Search...

jSQL Injection v0.77 - Java application for automatic SQL database injection

2016-11-14T23:45:17

ID KITPLOIT:3588091359812874039
Type kitploit
Reporter KitPloit
Modified 2016-11-14T23:45:17

Description

jSQL Injection is a lightweight application used to find database information from a distant server.

It's is free , open source and cross-platform (Windows, Linux, Mac OS X).

jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in distributions like Pentest Box , Parrot Security OS , ArchStrike and BlackArch Linux .

Installation
Install Java , then download the latest release of jSQL and double-click on the .jar to launch the software.
You can also type `java -jar jsql-injection-v0.77.jar` in your terminal to start the program.

Screenshots

Roadmap
`WAF tamper, HTTP Auth Bruteforce, Translation, SOAP injection, Command line interface, Databases: Access Cassandra MongoDb and Neo4j`

Change log
v0.76 `Czech translation, 17 Database flavors: SQLite`
v0.75 `URI injection point, Mavenify, Upgrade to Java 7, Optimized UI`
v0.73 `Authentication: Basic Digest Negotiate NTLM and Kerberos, Database flavor selection`
v0.7 `Scan multiple URLs, Github Issue reporter, 16 Database flavors: Cubrid Derby H2 HSQLDB MariaDB and Teradata, Optimized UI`
alpha-v0.6 `Speed x2: No hex encoding, 10 Database flavors: MySQL Oracle SQLServer PostgreSQL DB2 Firebird Informix Ingres MaxDb and Sybase, JUnit tests, Log4j, Translation`
0.5 `SQL Shell, Uploader`
0.4 `Admin page, Hash bruteforce like MD5 and MySQL, Text encoder/decoder like Base64, Hex and MD5`
0.3 `File injection, Web Shell, Integrated terminal, Configuration backup, Update checker`
0.2 `Algorithm Time, Multi-thread control: Start Pause Resume and Stop, Log URL calls`
0.0-0.1 `Method GET POST Header and Cookie, Algorithm Normal Error and Blind, Best algorithm selection, Progression bars, Simple evasion, Proxy settings, MySQL only`

