It's easy to use for beginners and provide great amount of customisation and automation support for experienced users. Features a nice metasploit alike exploit repository to share and update SQL Injection exploits.

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.

BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).

Check This Videos :

Sample exploitation and Injection Wizard Demo

Error Based Injections and Attack Template Usage

New version is out, it's mostly bug fixes :Download Now(1.48 Mb)

Screenshot Of the tool:

Key Features:

  1. Easy Mode
  2. SQL Injection Wizard
  3. Automated Attack Support (database dump)
  5. MSSQL
  6. MySQL (experimental)
  7. General
  8. Fast and Multithreaded
  9. 4 Different SQL Injection Support
  10. Blind SQL Injection
  11. Time Based Blind SQL Injection
  12. Deep Blind (based on advanced time delays) SQL Injection
  13. Error Based SQL Injection
  14. Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
  15. RegEx Signature support
  16. Console and GUI Support
  17. Load / Save Support
  18. Token / Nonce / ViewState etc. Support
  19. Session Sharing Support
  20. Advanced Configuration Support
  21. Automated Attack mode, Automatically extract all database schema and data mode
  22. Update / Exploit Repository Features
  23. Metasploit alike but exploit repository support
  24. Allows to save and share SQL Injection exploits
  25. Supports auto-update
  26. Custom GUI support for exploits (cookie input, URL input etc.)
  27. GUI Features
  28. Load and Save
  29. Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
  30. Visually view true and false responses as well as full HTML response, including time and stats
  31. Connection Related
  32. Proxy Support (Authenticated Proxy Support)
  33. NTLM, Basic Auth Support, use default credentials of current user/application
  34. SSL (also invalid certificates) Support
  35. Custom Header Support
  36. Injection Points (only one of them or combination)
  37. Query String
  38. Post
  39. HTTP Headers
  40. Cookies
  41. Other
  42. Post Injection data can be stored in a separated file
  43. XML Output (not stable)
  44. CSRF protection support (one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.)

Its Just like a power bomb Small tool having lots of feature So Must Use it :)

Post a Comment

M14 Network Inc. | Hassnain Arts