Archive | Database Hacking


14 July 2010 | 9,132 views

Andiparos – Open Source Web Application Security Assessment Tool

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The author did ask for the original authors of Paros Proxy to integrate his changes but was rejected, hence the […]

Continue Reading


07 July 2010 | 17,207 views

Safe3 SQL Injector – Automatic Detection & Exploitation Of SQL Injection Flaws

Safe3 SQL Injector is one of the most powerful penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of back-end database servers. Features Full support for GET/Post/Cookie Injection Full support for HTTP Basic, Digest, NTLM and Certificate authentications Full support for MySQL, Oracle, PostgreSQL, MSSQL, ACESS, DB2, […]

Continue Reading


15 June 2010 | 10,571 views

Onapsis Bizploit – ERP Penetration Testing Framework

Bizploit is the first Opensource ERP Penetration Testing framework. Developed by the Onapsis Research Labs, Bizploit assists security professionals in the discovery, exploration, vulnerability assessment and exploitation phases of specialized ERP Penetration Tests. Bizploit is expected to provide the security community with a basic framework to support the discovery, exploration, vulnerability assessment and exploitation of […]

Continue Reading


18 May 2010 | 11,773 views

sqlninja v0.2.5 Released – Microsoft SQL Server (MS-SQL) SQL Injection Vulnerability Tool

It’s been 2 years, but a new version of sqlninja is out at Sourceforge, we wrote about the previous release back in 2008 and we’ve actually been following this tool since 2006! Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main […]

Continue Reading


19 April 2010 | 8,929 views

Netsparker Community Edition – Web Application Security Scanner

Netsparker is a Web Application Security Scanner that claims to be False-Positive Free. The developers thought that if you need to investigate every single identified issue manually what’s the point of having an automated scanner? So they developed a new technology which can confirm vulnerabilities on demand which allowed us to develop the first false […]

Continue Reading


10 March 2010 | 11,123 views

WebRaider – Automated Web Application Exploitation Tool

WebRaider is a plugin based automated web application exploitation tool which focuses to get a shell from multiple targets or injection point Idea of this attack is very simple. Getting a reverse shell from an SQL Injection with one request without using an extra channel such as TFTP, FTP to upload the initial payload. It’s […]

Continue Reading


10 February 2010 | 8,354 views

GreenSQL – Open Source Database Firewall Software

GreenSQL is an Open Source database firewall used to protect databases from SQL injection attacks. GreenSQL works as a proxy for SQL commands and has built in support for MySQL & PostgreSQL . The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands […]

Continue Reading


18 January 2010 | 8,749 views

Microsoft SQL Server Fingerprint Tool – BETA4

This is a tool that performs version fingerprinting on Microsoft SQL Server 2000, 2005 and 2008, using well known techniques based on several public tools that identifies the SQL Version. The strength of this tool is that it uses probabilistic algorithm to identify the version of the Microsoft SQL Server. The “Microsoft SQL Server Fingerprint […]

Continue Reading


03 September 2009 | 18,195 views

MySqloit – SQL Injection Takeover Tool For LAMP

MySqloit is a SQL Injection takeover tool focused on LAMP (Linux, Apache, MySQL, PHP) and WAMP (Windows, Apache, MySQL, PHP) platforms. It has the ability to upload and execute metasploit shellcodes through the MySql SQL Injection vulnerabilities. Attackers performing SQL injection on a MySQL-PHP platform must deal with several limitations and constraints. For example, the […]

Continue Reading


31 July 2009 | 15,022 views

sqlmap 0.7 Released – Automatic SQL Injection Tool

We’ve been following sqlmap since it first came out in Feburary 2007 and it’s been quite some time since the last update sqlmap 0.6.3 in December 2008. For those not familiar with the tool, sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection […]

Continue Reading