I was wondering if anyone has any recommendations for a good database pentesting tool?
I did some research and found http://sqlmap.org/ and http://sqlninja.sourceforge.net/
Has anyone used these tools^?
The big catchalls are:
Backtrack: Open Source Linux Pentesting Distro - backtrack-linux.org
Metasploit: metasploit.com
2 Likes
Backtrack is no more. Kali Linux is the maintained version (https://www.kali.org/). Here you got a great list of a lot of pentesting tools https://github.com/enaqx/awesome-pentest. SQLmap is great but should be used with caution, and you really need to understand what you’re doing. I suggest reading up on sql injection. Use a intermediate proxy like burp suite (https://portswigger.net/burp/communitydownload) or zap (https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project) to see what’s happening when making different requests.
1 Like