SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.
- Support for MySQL, PostgreSQL, Microsoft SQL Server and Oracle(BETA) sql injection techniques: union, error based and blind query(and XML Error Based for Oracle also)
- Automatic random user-agents for the spider and sql crawler connections
- Cookie module for crawling and checking sites that are login required
- HTTP Proxy Support
- Built-in crawler bot