SQLMap v0.8 released

In: Configurations checks , Database , Penetration testing & Ethical Hacking , SQLmap , Vulnerability Scanner

15 March 2010

SQLmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities.

New features :

Support to enumerate and dump all databases’ tables containing user
provided column(s) by specifying for instance ’—dump -C user,pass’.
Useful to identify for instance tables containing custom application
credentials (Bernardo).
Support to parse -C (column name(s)) when fetching columns of a
table with —columns: it will enumerate only columns like the provided
one(s) within the specified table (Bernardo).

Support for takeover features on PostgreSQL 8.4 (Bernardo).
Enhanced —priv-esc to rely on new Metasploit Meterpreter’s
’getsystem’ command to elevate privileges of the user running the
back-end DBMS instance to SYSTEM on Windows (Bernardo).
Automatic support in —os-pwn to use the web uploader/backdoor to
upload and execute the Metasploit payload stager when stacked queries
SQL injection is not supported, for instance on MySQL/PHP and
MySQL/ASP, but there is a writable folder within the web server
document root (Bernardo and Miroslav).
Added support for regular expression based scope when parsing Burp
or Web Scarab proxy log file (-l), —scope (Miroslav).
Major bug fix and enhancements to the multi-threading (—threads)
functionality (Miroslav).

Complete list of changes at
https://svn.sqlmap.org/sqlmap/trunk/sqlmap/doc/ChangeLog.

Post scriptum

Download

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Configurations checks	10 May 2010 : WebTest 1.2.1 - Testing Web Application with Python 1 May 2010 : Lansweeper v4.0 released 1 May 2010 : Sysinternal AccessChk v5.0 released 1 May 2010 : Spiceworks v4.7 build 50667 released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released
Database	10 May 2010 : SQLNinja v0.2.5 released! 7 April 2010 : SFX-SQLi v1.1.3.2 available 23 March 2010 : SQLFury SQL Injection for Adobe Air runtime v1.1.6 availabe 15 March 2010 : SQLMap v0.8 released 7 March 2010 : DB Audit v4.2.25 released
Penetration testing & Ethical Hacking	1 May 2010 : DAVTest v1.0 - WebDAV Application 25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released 3 April 2010 : CUPP Common User Passwords Profiler v3 released
SQLmap	19 January 2010 : (Info) SQLmap v0.8 stable soon to be released 10 October 2009 : SQLMap v0.8 release candidate 1 is out 28 July 2009 : SQLmap version 0.7 in the wild 24 April 2009 : SQLMap 0.7rc1 available 6 February 2009 : SQLMap 0.6.4 released
Vulnerability Scanner	12 May 2010 : Complemento v0.7.6 - Collection of Tools 26 April 2010 : Acunetix WVS v6.5 build 20100419 released 22 April 2010 : OpenSCAP v0.5.9 released 20 April 2010 : Sandcat v4.0 released 15 April 2010 : Nessus v4.2.2 released

SQLMap v0.8 released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU