Archive | Database Hacking


28 October 2008 | 10,951 views

sqlmap 0.6.1 released – Automatic SQL Injection Tool

sqlmap is an automatic SQL injection tool developed in Python. Its goal is to detect and take advantage of SQL injection vulnerabilities on web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, [...]

Continue Reading


25 September 2008 | 33,210 views

BSQL Hacker – Automated SQL Injection Framework

BSQL Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities in virtually any database. It ships with Automated Attack modules which allows the dumping of whole databases for the following DBMS: MS-SQL Server ORACLE MySQL (experimental) Attack Templates for: MS Access MySQL ORACLE PostgreSQL MS-SQL Server Also you can [...]

Continue Reading


27 June 2008 | 24,753 views

Bsqlbf V2 – Blind SQL Injection Brute Forcer Tool

There are quite a lot of SQL Injection Tools available and now there is one more to add to the stable for testing – Bsqlbf V2, which is a Blind SQL Injection Brute Forcer. The original tool (bsqlbfv1.2-th.pl) was intended to exploit blind sql injection against a mysql backend database, this new version supports blind [...]

Continue Reading


30 May 2008 | 19,250 views

sqlninja 0.2.3 released – Advanced Automated SQL Injection Tool for MS-SQL

We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features. Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a [...]

Continue Reading


15 April 2008 | 19,718 views

sqlninja 0.2.2 Released for Download – SQL Injection Tool

Sqlninja is a tool to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process of [...]

Continue Reading


17 March 2008 | 10,542 views

Inguma 0.0.7.2 Released for Download – Penetration Testing Toolkit

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems. It’s becoming a mature and useful package! I’m glad to see continued developing [...]

Continue Reading


18 January 2008 | 13,185 views

sqlmap 0.5 – Automated SQL Injection Tool

sqlmap is an automatic SQL injection tool entirely developed in Python. It is capable to perform an extensive database management system back-end fingerprint, retrieve remote DBMS databases, usernames, tables, columns, enumerate entire DBMS, read system files and much more taking advantage of web application programming security flaws that lead to SQL injection vulnerabilities. Features Full [...]

Continue Reading


16 January 2008 | 9,440 views

w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth. w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web [...]

Continue Reading


20 November 2007 | 6,290 views

sqlninja 0.2.1-r1 – SQL Injection Tool for MS-SQL Released for Download

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to help and automate the process [...]

Continue Reading


05 October 2007 | 22,225 views

Official release of SQL Power Injector 1.2 – Download Now!

SQL Power Injector is a graphical application created in .NET 1.1 that helps the penetrating tester to inject SQL commands on a web page. For now it is SQL Server, Oracle and MySQL compliant, but it is possible to use it with any existing DBMS when using the inline injection (Normal mode). Moreover this application [...]

Continue Reading