Archive | Database Hacking


05 November 2008 | 11,754 views

MultiInjector – Automated Stealth SQL Injection Tool

MultiInjector claims to the first configurable automatic website defacement software, I’m not sure if that’s a good thing – or a bad thing. But well here it is anyway. Features Receives a list of URLs as input Recognizes the parameterized URLs from the list Fuzzes all URL parameters to concatenate the desired payload once an [...]

Continue Reading


29 October 2008 | 7,927 views

Google Hacking Back in The News – Google Takes Action

Google hacking was the big thing back in 2004, I actually did a talk on it in Hack in the Box 2004, it’s resurfaced again as a serious threat with Google noticing more queries relating to things like social security numbers. The Google Hacking Database has been active for years now and there are hundreds [...]

Continue Reading


28 October 2008 | 10,956 views

sqlmap 0.6.1 released – Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, [...]

Continue Reading


25 September 2008 | 34,875 views

BSQL Hacker – Automated SQL Injection Framework

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database. It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS: MS-SQL Server ORACLE MySQL (experimental) Attack Templates for: MS Access MySQL ORACLE PostgreSQL MS-SQL Server Also you can [...]

Continue Reading


27 June 2008 | 24,854 views

Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing – Bsqlbf V2, which is a Blind SQL Injection Brute Forcer. The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind [...]

Continue Reading


30 May 2008 | 19,273 views

sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features. Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a [...]

Continue Reading


15 April 2008 | 19,741 views

sqlninja 0.2.2 Released for Download – SQL Injection Tool

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]

Continue Reading


17 March 2008 | 10,550 views

Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems. It’s becoming a mature and useful package! I’m glad to see continued developing [...]

Continue Reading


18 January 2008 | 13,190 views

sqlmap 0.5 – Automated SQL Injection Tool

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities. Features Full [...]

Continue Reading


16 January 2008 | 9,451 views

w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth. w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web [...]

Continue Reading