jSQL Injection

jSQL Injection is a free, open-source, cross-platform tool designed for detecting and exploiting SQL injection vulnerabilities to retrieve database information from remote servers. It works with Java versions 11 to 20 and is particularly useful for penetration testers assessing web application security against SQL injection attacks.

The tool supports comprehensive database fingerprinting and injection across 33 different database engines including MySQL, PostgreSQL, Oracle, SQL Server, SQLite, and many others. It offers multiple injection strategies such as Normal, Stacked, Error, Blind, and Time-based approaches, along with parallel bitwise Boolean Blind and Time strategies for efficient testing.

Additional capabilities include reading/writing files through injection, creating web shells and SQL shells, password hash bruteforcing, admin page discovery, and text encoding/decoding. Authentication support covers Basic, Digest, NTLM, and Kerberos protocols with proxy compatibility for HTTP, SOCKS4, and SOCKS5.

jSQL Injection automates SQL injection attacks using various techniques including error-based, boolean blind, time-based, and stacked queries across 33 database engines. It employs database fingerprinting through basic error analysis, order by error detection, and boolean single query methods. The tool supports parallel bitwise boolean blind and time strategies, multiple injection processes (Default, Zip, Dios), script sandboxes for SQL and tampering, and file read/write operations. It integrates open source libraries like Spring, Spock, and Hibernate with continuous integration testing against dockerized databases.