[ ] Blind MySQL injection and database stressing http://www.reversing.org/node/view/13 [ ] Using SQLBrute to brute force data from a blind SQL injection point http://www.justinclarke.com/archives/2006/03/sqlbrute.html [ ] Advanced SQL Injection In SQL Server Applications - Chris Anley <chris@ngssoftware.com> [2002] http://www.nextgenss.com/papers/advanced_sql_injection.pdf [ ] (more) Advanced SQL Injection - Chris Anley <chris@ngssoftware.com> [2002-06-18] http://www.nextgenss.com/papers/more_advanced_sql_injection.pdf [ ] SQL Injection, Are Your Web Applications Vulnerable? - SPI Dynamics [2004-10-29] http://www.securitydocs.com/library/2656 http://www.securitydocs.com/link.php?action=detail&id=2656&headerfooter=no http://www.securitydocs.com/pdf/2656.PDF [ ] Manipulating Microsoft SQL Server Using SQL Injection - Cesar Cerrudo <sqlsec@yahoo.com> http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf [ ] Top 15 free SQL Injection Scanners http://www.security-hacks.com/2007/05/18/top-15-free-sql-injection-scanners SQLIer http://bcable.net/project.php?sqlier Sqlbftools http://www.reversing.org/node/view/11 SQLibf http://www.open-labs.org/ (这里有一些HTTP相关的工具) SQL Brute http://www.gdssecurity.com/l/t.php BobCat http://www.northern-monkee.co.uk/index.html http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html sqlmap http://sqlmap.sourceforge.net/ Absinthe http://www.0x90.org/releases/absinthe/ http://www.0x90.org/releases/absinthe/download.php SQL Injection Pentesting TooL http://sqltool.itdefence.ru/indexeng.html http://sqltool.itdefence.ru/setup.rar SQID http://sqid.rubyforge.org/ http://rubyforge.org/frs/?group_id=2617 SQL Power Injector http://sourceforge.net/projects/spinj/ http://www.sqlpowerinjector.com/ FG-Injector Framework http://sourceforge.net/projects/injection-fwk/ sqlninja http://sqlninja.sourceforge.net/ Automagical SQL injector http://www.indianz.ch/tools/attack/automagic.zip NGSS SQL Injector http://www.indianz.ch/tools/attack/sqlinjector.zip ISR-sqlget http://www.infobyte.com.ar/ http://www.infobyte.com.ar/down/ISR-sqlget-1.0.0.tar.gz http://www.infobyte.com.ar/down/ISR-sqlget-Readme.txt http://www.infobyte.com.ar/demo/ISR_sqlget_ISS_proventia_bypass.html ISR-Form http://www.infobyte.com.ar/down/ISR-form-v1.0.tar.gz BlindMap http://www.c0debreak.net/cb/main.html http://codebreak.uni.cc/cb/papers/blind.html http://codebreak.uni.cc/downloads/sql.zip http://external.c0debreak.net/files/sql.zip http://w4ck1ng.com/tools/sql/sql.zip BaKo's SQL Injection Scanner v2.2 - BaKo [2007-11-29] http://files.h4ck-y0u.org/3745771 [ ] Web application vulnerability scanner / security auditor http://wapiti.sourceforge.net/ [ ] w3af - Web Application Attack and Audit Framework http://w3af.sourceforge.net/ [ ] advanced web server fingerprinting http://www.computec.ch/projekte/httprecon/ (有windows版) [ ] http://chorizo-scanner.com/ [ ] OWASP SQLiX Project http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
转载于:https://www.cnblogs.com/HappyQQ/archive/2008/07/31/1257689.html
相关资源:数据结构—成绩单生成器