Fixed erroneous log messages
Fixed an error on whitelist of types $URL:xxx|URL

To Know More : https://code.google.com/p/naxsi/

To Download : https://code.google.com/p/naxsi/downloads/list

OWASP Naxsi Project : https://www.owasp.org/index.php/OWASP_NAXSI_Project

NAXSI Matrix : https://docs.google.com/spreadsheet/ccc?key=0AjuNPnOoex7SdG5fUkhfc3BCSjJQbVVrQTg4UGU2YVE#gid=0

 NAXSI Presentation : http://www.slideshare.net/phdays/naxsi-an-open-source-waf-for-nginx









Monday, September 5, 2011

Best Open Source Information Security Tools

Open Source Security Assessment Tools


Best - Open Source Security Assessment , Vulnerability Auditing, & Penetration Testing Tools:

1
Stockade Virtual Appliance with Snort, BASE, Inprotect, CACTI, NTOP & Others
2

Nessus

Open source vulnerability assessment tool
3
Snort Intrusion Detection (IDS) tool
4
Wireshark TCP/IP Sniffer- AKA Ethereal
5

WebScarab

Analyze applications that communicate using the HTTP and HTTPS protocols
6
Wikto Web server assessment tool
7
BackTrack Penetration Testing live Linux distribution
8
Netcat The network Swiss army knife
9
Metasploit Framework Comprehensive hacking framework
10
Sysinternals Collection of windows utilities
11
Paros proxy Web application proxy
12
Enum Enumerate Windows information
13
P0F v2 Passive OS identification tool
14
IPPersonality Masquerade IP Stack
15
SLAN Freeware VPN utility
16
IKE Crack IKE/IPSEC cracking utility
17
ASLEAP LEAP cracking tool
18
Karma Wireless client assessment tool- dangerous
19
WEPCrack WEP cracking tool
20
Wellenreiter Wireless scanning application
21

SiteDigger

Great Google hacking tool
22
Several DDOS Tools Distributed Denial of Service(DDOS) tools
23
Achilles Web Proxy Tool
24
Firefox Web Developer Tool Manual web assessment
25
Scoopy Virtual Machine Identification tool
26
WebGoat Learning tool for web application pentests
27
FlawFinder Source code security analyzer
28
ITS4 Source code security analyzer
29
Slint

Source code security analyzer

30
PwDump3 Dumps Windows 2000 & NT passwords
31
Loki ICMP covert channel tool
32
Zodiac DNS testing tool
33
Hunt TCP hijacking tool
34
SniffIT Curses-Based sniffing tool
35
CactiEZ Network traffic analysis ISO
36
Inprotect Web-based Nessus administration tool
37
OSSIM Security Information Management (SIM)
38
Nemesis Command-Line network packet manipulation tool
39
NetDude TCPDump manipulation tool
40
TTY Watcher Terminal session hijacking
41
Stegdetect Detects stego-hidden data
42
Hydan Embeds data within x86 applications
43
S-Tools Embeds data within a BMP, GIF, & WAV Files
44
Nushu Passive covert channel tool
45
Ptunnel Transmit data across ICMP
46
Covert_TCP Transmit data over IP Header fields
47
THC-PBX Hacker PBX Hacking/Auditing Utility
48
THC-Scan Wardialer
49
Syslog-NG MySQL Syslog Service
50

WinZapper

Edit WinNT 4 & Win2000 log files
51
Rootkit Detective Rootkit identification tool
52
Rootkit Releaver Rootkit identification tool
53
RootKit Hunter Rootkit identification tool
54

Chkrootkit

Rootkit identification tool
55
LKM Linux Kernal Rootkit
56
TCPView Network traffic monitoring tool
57
NMAP Network mapping tool
58
Ollydbg Windows unpacker
59
UPX Windows packing application
60
Burneye Linux ELF encryption tool
61

