Security Dashboard
Latest addition – Sunday 1 August 2010.
(9 %) : SQLNinja v0.2.5 released!
(5 %) : Focus on Pangolin SQL Injection Tool
(4 %) : Pangolin SQL injection tool build 3.2.1.1020 released
(4 %) : SQuirreL SQL Client Version 2.6.5 released
(3 %) : SQLMap v0.8 released
SQLNinja v0.2.5 released!
Monday 10 May 2010 - 910 read - ( Keywords : Application Scanner
,
Database
,
Penetration testing & Ethical Hacking
,
SqlNinja
,
Vulnerability Scanner )
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.
SFX-SQLi v1.1.3.2 available
Wednesday 7 April 2010 - 347 read - ( Keywords : Database
,
Penetration testing & Ethical Hacking
,
SFX-SQLi )
SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.
SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe
Tuesday 23 March 2010 - 633 read - ( Keywords : Application Scanner
,
Configurations checks
,
Database
,
SQLFury )
SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime
SQLMap v0.8 released
Monday 15 March 2010 - 530 read - ( Keywords : Configurations checks
,
Database
,
Penetration testing & Ethical Hacking
,
SQLmap
,
Vulnerability Scanner )
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
DB Audit v4.2.25 released
Sunday 7 March 2010 - 646 read - ( Keywords : Configurations checks
,
Database
,
DB Audit
,
Local auditing )
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
Pangolin SQL injection tool build 3.2.1.1020 released
Saturday 27 February 2010 - 2007 read - ( Keywords : Configurations checks
,
Database
,
Exploitation
,
Pangolin
,
Penetration testing & Ethical Hacking )
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.
(Info) SQLmap v0.8 stable soon to be released
Tuesday 19 January 2010 - 331 read - ( Keywords : Application Scanner
,
Configurations checks
,
Database
,
Penetration testing & Ethical Hacking
,
SQLmap )
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
cudadbcracker - cracking using CUDA
Monday 4 January 2010 - 1006 read - ( Keywords : Bruteforcers
,
cudadbcracker
,
Database
,
Password Cracking )
cudadbcracker is a salted SHA-1 cracker for cracking database password hashes using CUDA enabled videocards. It was developed using NVIDIA CUDA Software Development Kit (CUDA SDK) Version 2.1.
GreenSQL-FW v1.2.0 released
Thursday 3 December 2009 - 467 read - ( Keywords : Database
,
Defense
,
GreenSQL
,
Security Solutions )
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL.
Focus on Pangolin SQL Injection Tool
Tuesday 24 November 2009 - 2095 read - ( Keywords : Configurations checks
,
Database
,
Exploitation
,
Pangolin
,
Penetration testing & Ethical Hacking )
Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.
Focus on HP’s Scrawlr SQL injection tool
Friday 30 October 2009 - 924 read - ( Keywords : Application Scanner
,
Attack
,
Database
,
Scrawlr )
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
GreenSQL-FW v1.1.0 - released
Thursday 22 October 2009 - 274 read - ( Keywords : Database
,
Defense
,
GreenSQL
,
Security Solutions )
GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL.
DB Audit updated to v4.2.24.8
Friday 16 October 2009 - 755 read - ( Keywords : Configurations checks
,
Database
,
DB Audit
,
Local auditing )
DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.
SQLMap v0.8 release candidate 1 is out
Saturday 10 October 2009 - 820 read - ( Keywords : Application Scanner
,
Configurations checks
,
Database
,
Penetration testing & Ethical Hacking
,
SQLmap )
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
MSSQLScan 0.8.4 released
Monday 21 September 2009 - 603 read - ( Keywords : Database
,
Information Gathering
,
MSSQLScan
,
Network Discovery )
A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports
mysqloit v0.1 - SQL Injection Takeover Tool
Saturday 5 September 2009 - 1050 read - ( Keywords : Database
,
Exploitation
,
MySqloit
,
Penetration testing & Ethical Hacking
,
Vulnerability Scanner )
MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySql, PHP) and WAMP (Linux, Apache, MySql, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.
SQLmap version 0.7 in the wild
Tuesday 28 July 2009 - 424 read - ( Keywords : Configurations checks
,
Database
,
Penetration testing & Ethical Hacking
,
SQLmap
,
Vulnerability Scanner )
SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.
QueryParam Scanner v0.71
Wednesday 22 July 2009 - 337 read - ( Keywords : Application Scanner
,
Configurations checks
,
Database
,
qpScanner )
qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.
Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query
SQLMap 0.7rc1 available
Friday 24 April 2009 - 1007 read - ( Keywords : Application Scanner
,
Configurations checks
,
Database
,
SQLmap )
sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.
SQLPlus v0.3 available
Thursday 16 April 2009 - 462 read - ( Keywords : Database
,
Penetration testing & Ethical Hacking
,
SQLPlus )
sqlsus is an open source MySQL injection and takeover tool, written in perl. Using a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...
0 | 20
