Web Application

SQLMap

Automated SQL injection and database takeover.

websqli

sqlmap — terminal

$ sqlmap -u 'https://site/item?id=1' --batch --dbs

What it does

SQLMap detects and exploits SQL injection flaws, automating data extraction, file access, and even OS command execution where the database allows it. It's the standard tool for SQLi testing.

Source

https://github.com/sqlmapproject/sqlmap ↗

More Web Application tools

CommixAutomated command-injection exploitation.ffufFast web fuzzer for content and parameter discovery.FuzzDBAttack-payload and discovery wordlist library.BeEFBrowser exploitation framework.

Need hosted scanning instead of local tooling?

Run a scan in the browser →