SilkRpoe 2000

GUI-Based packer/wrapper
62
EliteWrap Backdoor wrapper tool
63
SubSeven

Remote-Control backdoor tool

64
MegaSecurity Site stores thousands of trojan horse backdoors
65
Netbus

Backdoor for Windows

66
Back Orfice 2000 Windows network administration tool
67
Tini Backdoor listener similar to Netcat
68

MBSA

Microsoft Baseline Security Analyzer
69
OpenVPN SSL VPN solution
70
Sguil An Analyst Console for network security/log Monitoring
71
Honeyd Create your own honeypot
72
Brutus Brute-force authentication cracker
73
cheops / cheops-ng Maps local or remote networks and identifies OS of machines
74
ClamAV A GPL anti-virus toolkit for UNIX
75
Fragroute/Fragrouter Intrusion detection evasion toolkit
76
Arpwatch Monitor ethernet/IP address pairings and can detect ARP Spoofing
77
Angry IP Scanner Windows port scanner
78
Firewalk Advanced traceroute
79
RainbowCrack Password Hash Cracker
80
EtherApe EtherApe is a graphical network monitor for Unix
81
WebInspect Web application scanner
82
Tripwire File integrity checker
83
Ntop Network traffic usage monitor
84
Sam Spade Windows network query tool
85
Scapy Interactive packet manipulation tool
86
Superscan A Windows-only port scanner
87
Airsnort 802.11 WEP Encryption Cracking Tool
88
Aircrack WEP/WPA cracking tool
89
NetStumbler Windows 802.11 Sniffer
90
Dsniff A suite of powerful network auditing and penetration-testing tools
91
John the Ripper Multi-platform password hash cracker
92
BASE The Basic Analysis and Security Engine- used to manage IDS data
93
Kismet Wireless sniffing tool
94

THC Hydra

Network authentication cracker
95
Nikto Web scanner
96
Tcpdump TCP/IP analysis tool
97

L0phtcrack

Windows password auditing and recovery application
98

Reverse WWW Shell

Shell access across port 80
99
THC-SecureDelete Ensure deleted files are unrecoverable
100
THC-AMAP Application mapping tool

Monday, August 29, 2011

OpenDLP - Open source Data Loss Prevention

OpenDLP:-

is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.

The speed and simplicity of OpenDLP make it a great choice for Penetration Testers. Unfortunately, it also does the same for an attacker. In one case, SecureState was able to sift through 50 machines to pull out various HIPAA and PCI data in less than an hour. This may result in non-compliance in both areas. With the weaponization of OpenDLP, an attacker no longer has to spend days searching systems or limiting themselves to only large file shares. Attackers can be in and out before they are ever detected.

Data Loss Prevention suite with centralized web frontend to manage Windows agent filesystem scanners, agentless database scanners, and agentless Windows/UNIX filesystem scanners that identify sensitive data at rest.Web Application
  • Automatically deploy and start agents over Netbios/SMB
  • When done, automatically stop, uninstall, and delete agents over Netbios/SMB
  • Pause, resume, and forcefully uninstall agents in an entire scan or on individual systems
  • Concurrently and securely receive results from hundreds or thousands of deployed agents over two-way-trusted SSL connection
  • Create Perl-compatible regular expressions (PCREs) for finding sensitive data at rest
  • Create reusable profiles for scans that include whitelisting or blacklisting directories and file extensions
  • Review findings and identify false positives
  • Export results as XML
  • Written in Perl with MySQL backend

Agent

  • Runs on Windows 2000 and later systems
  • Written in C with no .NET Framework requirements
  • Runs as a Windows Service at low priority so users do not see or feel it
  • Resumes automatically upon system reboot with no user interaction
  • Securely transmit results to web application at user-defined intervals over two-way-trusted SSL connection
  • Uses PCREs to identify sensitive data inside files
  • Performs additional checks on potential credit card numbers to reduce false positives
  • Can read inside ZIP files, including Office 2007 and OpenOffice files
  • Limits itself to a percent of physical memory so there is no thrashing when processing large files

Agentless Database Scans

In addition to performing data discovery on Windows operating systems, OpenDLP also supports performing agentless data discovery against the following databases:

  • Microsoft SQL server
  • MySQL

Agentless File System and File Share Scans

With OpenDLP 0.4, one can perform the following scans:

  • Agentless Windows file system scan (over SMB)
  • Agentless Windows share scan (over SMB)
  • Agentless UNIX file system scan (over SSH using sshfs)

Screenshots

Agent-based Windows OS scan, summary results view:

Agent-based Windows OS scan, detailed results view:

Agentless Microsoft SQL Server scan, detailed results view:


Download Link : Click Here

**********************************************************************************

Wednesday, July 27, 2011

Open Source Live-CD for Penetration testing



BackBox :
is a Linux distribution based on Ubuntu Lucid 10.04 LTS developed to perform penetration
tests and security assessments. Designed to be fast, easy to use and to provide a minimal yet complete desktop environment thanks to its own software repositories always been updated to the last stable version of the most known and used ethical hacking tools.

Hacking tools new or updated: Firefox 4, Hydra 6.2, Kismet 2011.03.2, Metasploit Framework 3.6.0, NMap 5.51, SET 1.3.5, SqlMap 0.9, sslstrip 0.8, w3af 1.0-rc5, weevely 0.3, WhatWeb 1.4.7,
Wireshark 1.4.5, Zaproxy 1.2, etc

Download Link : Click Here

**************************************************************************************************************************************

Blackbuntu :
is distribution for penetration testing which was specially designed for security training students and practitioners of information security.
Blackbuntu is Ubuntu base distro for Penetration Testing with GNOME Desktop Environment. It's currently being built using the Ubuntu 10.10.

