1.GasonBurpsuite-sqlmap插件,该插件可以让burpsqlmap轻松对接,深度发掘SQL注入漏洞.

 

2.fuzzdbfuzzing测试数据库,开源,深度测试SQL注入,xss,文件上传/解析等漏洞(结合intruder使用).

 

3.bypasswaf:让你轻松绕过waf防御(不要迷信waf.

 

Reference:

A.gason

http://www.myhack58.com/Article/html/3/7/2014/45418.htm

https://code.google.com/archive/p/gason/downloads

B.fuzzdb

http://www.freebuf.com/sectool/6181.html

https://github.com/rustyrobot/fuzzdb

C.waf baypass

http://www.wooyun.org/whitehats/MayIKissYou

https://github.com/codewatchorg/bypasswaf

posted on 2016-05-13 10:29  milantgh  阅读(5042)  评论(0编辑  收藏  举报