1.Gason:Burpsuite-sqlmap插件,该插件可以让burp与sqlmap轻松对接,深度发掘SQL注入漏洞.
2.fuzzdb:fuzzing测试数据库,开源,深度测试SQL注入,xss,文件上传/解析等漏洞(结合intruder使用).
3.bypasswaf:让你轻松绕过waf防御(不要迷信waf).
Reference:
A.gason
http://www.myhack58.com/Article/html/3/7/2014/45418.htm
https://code.google.com/archive/p/gason/downloads
B.fuzzdb
http://www.freebuf.com/sectool/6181.html
https://github.com/rustyrobot/fuzzdb
C.waf baypass
http://www.wooyun.org/whitehats/MayIKissYou
https://github.com/codewatchorg/bypasswaf