Download Link : Click here

***********************************************************************************

Tuesday, July 26, 2011

Open Source network firewall


NetDefender :
is a Free Firewall with source code, which can be downloaded along with firewall executables. Netdefender works on windows 2000 and windows XP.

Requirements :

1. Netdefender can only run on an OS higher than windows 2000 (i.e. Win 2000, Win Xp I hope Vista would not break anything)
2. User must has admin rights (i.e. must be member of administrator group ) on the system.

Download Link : Click here

***********************************************************************************
Shorewall :
is a gateway/firewall configuration tool for GNU/Linux.



Download Link : Click here

************************************************************************************

Zorp
is a new generation proxy firewall suite and as such its core architecture is built around today's security demands: it uses application level proxies, it is modular and component based, it uses a script language to describe policy decisions, it makes it possible to monitor encrypted traffic, it let's you override client actions, it let's you protect your servers with its built in IDS capabilities... The list is endless. It gives you all the power you need to implement your local security policy.


Download Link : Click here

***********************************************************************************
Ufw :

stands for Uncomplicated Firewall, and is program for managing a netfilter firewall. It provides a command line interface and aims to be uncomplicated and easy to use.

Download Link : Click here

Thanks

chandru


Monday, July 25, 2011

Best SQL Injection Security Scanners




SQLIer

– SQLIer takes a vulnerable URL and attempts to determine all the necessary information to exploit the SQL Injection vulnerability by itself, requiring no user interaction at all.

Get SQLIer : Click Here


SQLbftools

SQLbftools is a collection of tools to retrieve MySQL information available using a blind SQL Injection attack.



Get SQLbftools : Click here

SQL Injection Brute-forcer –
SQLibf is a tool for automatizing the work of detecting and exploiting SQL Injection vulnerabilities. SQLibf can work in Visible and Blind SQL Injection. It works by doing simple logic SQL operations to determine the exposure level of the vulnerable application.

Get SQLLibf : Click Here

SQLBrute –
SQLBrute is a tool for brute forcing data out of databases using blind SQL injection vulnerabilities. It supports time based and error based exploit types on Microsoft SQL Server, and error based exploit on Oracle. It is written in Python, uses multi-threading, and doesn’t require non-standard libraries.

Get SQLBrute.

BobCat – BobCat is a tool to aid an auditor in taking full advantage of SQL injection vulnerabilities. It is based on AppSecInc research. It can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to. Get BobCat.

SQLMap –
SQLMap is an automatic blind SQL injection tool, developed in python, capable to perform an active database management system fingerprint, enumerate entire remote databases and much more. The aim of SQLMap is to implement a fully functional database management system tool which takes advantages of web application programming security flaws which lead to SQL injection vulnerabilities.


Get SQLMap : Click Here

Absinthe –
Absinthe is a GUI-based tool that automates the process of downloading the schema and contents of a database that is vulnerable to Blind SQL Injection.

Get Absinthe: Click here

SQL Injection Pen-testing Tool – The SQL Injection Tool is a GUI-based utility designed to examine database through vulnerabilities in web-applications. Get SQL Injection Pen-testing tool.


SQID –

SQL Injection digger (SQLID) is a command line program that looks for SQL injections and common errors in websites. It can perform the follwing operations: look for SQL injection in a web pages and test submit forms for possible SQL injection vulnerabilities.

Get SQID : Click here

Blind SQL Injection Perl Tool
bsqlbf is a Perl script that lets auditors retrieve information from web sites that are vulnerable to SQL Injection.

Get Blind SQL Injection Perl Tool : Click here

SQL Power Injection Injector
SQL Power Injection helps the penetration tester to inject SQL commands on a web page. It’s main strength is its capacity to automate tedious blind SQL injection with several threads.

Get SQL Power Injection : Click here

FJ-Injector Framework
FG-Injector is a free open source framework designed to help find SQL injection vulnerabilities in web applications. It includes a proxy feature for intercepting and modifying HTTP requests, and an interface for automating SQL injection exploitation.

Get FJ-Injector Framework: Click here

SQLNinja
SQLNinja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end database.

Get SQLNinja: Click here

Automagic SQL Injector
The Automagic SQL Injector is an automated SQL injection tool designed to help save time on penetration testing. It is only designed to work with vanilla Microsoft SQL injection holes where errors are returned.

Get Automagic SQL Injector: Click here

NGSS SQL Injector –
NGSS SQL Injector exploit vulnerabilities in SQL injection on disparate database servers to gain access to stored data. It currently supports the following databases: Access, DB2, Informix, MSSQL, MySQL, Oracle, Sysbase. Get NGSS SQL Injector.