jSQL – Automatic SQL Injection Tool In Java

Keep on Guard!


jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database.

jSQL - Automatic SQL Injection Tool In Java


It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.

Features of jSQL Java SQL Injection Tool

  • Automatic injection of 23 kinds of databases:
    • Access
    • CockroachDB
    • CUBRID
    • DB2
    • Derby
    • Firebird
    • H2
    • Hana
    • HSQLDB
    • Informix
    • Ingres
    • MaxDB
    • Mckoi
    • MySQL{MariaDb}
    • Neo4j
    • NuoDB
    • Oracle
    • PostgreSQL
    • SQLite
    • MS SQL Server
    • Sybase
    • Teradata
    • Vertica
  • Multiple injection strategies: Normal, Error, Blind and Time
  • SQL Engine to study and optimize SQL expressions
  • Injection of multiple targets
  • Search for administration pages
  • Creation and visualisation of Web shell and SQL shell
  • Read and write files on host using injection
  • Bruteforce of password’s hash
  • Code and decode a string

Installation of jSQL Java SQL Injection Tool

Install Java 8, then download the latest release of jSQL Injection and double-click on the file jsql-injection-v0.79.jar to launch the software. You can also type java -jar jsql-injection-v0.79.jar in your terminal to start the program. If you are using Kali Linux then get the latest release using commands apt update then apt full-upgrade.


Future Roadmap for jSQL SQL Injection Java

  • Netezza Support
  • Test coverage with Jacoco
  • Integration test with Docker and JPA Hibernate Jooq
  • Maven
  • Core swing CLI
  • Full Path Disclosure
  • DIOS RoutedQuery OOB UpdateInsertDelete
  • Bruteforce HTTP Auth using NTLM
  • Arabic translation
  • Command-line interface
  • Dictionary attack
  • WAF Detection
  • Program self-updater

You can download jSQL Java SQL Injection Tool here:

jsql-injection-v0.81.jar

Or read more here.

Posted in: Database Hacking

, , , , ,


Latest Posts:


DAST vs SAST - Dynamic Application Security Testing vs Static DAST vs SAST – Dynamic Application Security Testing vs Static
In security testing, much like most things technical there are two very contrary methods, Dynamic Application Security Testing or DAST and Static or SAST.
Cr3dOv3r - Credential Reuse Attack Tool Cr3dOv3r – Credential Reuse Attack Tool
Cr3dOv3r is a fairly simple Python-based set of functions that carry out the prelimary work as a credential reuse attack tool.
Mr.SIP - SIP Attack And Audit Tool Mr.SIP – SIP Attack And Audit Tool
Mr.SIP was developed in Python as a SIP Attack and audit tool which can emulate SIP-based attacks. Originally it was developed to be used in academic work.
Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.


Comments are closed.