jSQL – Automatic SQL Injection Tool In Java

Keep on Guard!


jSQL is an automatic SQL Injection tool written in Java, it’s lightweight and supports 23 kinds of database.

jSQL - Automatic SQL Injection Tool In Java


It is free, open source and cross-platform (Windows, Linux, Mac OS X) and is easily available in Kali, Pentest Box, Parrot Security OS, ArchStrike or BlackArch Linux.

Features of jSQL Java SQL Injection Tool

  • Automatic injection of 23 kinds of databases:
    • Access
    • CockroachDB
    • CUBRID
    • DB2
    • Derby
    • Firebird
    • H2
    • Hana
    • HSQLDB
    • Informix
    • Ingres
    • MaxDB
    • Mckoi
    • MySQL{MariaDb}
    • Neo4j
    • NuoDB
    • Oracle
    • PostgreSQL
    • SQLite
    • MS SQL Server
    • Sybase
    • Teradata
    • Vertica
  • Multiple injection strategies: Normal, Error, Blind and Time
  • SQL Engine to study and optimize SQL expressions
  • Injection of multiple targets
  • Search for administration pages
  • Creation and visualisation of Web shell and SQL shell
  • Read and write files on host using injection
  • Bruteforce of password’s hash
  • Code and decode a string

Installation of jSQL Java SQL Injection Tool

Install Java 8, then download the latest release of jSQL Injection and double-click on the file jsql-injection-v0.79.jar to launch the software. You can also type java -jar jsql-injection-v0.79.jar in your terminal to start the program. If you are using Kali Linux then get the latest release using commands apt update then apt full-upgrade.


Future Roadmap for jSQL SQL Injection Java

  • Netezza Support
  • Test coverage with Jacoco
  • Integration test with Docker and JPA Hibernate Jooq
  • Maven
  • Core swing CLI
  • Full Path Disclosure
  • DIOS RoutedQuery OOB UpdateInsertDelete
  • Bruteforce HTTP Auth using NTLM
  • Arabic translation
  • Command-line interface
  • Dictionary attack
  • WAF Detection
  • Program self-updater

You can download jSQL Java SQL Injection Tool here:

jsql-injection-v0.81.jar

Or read more here.

Posted in: Database Hacking

, , , , ,


Latest Posts:


BootStomp - Find Bootloader Vulnerabilities BootStomp – Find Android Bootloader Vulnerabilities
BootStomp is a Python-based tool, with Docker support that helps you find two different classes of bootloader vulnerabilities and bugs.
Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018 Google Chrome Marking ALL Non-HTTPS Sites Insecure July 2018
Google is ramping up its campaign against HTTP only sites and is going to mark ALL Non-HTTPS sites insecure in July 2018 with the release of Chrome 68.
altdns - Subdomain Recon Tool With Permutation Generation altdns – Subdomain Recon Tool With Permutation Generation
Altdns is a subdomain recon tool in Python that allows for the discovery of subdomains that conform to patterns. The tool takes in words that could be present in subdomains under a domain (such as test, dev, staging) as well as takes in a list of subdomains that you know of.
0-Day Flash Vulnerability Exploited In The Wild 0-Day Flash Vulnerability Exploited In The Wild
So another 0-Day Flash Vulnerability is being exploited in the Wild, a previously unknown flaw which has been labelled CVE-2018-4878 and it affects 28.0.0.137 and earlier versions
dorkbot - Command-Line Tool For Google Dorking dorkbot – Command-Line Tool For Google Dorking
dorkbot is a modular command-line tool for Google dorking, which is performing vulnerability scans against a set of web pages returned by Google search queries in a given Google Custom Search Engine.
USBPcap - USB Packet Capture For Windows USBPcap – USB Packet Capture For Windows
USBPcap is an open-source USB Packet Capture tool for Windows that can be used together with Wireshark in order to analyse USB traffic without using a Virtual Machine.


Comments are closed.