SQLViking is a sniff/log database traffic or actively execute arbitrary queries via TCP injection.

SQLViking is a sniff/log database traffic or actively execute arbitrary queries via TCP injection.
Tool is broken up into two pieces:
1. Scout: passively reads and logs SQL queries and their responses on the wire
2. Pillage: leverages TCP injection to execute arbitrary queries and parse responses without needing credentials

sqlviking

Latest change sqlviking.py: output formatting logic moved to main thread.

Usage:

git clone https://github.com/Atticuss/SQLViking && cd SQLViking
pip install python-tds
pip install PyMySQL
pip install scapy

python sqlviking.py -c sqlviking.conf

NOTE: We’re having some trouble getting the background process to function properly on the web app, so if you run it in the order above the weakapp will run last. The server will be running correctly upon deployment:
Once these three VMs are running, the weak application should be available for submitting requests. Check this in your browser by navigating to localhost:4567.

Source: https://github.com/Atticuss