28 October 2006 | 16,422 views

BobCat SQL Injection Tool based on Data Thief

Want to Learn Penetration Testing

BobCat is a tool to aid a security consultant in taking full advantage of SQL injection vulnerabilities. It is based on a tool named “Data Thief” that was published as PoC by appsecinc. BobCat can list the linked severs, database schema, and allow the retrieval of data from any table that the current application user has access to.

The methods that BobCat incorprates are based on those discussed in the following papers:

advanced sql injection
more advanced sql injection
advanced sql injection
manipulating sql server usig sql injection

I suggest if you are interested in SQL injection at all, you read all of the above papers.

BobCat Requirements

  1. Windows OS (Tested on XP SP2)
  2. Access to MS SQL server/MSDE2000 (Tested on MSDE2000)
  3. .Net Framework 2.0

Read more about BobCat here:

Northern Monkee – BobCat

Download BobCat here:

BobCat Alpha 0.3

Some tools to use with BobCat can be found here:

BobCat Tools

Post to Twitter Post to Facebook Post to Google Buzz Post to Delicious Post to Digg Post to Reddit Post to StumbleUpon


Tags: , , , , , , ,


# Posted in: Database Hacking, Hacking Tools, Web Hacking | * Comments Off


Recent in Database Hacking:
- The Mole – Automatic SQL Injection SQLi Exploitation Tool
- sqlsus 0.7.1 Released – MySQL Injection & Takeover Tool
- w3af v1.1 Released For Download – Web Application Attack & Audit Framework

Related Posts:
- sqlninja 0.1.0alpha – MS-SQL Injection Tool
- Social Engineering Gets a Big Jewel Heist
- Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool

Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 54,574 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 51,221 views
- Absinthe Blind SQL Injection Tool/Software - 35,473 views

Advertise on Darknet


Comments are closed.