Security of database is very important because it contain the sensitive information about your web server and about your users, the most common and dangerous vulnerability that can cause a database to be exploit is SQL-Injection. In the process of penetration testing you must consider SQL-Injection is a extreme dangerous, there are different tools available to exploit SQL-injection vulnerability.
As previously discussed about the exploiting a SQL-Injection vulnerability by using different tools for both windows and Linux platform, beside other tools there is Safe3si.
Safe3SI is one of the most powerful and easy usage penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
- It can scan secure channel website like http and https both are supported.
- It can use for both Get and Post method.
- It support for various database like MYSQL, Postgresql and others
- Support to ip domain query,web path guess,md5 crack etc.
- It can support simple injection, blind injection, error based injection and more.
- It can enumerate database, table, column, rows etc.
- Easy to use, power full and user friendly tool.