SQLier
SQLIer takes an SQL Injection vulnerable URL and attempts to determine all the necessary information to build and exploit an SQL Injection hole by itself, requiring no user interaction at all (unless it can't guess the table/field names correctly). By doing so, SQLIer can build a UNION SELECT query designed to brute force passwords out of the database. This script also does not use quotes in the exploit to operate, meaning it will work for a wider range of sites.
An 8 character password (containing any character from decimal ASCII code 1-127) takes approximately 1 minute to crack.
Execution:
sqlier [OPTIONS] [url]
-c [host] Clear all exploit information stored for [host].
-o [file] Output cracked passwords to [file].
-s [seconds] Wait [seconds] between page requests.
-u [usernames] Usernames that will be brute forced from the database,
comma separated (Username1,Username2,Username3).
-w [options] Pass [options] to wget.
Passing Field Names:
--table-names [table_names] Comma separated list of table names to guess.
--user-fields [user_fields] Comma separated list of username fields to guess.
--pass-fields [pass_fields] Comma separated list of password fields to guess.