NTO SQL Invader gives the ability to quickly and easily exploit or demonstrate SQL Injection vulnerabilities in web applications. With a few simple clicks, you will be able to exploit a vulnerability to view the list of records, tables and user accounts of the back-end database.
The tool’s GUI interface enables you to simply paste the injectable request found by a DAST tool or feed a detailed request straight from an application scan report. You can then control how much information is harvested.
Unlike tools that provide all data via command line, NTO SQL Invader provides the data in a organized manner that is useful for both executive meetings as well as technical analysis and remediation.
All of the data harvested from NTO SQL Invader can be saved into a CSV file so the reports can be included as penetration evidence as part of a presentation or POC.