WITOOL is an graphical based SQL Injection Tool written in dotNET.
- For SQL Server, Oracle
- Error Base and Union Base

Interface

Features

Retrieve schema : DB/TableSpace, Table, Column, other object
Retrieve data : retrive paging, dump xml file
Log : View the raw data HTTP log

Environment
OS: Windows 2000/XP/VISTA
Requirement: Microsoft .NET(2.0) Library (Download Here).

You can download WITOOL v0.1 here:
WITOOL_V0.1_081231.zip
Or read more [...]

For those that don’t know, Inguma is an open source penetration testing and vulnerability research toolkit written completely in Python. The environment is mainly oriented to attack Oracle related systems but, anyway, it can be used against any other kind of systems.
It’s becoming a mature and useful package! I’m glad to see continued developing and [...]

We got an e-mail a while back about this new and apparently simple Oracle Application Server scanner.
It detects web pages, DADs (Database Access Descriptors) and test applications installed by default.

It may be useful for system hardening and pen-test.
You can download OAPScan here:
OAPScan.tar.gz

Oracle in its very own style recently published a mega patch, it could be called the mother of all patches.
Actually 101 bugs…the scary part is 45 can be exploited remotely.

Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD Edwards applications.
Almost [...]