sqlifuzzer is a command line scanner that seeks to identify SQL injection vulnerabilities. It parses Burp logs to create a list of fuzzable requests… then fuzzes them.What is sqlifuzzer?
It’s a wrapper for curl written in bash. It’s also a tool that can be used to remotely identify SQL (and XPath) injection vulnerabilities. It does this by sending a range of injection payloads and examining the responses for signs of ‘injectability’. If a parameter appears to be vulnerable, sqlifuzzer sends exploit payloads to extract data.

Like almost all web app scanners, sqlifuzzer includes OR 1=1 payloads; this means that there is a significant risk of data destruction, Denial of Service, and/or other undesirable implications for any host (or intermediary device) scanned using sqlifuzzer. sqlifuzzer is beta; don’t use it in an environment that matters to you or anyone else. Do not use sqlifuzzer to scan hosts without the owner’s permission.

Features : 

• Payloads/tests for numeric, string, error and time-based SQL injection
• Support for MSSQL, MYSQL and Oracle DBMS’s
• Automated testing of ‘tricky’ parameters like POST URL query and mulipart form parameters
• A range of filter evasion options:
• case variation, nesting, double URL encoding, comments for spaces, ‘like’ for ‘equals’ operator, intermediary characters, null and CRLF prefixes, HTTP method swapping (GETs become POSTs / POSTs become GETs)
• ORDER BY and UNION SELECT tests on vulnerable parameters to:
• enumerate select query column numbers
• identify data-type string columns in select queries
• extract database schema and configuration information
• Conditional tests to extract DBMS info when data extraction via UNION SELECT fails (i.e. no string type columns)
• Time delay based tests to extract DBMS info when data extraction via conditional methods fails (i.e. fully blind scenarios)
• Boolean response-based XPath injection testing and data extraction
• Support for automated detection and testing of parameters in POST URIs and multipart forms
• Scan ‘state’ maintenance:
• Halt a scan at any time – scan progress is saved and you can easily resume a scan from the URL where you stopped
• Specify a specific request number to resume a scan from
• Optional exclusion of a customizable list of parameters from scanning scope
• Tracking of parameters scanned and avoidance of re-scanning scanned parameters
• HTML format output with:
• links/buttons to send Proof of Concept SQL injection requests
• links to response difference files and to extracted data

Changelog V0.5K : Fixed bugs in ‘order by x’ testing and improved data extraction logic

Download : sqlifuzzer-0.5k.tgz (58.9 KB) http://sqlifuzzer.googlecode.com/files/sqlifuzzer-0.5k.tgz
Find Other Version | http://code.google.com/p/sqlifuzzer/downloads/list
Read more in here : http://code.google.com/p/sqlifuzzer/