FG-Injector – SQL Injection & Proxy Tool


FG-Injector Framework is a set of tools designed to help find SQL injection vulnerabilities in web applications, and help the analyst assess their severity. It includes a powerful proxy feature for intercepting and modifying HTTP requests, and an inference engine for automating SQL injection exploitation.

Often web developers think that by disabling error messages in their code, SQL injection vulnerabilities stop being dangerous. When a SQL injection vulnerability doesn’t return errors messages it is known as a Blind Injection. The truth is that Blind Injections are just as dangerous as regular SQL Injections. By carefully selecting SQL sentences to inject, an attacker can retrieve information from the database of the vulnerable web application, one bit at a time. The end result is that the attacker can obtain the same data through the Blind SQL Injection that he/she would obtain from a regular -non-blind- SQL Injection.


The Inference Engine Module of the FG-Injector Framework automates the generation and injection of SQL statements needed for exploitation of a Blind SQL Injection. This module will work also for regular injections using the same method. It can produce blind injections on web/app servers using MS SQL Server, MySQL, and PostgresSql DBMSs.

You can find the downloads here including 0.9 version Windows binary and 0.9a source code:


FG-Injector Framework Downloads

You can find full documentation here or just read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , ,


Latest Posts:


Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc


6 Responses to FG-Injector – SQL Injection & Proxy Tool

  1. Sandeep Nain July 16, 2007 at 12:13 am #

    Seems like another sharp tool to play with…
    well in the past few weeks I have come across so many different sql injection tools that now we need to find the best of all.
    I’m thinking of writing a docu to list +ves and -ves for these tools.

  2. Darknet July 16, 2007 at 12:30 pm #

    Sandeep if you’re interesting in writing it, we are interested in publishing it :) There are a few more similar tools to be published soon so keep an eye out.

  3. SN July 16, 2007 at 7:35 pm #

    Interesting tool to play with.

  4. Sandeep Nain July 17, 2007 at 12:56 am #

    Thanks Darknet, I will be sending you this document very soon. :)
    and yes I appreciate the work you guys are doing. Good Job!!!

  5. Swetha November 20, 2007 at 8:10 pm #

    Can someone please tell me how to use this tool? I have downloaded the tool but am not sure how to use it!!!!

    It will be great if Darknet :) or anyone can tell me.

    Thank you!!!
    Swetha.

  6. snn February 2, 2008 at 4:11 pm #

    how can i use this program ? is there any tutorial ? given documentation is not enough for me :(