SQL Invader is a GUI-based free tool that allows testers to easily and quickly exploit a SQL Injection vulnerability, get a proof of concept with database visibility and export results into a csv file. With just a few clicks, this SQL injection tool will enable you to view the list of records, tables and user accounts on the back-end database.
SQL Invader works as a standalone solution or in conjunction with AppSpider and enables you to:
SQLInvader is:
Easy To Use - The tool’s GUI interface enables you to simply paste the injectable request found by a Dynamic Application Security Testing (DAST) tool or feed a detailed request straight from an application scan report. You can then control how much information is harvested.
Clearly Presents Evidence - Unlike other SQL injection tools that provide all data via command line, SQL Invader provides the data in a organized manner that is useful for both executive meetings as well as technical analysis and remediation.
Enables Easy Transport of Logging Data - All of the data harvested from SQL Invader can be saved into a CSV file so the reports can be included as penetration evidence as part of a presentation or POC.