W3AF is great Open Source tool for detecting not only SQL Injection vulnerabilities but also things like cross side scripting , PHP misconfiguration and more. In our lab we will be running w3af on KALI Linux. We will look into basic install and usage.
Prior to attacking database with SQL injection database must be located. Number of tools available to help us locate rogue or unknown databases on the network or on the internet. For the network we will look at two of them called SQLPing 3.0 and SQLRecon they both work in Windows environment. For internet we can use Google hacking to discover targets.