Category Database

SQLNinja v0.2.5 released!

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of taking over a DB Server when a SQL Injection vulnerability has been discovered.

Read More

SFX-SQLi v1.1.3.2 available

SFX-SQLi (Select For XML SQL injection) is a new SQL injection technique which allows to extract the whole information of a Microsoft SQL Server 2005/2008 database in an extremely fast and efficient way.

Read More

SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe

SQLFury is an injection scanner that uses blind SQL injection techniques to extract information from a target database. It targets Air Abobe AIR Runtime

Read More

SQLMap v0.8 released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Read More

DB Audit v4.2.25 released

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Read More

Pangolin SQL injection tool build 3.2.1.1020 released

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Read More

(Info) SQLmap v0.8 stable soon to be released

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Read More

cudadbcracker - cracking using CUDA

cudadbcracker is a salted SHA-1 cracker for cracking database password hashes using CUDA enabled videocards. It was developed using NVIDIA CUDA Software Development Kit (CUDA SDK) Version 2.1.

Read More

GreenSQL-FW v1.2.0 released

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL.

Read More

Focus on Pangolin SQL Injection Tool

Pangolin is an automatic SQL injection penetration testing tool developed by NOSEC. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications.

Read More

Focus on HP’s Scrawlr SQL injection tool

Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

Read More

GreenSQL-FW v1.1.0 - released

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL.

Read More

DB Audit updated to v4.2.24.8

DB Audit Expert is a professional database auditing solution for Oracle, Sybase, DB2, MySQL and Microsoft SQL Server. DB Audit Expert enables database and system administrators, security administrators, auditors and operators to track and analyze any database activity including database security, access and usage, data creation, change or deletion. What makes DB Audit really unique is its built-in support for multiple auditing methods giving you the flexibility to choose the best fit for your database security requirements.

Read More

SQLMap v0.8 release candidate 1 is out

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Read More

MSSQLScan 0.8.4 released

A small multi-threaded tool that scans for Microsoft SQL Servers. The tool does it’s discovery by using UDP and returns a list of all detected instances with there respective protocols and ports

Read More

mysqloit v0.1 - SQL Injection Takeover Tool

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySql, PHP) and WAMP (Linux, Apache, MySql, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities.

Read More

SQLmap version 0.7 in the wild

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

Read More

QueryParam Scanner v0.71

qpScanner is a simple tool that scans your codebase looking for queries. For every query it finds, it will check if there are any CFML variables in that query that are not contained within a cfqueryparam tag.

Once complete, it will display a list of files with queries to be checked, listing the line numbers and showing the contents of the query

Read More

SQLMap 0.7rc1 available

sqlmap is an open source command-line automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user’s specific DBMS tables/columns, run his own SQL statement, read specific files on the file system and more.

Read More

SQLPlus v0.3 available

sqlsus is an open source MySQL injection and takeover tool,
written in perl.
Using a command line interface that mimics a mysql console, you can retrieve the databases structure, inject SQL queries, download files from the web server, upload and control a backdoor, clone the databases, and much more...

Read More