jSQL Injection

JSON Vulners Source

Initial Source

{"id": "KITPLOIT:3588091359812874039", "bulletinFamily": "tools", "title": "jSQL Injection v0.77 - Java application for automatic SQL database injection", "description": "[ ![](https://3.bp.blogspot.com/-wshBtLF4j8Q/WCkQR7LVWvI/AAAAAAAAGfA/kOKSCdw0FhwSZqw3R1uaUv851RsGdNYewCLcB/s640/jsql-injection.png) ](<https://3.bp.blogspot.com/-wshBtLF4j8Q/WCkQR7LVWvI/AAAAAAAAGfA/kOKSCdw0FhwSZqw3R1uaUv851RsGdNYewCLcB/s1600/jsql-injection.png>)\n\n \n\n\n** jSQL Injection ** is a lightweight application used to find database information from a distant server. \n\nIt's is ** free ** , ** open source ** and ** cross-platform ** (Windows, Linux, Mac OS X). \n\njSQL Injection is also part of the official penetration testing distribution [ Kali Linux ](<https://www.kali.org/>) and is included in distributions like [ Pentest Box ](<https://pentestbox.com/>) , [ Parrot Security OS ](<https://www.parrotsec.org/>) , [ ArchStrike ](<https://archstrike.org/>) and [ BlackArch Linux ](<https://www.blackarch.org/>) . \n\n \n** Installation ** \nInstall [ Java ](<https://java.com/>) , then download the latest [ release ](<https://github.com/ron190/jsql-injection/releases/>) of jSQL and double-click on the .jar to launch the software. \nYou can also type ` java -jar jsql-injection-v0.77.jar ` in your terminal to start the program. \n \n** Screenshots ** \n \n\n\n[ ![](https://1.bp.blogspot.com/-StaFwgPFAIQ/WCkQ-JA3TmI/AAAAAAAAGfM/YkkvygrB-0MgCe6yfXVkgeYAWLuA5I4OACLcB/s640/admin.png) ](<https://1.bp.blogspot.com/-StaFwgPFAIQ/WCkQ-JA3TmI/AAAAAAAAGfM/YkkvygrB-0MgCe6yfXVkgeYAWLuA5I4OACLcB/s1600/admin.png>)\n\n[ ![](https://3.bp.blogspot.com/-vKxk52BsYO0/WCkQ-Msyl-I/AAAAAAAAGfI/d1wd9WTt0bglwwj-YdW_MTJpaaV1V_2GACLcB/s640/bruter.png) ](<https://3.bp.blogspot.com/-vKxk52BsYO0/WCkQ-Msyl-I/AAAAAAAAGfI/d1wd9WTt0bglwwj-YdW_MTJpaaV1V_2GACLcB/s1600/bruter.png>)\n\n[ ![](https://2.bp.blogspot.com/-sU7iM0v9nkY/WCkQ-Lj8DJI/AAAAAAAAGfQ/73rRSDoPJYYesDp46idXydAusZp6UbkjQCLcB/s640/coder.png) ](<https://2.bp.blogspot.com/-sU7iM0v9nkY/WCkQ-Lj8DJI/AAAAAAAAGfQ/73rRSDoPJYYesDp46idXydAusZp6UbkjQCLcB/s1600/coder.png>)\n\n[ ![](https://4.bp.blogspot.com/-PoJOgkgGJAs/WCkQ-RgAZuI/AAAAAAAAGfU/zLTjq5lhZ6gZ97tJPWAUvNK44aYa9n29wCLcB/s640/default.png) ](<https://4.bp.blogspot.com/-PoJOgkgGJAs/WCkQ-RgAZuI/AAAAAAAAGfU/zLTjq5lhZ6gZ97tJPWAUvNK44aYa9n29wCLcB/s1600/default.png>)\n\n[ ![](https://4.bp.blogspot.com/-_q52nUOCl8M/WCkQ-lHzITI/AAAAAAAAGfY/WuP2n63_ew4C1prW0gIL4-bKXZ9Vx-w6gCLcB/s640/file.png) ](<https://4.bp.blogspot.com/-_q52nUOCl8M/WCkQ-lHzITI/AAAAAAAAGfY/WuP2n63_ew4C1prW0gIL4-bKXZ9Vx-w6gCLcB/s1600/file.png>)\n\n[ ![](https://2.bp.blogspot.com/-w2Mav-lSSNU/WCkQ-ui1iMI/AAAAAAAAGfc/4CqXqiFH-kgPR7T0S3pqG-AR44mfCEVNwCLcB/s640/panels.png) ](<https://2.bp.blogspot.com/-w2Mav-lSSNU/WCkQ-ui1iMI/AAAAAAAAGfc/4CqXqiFH-kgPR7T0S3pqG-AR44mfCEVNwCLcB/s1600/panels.png>)\n\n[ ![](https://4.bp.blogspot.com/-n7AMxa6gHRM/WCkQ-hiGIxI/AAAAAAAAGfg/vEXuDMp5gG0GmF28XrERxodqMJPuf7bXACLcB/s640/scan.png) ](<https://4.bp.blogspot.com/-n7AMxa6gHRM/WCkQ-hiGIxI/AAAAAAAAGfg/vEXuDMp5gG0GmF28XrERxodqMJPuf7bXACLcB/s1600/scan.png>)\n\n[ ![](https://2.bp.blogspot.com/-v4yHOE7ZOrY/WCkQ-wR1F9I/AAAAAAAAGfk/Zz4oC7Xt_vQLfxlULoBar8j0fOy3QhOlACLcB/s640/sqlshell.png) ](<https://2.bp.blogspot.com/-v4yHOE7ZOrY/WCkQ-wR1F9I/AAAAAAAAGfk/Zz4oC7Xt_vQLfxlULoBar8j0fOy3QhOlACLcB/s1600/sqlshell.png>)\n\n[ ![](https://4.bp.blogspot.com/-gD_3l6b2USI/WCkQ-_oYnBI/AAAAAAAAGfo/TshzP4bBnkkiAFLSKVfuPOAcxBvSdnZ8wCLcB/s640/upload.png) ](<https://4.bp.blogspot.com/-gD_3l6b2USI/WCkQ-_oYnBI/AAAAAAAAGfo/TshzP4bBnkkiAFLSKVfuPOAcxBvSdnZ8wCLcB/s1600/upload.png>)\n\n[ ![](https://3.bp.blogspot.com/-530lREdndLQ/WCkQ-2wVTPI/AAAAAAAAGfs/43htDtzkFjkj7AwfgJ8bqW0GtvGdAmgtACLcB/s640/webshell.png) ](<https://3.bp.blogspot.com/-530lREdndLQ/WCkQ-2wVTPI/AAAAAAAAGfs/43htDtzkFjkj7AwfgJ8bqW0GtvGdAmgtACLcB/s1600/webshell.png>)\n\n \n** Roadmap ** \n` WAF tamper, HTTP Auth Bruteforce, Translation, SOAP injection, Command line interface, Databases: Access Cassandra MongoDb and Neo4j ` \n \n** Change log ** \n** v0.76 ** ` Czech translation, 17 Database flavors: SQLite ` \n** v0.75 ** ` URI injection point, Mavenify, Upgrade to Java 7, Optimized UI ` \n** v0.73 ** ` Authentication: Basic Digest Negotiate NTLM and Kerberos, Database flavor selection ` \n** v0.7 ** ` Scan multiple URLs, Github Issue reporter, 16 Database flavors: Cubrid Derby H2 HSQLDB MariaDB and Teradata, Optimized UI ` \n** alpha-v0.6 ** ` Speed x2: No hex encoding, 10 Database flavors: MySQL Oracle SQLServer PostgreSQL DB2 Firebird Informix Ingres MaxDb and Sybase, JUnit tests, Log4j, Translation ` \n** 0.5 ** ` SQL Shell, Uploader ` \n** 0.4 ** ` Admin page, Hash bruteforce like MD5 and MySQL, Text encoder/decoder like Base64, Hex and MD5 ` \n** 0.3 ** ` File injection, Web Shell, Integrated terminal, Configuration backup, Update checker ` \n** 0.2 ** ` Algorithm Time, Multi-thread control: Start Pause Resume and Stop, Log URL calls ` \n** 0.0-0.1 ** ` Method GET POST Header and Cookie, Algorithm Normal Error and Blind, Best algorithm selection, Progression bars, Simple evasion, Proxy settings, MySQL only ` \n \n \n\n\n** [ jSQL Injection ](<https://github.com/ron190/jsql-injection>) **\n", "published": "2016-11-14T23:45:17", "modified": "2016-11-14T23:45:17", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "http://www.kitploit.com/2016/11/jsql-injection-v077-java-application.html", "reporter": "KitPloit", "references": ["https://github.com/ron190/jsql-injection", "https://github.com/ron190/jsql-injection/releases/"], "cvelist": [], "type": "kitploit", "lastseen": "2020-12-08T15:23:56", "edition": 31, "viewCount": 664, "enchantments": {"dependencies": {"references": [], "modified": "2020-12-08T15:23:56", "rev": 2}, "score": {"value": 0.2, "vector": "NONE", "modified": "2020-12-08T15:23:56", "rev": 2}, "vulnersScore": 0.2}, "toolHref": "http://www.kitploit.com/2016/11/jsql-injection-v077-java-application.html", "scheme": null}