Pangolin SQL injection tool build 3.2.1.1020 released

In: Configurations checks , Database , Exploitation , Pangolin , Penetration testing & Ethical Hacking

27 February 2010

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or userâ€™s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Version 3.2.1.1020

Support Microsoft SQL Server 2008;
Improved SQL Injection for MySQL. Support detecting function Unhex().
New option added Scan->Extend scan mode. Optimize ability to Inject.
Improved Cookie detection. Multiple URL redirection will be Inject correctly.

Databases Supported

Access: Informations (Database Path; Root Path; Drivers); Data
MSSql: Informations; Data; FileReader; RegReader; FileWriter; Cmd; DirTree
MySql: Informations; Data; FileReader; FileWriter;
Oracle: Informations (Version; IP; Database; Accounts); Data; and any others;
Informix: Informatons; Data
DB2: Informatons; Data; and more;
Sybase: Informatons; Data; and more;
PostgreSQL: Informatons; Data; FileReader;
Sqlite: Informatons; Data

Post scriptum

More information

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

Configurations checks	10 May 2010 : WebTest 1.2.1 - Testing Web Application with Python 1 May 2010 : Lansweeper v4.0 released 1 May 2010 : Sysinternal AccessChk v5.0 released 1 May 2010 : Spiceworks v4.7 build 50667 released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released
Database	10 May 2010 : SQLNinja v0.2.5 released! 7 April 2010 : SFX-SQLi v1.1.3.2 available 23 March 2010 : SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe 15 March 2010 : SQLMap v0.8 released 7 March 2010 : DB Audit v4.2.25 released
Exploitation	1 May 2010 : DAVTest v1.0 - WebDAV Application 13 April 2010 : x5s Beta released - Automated XSS security testing assistant 12 April 2010 : Windows Autopwn (winAUTOPWN) v2.2 released 10 April 2010 : pvefindaddr v1.30 released 30 March 2010 : pvefindaddr updated to v1.27
Pangolin	27 February 2010 : Pangolin SQL injection tool build 3.2.1.1020 released 24 November 2009 : Focus on Pangolin SQL Injection Tool
Penetration testing & Ethical Hacking	25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released 3 April 2010 : CUPP Common User Passwords Profiler v3 released 2 April 2010 : Kon-Boot "root a box" on the fly v1.1 in the wild

Pangolin SQL injection tool build 3.2.1.1020 released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU