jSQL Injection v0.95 releases: Java application for automatic SQL database injection

by do son · Published · Updated

jSQL injection

jSQL Injection

jSQL Injection is a lightweight application used to find database information from a distant server. It is free, open-source, and cross-platform (Windows, Linux, Mac OS X).

It is also part of the official penetration testing distribution Kali Linux and is included in other distributions like Pentest BoxParrot Security OSArchStrike, or BlackArch Linux.

This software is developed using great open-source libraries like SpringSpock, and Hibernate, and it uses the platform Travis CI for continuous integration.

Each program update is tested with Java version 8 through 13 in the cloud, against various MySQL, PostgreSQL, and H2 databases. Source code is open to pull requests and to any contribution on multi-threading, devops, unit and integration tests, and optimization.

Features

  • Automatic injection of 23 kinds of databases: Access, CockroachDB, CUBRID, DB2, Derby, Firebird, H2, Hana, HSQLDB, Informix, Ingres, MaxDB, Mckoi, MySQL{MariaDb}, Neo4j, NuoDB, Oracle, PostgreSQL, SQLite, SQL Server, Sybase, Teradata and Vertica
  • Multiple injection strategies: Normal, Error, Blind and Time
  • SQL Engine to study and optimize SQL expressions
  • Injection of multiple targets
  • Search for administration pages
  • Creation and visualization of Web shell and SQL shell
  • Read and write files on the host using injection
  • Bruteforce of password’s hash
  • Code and decode a string

Changelog v0.95

  • Improve prefix and query size
  • Star param * now checks for insertion char
  • Check for multiple star params *
  • Keep console tabs colored until clicked
  • Remove stacktrace from error messages
  • Add Postgres Error strategy Cast:stacked
  • Add Postgres query for reading file
  • Add Postgres system filenames to File list
  • Add SQL Server Stacked strategy
  • Improve DB2 Error strategy detection
  • Improve DB2 queries reliability

Installation

Install Java 8, then download the latest release of jSQL Injection and double-click on the file  to launch the software.
You can also type java -jar jsql-injection-v0.81.jar in your terminal to start the program.
If you are using Kali Linux then get the latest release using commands apt update then apt full-upgrade

Copyright (C) 2016  ron190

Source: https://github.com/ron190/

Tags: jSQL injectionsql injectionsqli