Marathon Tool is a POC for using heavy queries to perform a Time-Based Blind SQL Injection attack. This tool is still work in progress but is right now in a very good alpha version to extract information from web applications using Microsoft SQL Server, Microsoft Access, MySQL or Oracle Databases. Perform a Time-Based Blind SQL Injection attack.

Marathon Tool Features:
1. Database Schema extraction from SQL Server, Oracle and MySQL
2. Data extraction from Microsoft Access 97/2000/2003/2007 databases
3. Parameter Injection using HTTP GET or POST
4. SSL support
5. HTTP proxy connection available
6. Authentication methods: Anonymous, Basic, Digest and NTLM
7. Variable and value insertion in cookies (Does not support dynamic values)
8. Configuration available an flexible for injections
9. Configurable Log

Requirements:
* SQL Server

The license of this software is Free, you can free download and free use this server utility software.