Safe3SI is a powerful and easy-to-use penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. It comes with a kick-ass detection engine, many niche features for the ultimate penetration tester, and a broad range of switches lasting from database fingerprinting, over data fetching from the database, to accessing the underlying file system and executing commands on the operating system via out-of-band connections.
- Full support for HTTP and HTTPS websites.
- Full support for Basic, Digest, and NTLM HTTP authentications.
- Full support for GET, Post, and Cookie SQL injection.
- Full support for MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, SQLite, Firebird, Sybase and SAP MaxDB database management systems.
- Full support for four SQL injection techniques: blind, error-based, UNION query, and force guess.
- Powerful AI engine to automatically recognize injection type, database type, and the best SQL injection.
- Support to enumerate databases, tables, columns, and data.
- Support to read, list, and write any file from the database server underlying file system when the database software is MySQL or Microsoft SQL Server.
- Support to execute arbitrary commands and retrieve their standard output on the database server underlying operating system when the database software is Oracle or Microsoft SQL Server.
- Support to IP domain query, web path guess, and md5 crack.
- Support for SQL injection scan.