SQLSENTINEL - SQL INJECTION VULNERABILITY SCANNER

SQLSENTINEL - SQL INJECTION VULNERABILITY SCANNER

SQL injection is the most dangerous and common web application attack, there are so many tools are available to exploit the SQL-injection vulnerability like Havij and SQLmap but to find a vulnerability is an important step to exploit the web application. So in this article we will discuss about a wonderful tool that can find the SQL-injection vulnerability on a web application.

SQLSentinel is an opensource tool that automates the process of finding the sql injection on a website. SQLSentinel includes a spider web and sql errors finder. You give in input a site and SQLSentinel crawls and try to exploit parameters validation error for you. When job is finished, it can generate a pdf report which contains the url vuln found and the url crawled.

Please remember that SQLSentinel is not an exploiting tool. It can only finds url Vulnerabilities.

Find the SQL-injection vulnerability and then exploit the vulnerability by using the famous SQL-injection tool, SQLSentinel is a very easy tool to use.

SQLSentinel Tutorial

• Go and download the tool here.
• Extract it on your directory.
• In my case I am on backtrack 5 based on Ubuntu.
• Simply open the terminal and then locate the directory where you have extracted the tool before.
• It is a Java dependent so use the command as:

root@bt:~/Desktop# java -jar sqlsentinel.jar

Do not forget to share this wonderful tool around your circle.